ERA Privacy Policy
Introduction
The Educational Recording Agency Ltd respects your right to privacy. This Privacy Policy sets out details of the information we may collect from you, how we may use that information, how long we may hold it and how we keep your data secure. It also explains your rights and how to exercise them.
In this Privacy Policy, references to “we” or “us” are to The Educational Recording Agency Ltd (ERA), a company incorporated in England and Wales under company number 02423219, whose registered office is at Scott House, Suite 1, The Concourse, Waterloo Station, London SE1 7LY.
ERA is registered with the Information Commissioner’s Office and is the data controller of any personal data processed as described in this Privacy Policy.
Information We May Collect About You
Personal information provided by you
The information you give us may include personal information like your name, titles, address, email address, telephone number, date of birth and bank details. You may give us your personal information by filling in forms, including those on our website (https://era.org.uk) or by corresponding with us in writing, by telephone, email or otherwise. This includes information you provide when you correspond with us regarding the ERA Licence and when you report a problem with the website. Further information on the information we may collect and the purpose for its processing are below.
Information we collect through our website (use of cookies)
Our website uses cookies. Cookies are text files placed on your computer to collect Standard Internet Log information and visitor information. These cookies allow us to distinguish you from other users of the website and allow us to collect information about your visit to our website.
For more information on which cookies we use and how we use them see the ERA Cookies Policy.
Personal information provided by third parties
We may receive personal information about you from third parties, which may include parties who provide this information in fulfilment of a legal obligation or representatives you have authorised to act on your behalf. Any information we receive about you from these third parties will only be processed for the purposes described under “How will we use the information about you?” section below.
How we will use the information about you
We may process the information we collect about you:
- for the purposes of issuing, administering and recording ERA Licences; administering and recording declarations from educational establishments stating they do not require an ERA Licence; and generally for managing the ERA Licensing scheme (“Licence Data”). This includes contacting you to request information from you (such as pupil or student numbers), to provide you with information you have requested about ERA and the ERA Licence, to respond to your queries and to keep a record of communications with you. The information we may process for these purposes includes your name, title, employer, email address, office address and phone number. The Licence Data may be provided by you, your employer or, in rare cases, by third parties. The lawful basis for processing an ERA Licence is the performance of a contract between you or the organisation by whom you are employed and ERA and/or taking steps to enter into such a contract. The lawful basis for processing a declaration and/or taking steps to enter into such a declaration is the legitimate interests of our business;
- for the purposes of managing the provision of goods and services supplied to ERA and communicating with suppliers (“Supplier Data”). The Supplier Data may include your name, title, employer, email address, office address, phone number and bank details. The source of the Supplier Data is you or your employer. The lawful basis for this processing is the performance of a contract between you or the organisation by whom you are employed and ERA;
- for the purposes of recruiting, managing, remunerating and communicating with employees and potential employees (“Employee Data”). The Employee Data may include your name, title, email address, home address, phone number, qualifications, education and employment history, references, national insurance number, tax code, bank details and passport or visa details. The source of the Employee Data is you or a third party such as recruitment agencies, former employers and establishments from which you have received your qualifications. The lawful basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract;
- for the purposes of meeting our statutory obligations and governance obligations, specifically relating to our Members and Directors (“Member Data”). The Member Data may include your name, title, employer, email address, office address, phone number, data of birth, home address and other interests for purposes of recording any conflicts of interest. The source of the Member Data is you or your employer. The lawful basis for this processing is compliance with the law;
- for the purposes of verifying that those individuals granted access to streamed content on ERA’s Video Streaming Platform are students studying at or employees of educational institutions that hold a current ERA Licence, managing our relationship with the user, fulfilling requests, notifying the user of any changes to our services and updating the user of any changes to our terms or privacy policy (“Registered User Data”). The Registered User Data may include your name, email address, role, teaching level, subject or specialisation, key stage taught and name and post code of your institution. The source of the Registered User Data is provided by you. The lawful basis for this processing is the legitimate interest of our business and the right holders we represent, addressing user needs and ensuring a seamless user experience on our website and compliance with the law;
- for the purposes of emailing news and insights about ERA and our services to those users who have completed and submitted the registration form on our website (era.org.uk/registration) (“User Correspondence Data”). The User Correspondence Data may include your name, email address, role, teaching level, subject or specialisation, key stage taught and name and post code of your institution. The source of the User Correspondence Data is provided by you. The lawful basis for this processing is the legitimate interest of our business in providing relevant information and updates to our users, ensuring they stay informed about ERA and our products and services;
You may opt out of marketing communications at any time by using the opt-out links on any marketing message or by contacting ERA using the address detailed on our website or by emailing: marketing@era.org.uk. Please note that ERA does not send any communications to users registered as students;
- for the purposes of providing feedback and testimonials, completing a survey or enabling user participation in a prize draw, competition (“User Participation Data”). The User Participation Data may include your name, email address, role, teaching level, subject or specialisation, key stage taught, name and post code of your institution, phone number and bank details. The source of the User Participation Data is provided by you. The lawful basis for this processing is the legitimate interest of our business in understanding how users interact with our products and to develop and enhance our products and services. Please note that ERA does not send any communications to users registered as students;
- for the purposes of administering, improving, and safeguarding our business and our website, including troubleshooting, testing, system maintenance, support, reporting, hosting of data and data analytics to improve our website, products/services, marketing, user relationship, and user experiences (“Operational Data”). The Operational Data may involve the collection of information related to your interactions with our website and the features you engage with. The Operational Data may include your email address, role, teaching level, subject or specialisation, key stage taught, name and postcode of your institution, search history, viewing history, login history, device information and geographic location. The source of the Operational Data is provided by you. The lawful basis for this processing is the legitimate interest of our business in the efficient operation of our activities, provision of administration and IT services, network security and mitigating the risk of fraud.
Sensitive Personal Information (Special Category Data)
We generally do not ask you to provide us with information regarding your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, health, sex life or sexual orientation. However, if it is necessary to obtain this information from you in relation to our business activities or to perform a contract with you, we will only collect and process the information with your explicit consent and only for the purpose specified by you when giving your consent.
Who your information might be shared with
As far as is reasonably necessary, we may disclose your personal data to:
- Our business partners, suppliers, agents and sub-contractors for the purposes described under “How we will use the information about you?” section above. These parties may be engaged for the fulfilment of contracts we have with you and the provision of support services to us; and
- Law enforcement agencies, regulatory bodies, auditors and professional advisors to comply with any legal obligation; or for the purposes of fraud prevention; or in order to enforce any agreements; or protect the rights, property, or safety of ERA, its licensees, or others; or obtain any related professional advice.
Transfers of your information out of the EEA
We may need to transfer your personal data to countries that are located outside the European Economic Area (“EEA”) for the purposes of processing by parties that work for ERA or one of its suppliers. By way of example, this may happen if any of the computer services used to host the website are located in a country outside of the EEA.
We will take all steps reasonably necessary to ensure your personal data is treated securely and in accordance with this privacy policy.
Keeping your data secure
We will use technical and organisational measures to safeguard your personal data. All information you provide to us is stored securely.
Unfortunately, the transfer of information via the internet is not entirely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website or email server; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Our website may include links to, or content embedded from third party web services providers. Please note that we have no control over these third-party websites and therefore cannot accept responsibility for the protection and privacy of any information which you provide whilst visiting such third-party websites and such websites are not governed by this privacy policy. It is your responsibility to exercise caution and note the terms of privacy policies relevant to any such third-party websites.
Retention of your data
We will not retain your personal data for longer than is necessary in relation to the purposes for which the data was collected or otherwise processed. The criteria we use for determining the retention periods for personal data processed in the performance of a contract will be any regulatory requirements, statutory retention periods or guidance provided by regulatory bodies such as HMRC or the Information Commissioners Office. The statutory limitation period for legal claims related to most contracts is generally 6 years.
Member Data will be retained in perpetuity to ensure a full record of the historic governance of ERA.
What rights do you have?
Right to request a copy of your information
You can request confirmation that your data is being processed and a copy of the information we hold for you (this is known as a subject access request).
Should you wish for confirmation that your data is being processed or wish to access the personal data we may hold about you then you can request this from us in writing. Upon written request, we will provide you with a readable copy of the personal data which we keep about you. We will respond to you within the time frame specified within the applicable data protection law, which is generally within one month of receipt of the written request. We will provide the information without charge, but if requests are manifestly unfounded or excessive, in particular because they are repetitive, we retain the right to refuse or to charge a reasonable fee based on the administrative costs of providing the information. To request a copy of the personal data we hold about you please address your written request to the CEO at the address given in the “How can you contact us?” section below.
Right to correct any mistakes in your information
You can require us to rectify the personal data we hold about you if it is inaccurate or incomplete.
Should you require us to rectify the personal data we hold about you, please send a written request to the CEO at the address given in the “How can you contact us?” section below. We will respond to you within the time frame specified within the applicable data protection law, which is generally within one month of receipt of the request.
If we have disclosed your personal data to any third parties, we will also inform those third parties of any correction to your personal data where possible.
General Data Protection Regulation
Right to erasure
You can require us to erase personal information we hold about you without undue delay in the following circumstances:
- The personal data is no longer necessary in relation to the purposes for which is was collected or otherwise processed;
- You object to the processing and there is no overriding legitimate interest for us to continue the processing of the data;
- Your personal data was unlawfully processed; or
- Your personal data must be erased in order to comply with a legal obligation.
ERA can refuse to comply with a request to erase personal information we hold about you for the following reasons:
- To exercise the right of freedom of expression and information;
- To comply with a legal obligation for the performance of a public interest task or exercise of official authority;
- For public health purposes in the public interest;
- Archiving purposes in the public interest, scientific research, historical research or statistical purposes; or
- The exercise or defence of legal claims.
If we have disclosed your personal data to any third parties, we will inform those third parties of any erasure of your personal data, unless it is impossible or involves disproportionate effort to do so.
Right to restrict processing of your personal data
You have the right to restrict the processing of your personal data in the following circumstances:
- You contest the accuracy of the personal data;
- The processing is unlawful and you do not wish for the data to be erased but require restricted processing of the data instead; or
- We no longer require your personal data but you require the data to establish, exercise or defend a legal claim.
When processing of your data has been restricted, we will be permitted to store your data but will not perform the processing of it, unless you consent to further processing or processing is necessary for the establishment of a legal claim; for the protection of rights of another person; or for reasons of important public interest.
If we have disclosed your personal data to any third parties, we will inform those third parties about the restriction on the processing of your personal data, unless it is impossible or involves disproportionate effort to do so.
How to contact us
Please contact us if you have any questions about this privacy policy or the information we hold about you, including making requests to exercise any of your rights in relation to your personal data. If you wish to contact us, please send an email to era@era.org.uk or write to us at Educational Recording Agency Ltd, Scott House, Suite 1, The Concourse, Waterloo Station, London SE1 7LY or ring us on 020 7837 3222.
Complaints
We take your privacy very seriously and try to adhere to the highest standards when collecting and processing your data. However, if you think there is a problem with the way we are processing your personal data, then we encourage you to contact us directly to see if your concerns can be addressed. Please see our Code of Conduct for further details on our complaints process.
If you are not satisfied with the outcome of our internal complaints procedure, or if you consider that your complaint has not been handled correctly, you may lodge a complaint with the Information Commissioners Office.
Changes to the ERA Privacy Policy
We may change this Privacy Policy from time to time. Any changes we make to this Privacy Policy will be posted on this page and, where appropriate, notified to you by post or email. Please check regularly to see any updates or changes.
February 2024