Privacy Policy

THIS IS THE ASPIRE PRIVACY POLICY

At Aspire we focus on improving the health, well-being, life-skills and education of children and young people. We do this by engaging children and young people in physical activity, by providing innovative delivery and training services and by using resources that educate and inspire.

We have a passion for physical activity and port, helping to improve the health and well-being, life skills and education of children and young people by changing participation trends and attitudes towards physical activity.

At Aspire we provide high-quality services that improve physical literacy, health, well-being and academic achievement.

This Privacy Policy is effective from the 25^th May 2018.

Through ISO 9001:2015 accreditation, Aspire Active Education Group Ltd are committed to maintaining our highly regarded and respected quality service.

As part of our service, and in compliance with The Data Protection Act 2018 (EU GDPR) we are committed to protecting the privacy of our customers, users and stakeholders, ensuring that always you remain informed and in control of your information.

We are committed to protecting the privacy of all our customers and will always be transparent in how we manage data.

Our privacy policy will help you understand what information Aspire Active Education Group Ltd collects, how we use it and what choices you have.

About us:

The Aspire Active Education Group (AAE) comprises of the following organisations:

	Registered company number	Registered ICO number
Aspire Sports Health & Fitness Ltd	05481772	Z2136574
Aspire Active Camps Ltd	06533710	Z3101912
Aspire Training Solutions (UK) Ltd	08430411	ZA497161

Aspire Active Software Ltd 11785218 tbc

Aspire Active Partnerships Ltd 11785236 ZA766643

In addition to the organisations above you may come across terms “Aspire, “our”, “we”, “us”.

Our registered office is:

Unit 6, Holly Park Industrial Estate

Spitfire Road

Erdington

Birmingham

B24 9PB

Our EU Representative/ Data Protection Officer/ GDPR owner can be contacted directly here:

[email protected]
01905 921029

This privacy notice explains:

What personal information is
The information we collect and how we collect it
How we use your personal information
Who we share your data with?
How long we keep your personal data
Your rights.

Personal information

Personal information is any information which identifies you or which can be identified as relating to you.

Any reference to “you” or “your” refers to you, or anyone whose personal information we process.

When engaging with us we collect information you provide us when you:	Information we collect about you
Active Camps
· To register you as a customer · To Process and Deliver your booking for your child · Speak to us over the phone or via email in relation to one of our products or services · Enter a competition · Make payments and transaction data · Profile & usage data	Identity information: Name, title, date of birth, gender, nationality (of you & your child) and school details of your child Technical Data: Internet Protocol (IP) address, login data, browser type and version, and other technology on the devices that you use to log in for our services Contact: Address, postcode, email addresses and telephone numbers Health & Medical: Relevant health and medical information of your child, including relevant first aid preferences
Organisations
· Sign a contract to work with us · Apply to become a licensee · Make payments	Identify information: Names, title, date of birth, gender, nationality Contact: Address, postcode, email addresses and telephone number Health & Medical: Relevant health and medical information of your child, including relevant first aid preferences
School
· Sign a contract to engage with one of our services · Speak to us over the phone or via email · Enter a competition · Make payments	Identity information: Name, gender of pupils and teachers Contact: Email addresses of point of contact/ teachers Health & Medical: Relevant health and medical information of your child, including relevant first aid preferences
Working for us
· Apply for a job with us · For processing lawful and necessary data required to administer your time in employment with us · Speak to us over the phone or via email in relation to an employment matter	Identity information: Name, title, date of birth, gender, nationality Contact: Address, postcode, email addresses and telephone numbers Employment: Previous employment history, qualifications, work eligibility and references Health & Medical: Relevant health and medical information of your child, including relevant first aid preferences Special categories: Ethnicity
Apprenticeship and Training
· Book on a training course or workshop · Apply for an apprenticeship · Speak to us over the phone or via email · Enter a competition · Make payments and transaction data	Identity information: Name, title, date of birth, gender, nationality Contact: Address, postcode, email addresses and telephone numbers Employment: Previous employment history, qualifications, work eligibility and references Health & Medical: Relevant health and medical information of your child, including relevant first aid preferences Special categories: Ethnicity
To Manage our Relationship with You
· Including updating our Privacy Policy and Notices	Identity information: Name, title, date of birth, gender, nationality (of you & your child) and school details of your child
Marketing
· To make suggestions and recommendations to you about the services that may be of interest to you	Identity information: Name, title, date of birth, gender, nationality (of you & your child) and school details of your child Technical Data: Internet Protocol (IP) address, login data, browser type and version, and other technology on the devices that you use to log in for our services Contact: Address, postcode, email addresses and telephone numbers

Our Commitment

As an essential part of our business, we collect and use customer data. In doing so, we observe relevant UK and Republic of Ireland data protection laws and respect customer’s privacy and rights.

We commit that we will:

· Be completely open and honest about how we use your data

· Never share data with another organisation without your consent.

· Not send marketing communication to customers without lawful reason for doing so or unless they are happy for us to do so

· Adopt the latest technological controls to ensure that the data which we hold electronically, is as secure as possible

· Recognise rights and freedoms to which all our customers are entitled

Processing your data using our Legitimate Interests.

We have several lawful reasons that we can use (or ‘process’) your personal data. One of these lawful reasons is called ‘legitimate interests.

Broadly speaking legitimate interests means that we can process your personal information if:

We have a genuine and legitimate reason and we are not harming any of your rights and interests.

The following are some examples of when and why we would use this approach during our normal course of business:

To improve and enhance our services: When we do process your data, we will use it to benefit you and to make your experience better and to improve our products and services;
Your best interest: Processing your information to protect you against fraud when transacting on our website, and to ensure our websites and systems are secure;
Personalisation: Where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our customers;
Analytics: To process your personal data for the purposes of customer analysis, assessment, profiling and direct marketing, on a personalised or aggregated basis, to help us with our services and to provide you with the most relevant information if this does not harm any of your rights and interests;
Research: To determine the effectiveness of promotional campaigns and advertising and to develop our products, services, systems and relationships with you;
Direct Marketing: We may send postal and email marketing. We will also make sure our postal and email marketing is relevant for you and tailored to your interests. You also have the right to opt-out of receiving this information at any time by contacting us or updating your preferences;
When we process your personal information for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection and any other relevant law. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

How we use your Data and who we share your personal information with?

When you book to attend an event run by Aspire, we need to record details and enter them into attendance documents. This enables us to maintain safety and security as priorities and to see how children are benefiting from our events.

Sometimes we need to share some of your information / data, in order to provide you with our services and meet our legal obligations. We only use / share your data with 3rd parties, in the following circumstances:

To fulfil your order;
To complete or confirm your location or postal address;
To verify your identity and perform DBS checks;
To authorise debit/credit card payments and any other transactions authorised by the supporter or customer;
To manage and maintain the accuracy of your records;
To handle complaints and improve customer service;
To administer marketing on behalf of The Aspire Active Education Group (AAE)
To meet legal obligations, for example, for the purposes of national security, taxation and criminal investigations; and
If the Aspire Active Education Group (AAE) is acquired by a third party, in which case personal data held by it, about its customers, will be one of the transferred assets.

We’ll never make your personal data available to anyone outside The Aspire Active Education Group (AAE) for them to use for their own marketing purposes without your prior consent.

All data shared outside of the EEA (European Economic Area) will only be shared for legitimate purpose and with regulated, data security compliant parties.

Other uses of your personal information

Naturally, as we are delivering services for children, we are regulated by OFSTED. We will therefore share as mush personal information as we have to with our Regulators, government or quasi-governmental organisations, law enforcement authorities and other Local Authority bodies as may be required from time to time, to comply with legal requirements;
We may share your data with any person working within the Aspire on a ‘need to know’ basis, to ensure that we are able to deliver our services to you;
We hold personal information on our secure IT systems, and we use this to provide you with marketing information about similar services offered by Aspire. You can always tell us to stop sending this information at any time.

Third party links

Our website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

When you leave our website, we encourage you to read the privacy notice or policy of every website you visit.

Transferring your personal information outside the EEA

The EEA is the European Economic Area, which consists of the EU Members States, Iceland, Liechtenstein and Norway. If we transfer your personal information outside the EEA, we must tell you.

We currently do not transfer your data outside of the EEA and we have no plans to do so. We have ensured those organisations that we share your data with look after it securely and have appropriate safeguards, as required by GDPR in place. These are organisations are:

“Facebook” (Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA) – Facebook provide a social media platform. – Facebook provide the following safeguard EU-US Privacy Shield and an appointed EU representative in Ireland (Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland)
“Google” – (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – Google provide an analytics service – Google provide the EU-US Privacy Shield safeguard
“LinkedIn” (LinkedIn Corporation, 1000 W.Maude Avenue, Sunnyvale, CA 94085, USA) – LinkedIn provide a social media platform. – LinkedIn provide the EU-US Privacy Shield safeguard.
"Kajabi" (Kajabi LLC, 15495 Sand Canyon Ave #300, Irvine, CA, 92618, USA) - provide a business platform - Kajabi provide the EU-U.S. Privacy Shield

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (including the ICO) of a breach where we are legally required to do so.

How long do we keep your personal information?

We will keep your personal information for as long as you are our customer or employee.

Customer
After you stop being an active customer, because you have stopped regularly using our services or buying our products, we may keep your personal information for up to 6 years, plus the current financial year, for one of the following reasons:

To respond to any questions or complaints from you;
To maintain our records;
To comply with laws applicable to us.

After such time, we will securely delete your personal information. If we receive a bounce back from any of the emails that we send to you on several occasions, we will delete your personal information in relation to those emails.

Employee
For permanent employees, we keep personnel files for 6 years after an employment contract has ended. This information includes, but is not exclusive to employment contracts, training records and salary information. For temporary staff, we keep relevant records for 2 years.

This excludes members of the Senior Leadership Team, whose details are retained permanently.

Marketing

We may use your personal information to tell you about relevant services and any upcoming offers.

We can only use your personal information to send you marketing messages if we have either your consent or a legitimate interest to do so.

You can ask us to stop sending you marketing messages at any time – you just need to contact us or use the opt-out links on any marketing message sent to you. If you have setup an online account with us, then you can also change your communication preferences at any time.

Where you opt out of receiving marketing messages, this will not apply to personal data provided to us as a result of purchasing our services or any other transaction between you and us.

Your rights

Right to be Informed
We will always be transparent in the way we use your personal data. You will be fully informed about the processing through relevant privacy notices.

Right to Access
You have a right to request access to the personal data that we hold about you and this should be provided to you, under the General Data Protection Regulation (GDPR), within 30 days. If you would like to request a copy of your personal data, please contact us in writing.

Right to rectification
We want to make sure that the personal data we hold about you is accurate and up to date. If any of your details are incorrect, please let us know and we will amend them.

Right to erasure
You have the right to have your data ‘erased’ in the following situations:

Where the personal data is no longer necessary in relation to the purpose for which it was originally collected or processed.
When you withdraw consent.
When you object to the processing and there is no overriding legitimate interest for continuing the processing.
When the personal data was unlawfully processed.
When the personal data must be erased in order to comply with a legal obligation.

If you would like to request erasure of your personal data, please contact us in writing. Please note that each request will be reviewed on a case by case basis and where we have a lawful reason to retain the data, it may not be erased.

Right to restrict processing
You have the right to restrict processing in certain situations such as:

Where you contest the accuracy of your personal data, we will restrict the processing until you have verified the accuracy of your personal data.
Where you have objected to processing and we are considering whether The Aspire Active Education Group (AAE) legitimate grounds override your legitimate grounds.
When processing is unlawful, and you oppose erasure and request restriction instead.
Where the Aspire Active Education Group (AAE) no longer need the personal data, but you require the data to establish, exercise or defend a legal claim.

Right to data portability
You have the right to data portability in certain situations. You have the right to obtain and reuse your personal data for your own purposes via a machine-readable format, such as a .CSV file. If you would like to request portability of your personal data, please contact us by writing to us this only applies:

To personal data that you have provided to us;
Where the processing is based on your consent or for the performance of a contract; and
When processing is carried out by automated means.

Right to object
You have the right to object to The Aspire Active Education Group (AAE) processing your data in these circumstances:

Where the processing is for direct marketing. Remember you can opt out of email communication at any time via the unsubscribe feature on our emails;
Where the processing is based on legitimate interests;
Where the processing is for purposes of scientific/historical research and statistics.

The Regulator

If you feel that The Aspire Active Education Group (AAE) has not upheld your rights, we ask that you contact our Data Protection Officer whose details can be found in point 1 so that we can try and help.
If you are not satisfied with our response, or believe we are not processing your data in accordance with the law you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). Their details are supplied below:

Address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: www.ico.org.uk

How to contact us

Address:
The Aspire Active Education Group (AAE)
Unit 6, Holly Park Industrial Estate