Kaplan Financial Privacy Notice
Kaplan Financial is committed to maintaining the privacy and security of your personal data.
This Privacy Notice explains how we collect, use, share and protect your personal data. It is important that you read this Privacy Notice so that you are aware of how and why we are using your personal data.
This Privacy Notice is provided in a layered format so you can click through to the specific areas set out below:
- Who we are
- Data Protection Officer
- What is personal data?
- Data protection principles
- How we use your personal data
- The personal data we collect from you
- When and how we share your personal data with others
- Transfer of your personal data to other countries
- The security of your personal data
- Our storage and retention of your personal data
- Your rights as a data subject
- Changes to this privacy notice
Who we are
Kaplan Financial is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. Where we act as a data controller, we are required under data protection legislation to notify anyone who provides personal data to us, either directly or through a third party, of the information contained in this Privacy Notice.
Kaplan Financial is the trading name for Kaplan Financial Limited (company number 01028790 and registered address at 179 – 191 Borough High Street, London SE1 1HR) so when we mention "Kaplan", "we", "us" or "our" in this Privacy Notice, we are referring to this company which is responsible for processing your data.
Data Protection Officer
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below:
Name of DPO: Rachael Convery
Email address: firstname.lastname@example.org
Postal address: Palace House, 3 Cathedral Street, London SE1 9DE, United Kingdom.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
If you are an EU national or resident in an EU country, and wish to contact our EU Representative:-
Kaplan Ireland Education Limited, 13/14 Aungier Street, Dublin 2, D02 WC04 Ireland
What is personal data?
Personal data is any information about an individual from which that individual can be identified. Your name, address, phone number and bank account number are examples of personal data. It does not include data where the identity has been removed (anonymous data).
Data protection principles
We will comply with data protection law. This says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform a contract we have entered into with you.
- Where we need to comply with a legal obligation.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We may also use your personal data in the following situations, which are likely to be less common:
- Where we need to protect your vital interests (or someone else's interests).
- Where it is needed in the public interest (for example, equal opportunities monitoring) or for official purposes.
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email. You have the right to withdraw consent to marketing at any time by contacting us.
The personal data we collect from you
When you request information or make enquiries about any of our services or programmes, we may use the personal data you provide in order to fulfil your request or respond to your enquiry. It is in our legitimate interests to use your personal data in this way so that you receive the information you have requested.
Enrolments and orders
If you submit a booking request, enrol onto one of our programmes or purchase any of our other products or services, we may collect the following categories of personal data about you:
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
- Date of birth.
- Nationality and country of residence.
- Education history.
- Employment history.
- Funding information.
- Bank account details.
- Billing address.
- Credit card or other payment information in order to process your payments.
This information will be used by us to perform the contract we have entered into with you.
We may also ask you to disclose information regarding any criminal convictions you may have. We need to use this information in order to comply with our legal obligations.
During your programme we may collect information about your academic experience and progression. This is in order to fulfil our contract with you but it is also in our legitimate interests to use this personal data in order to monitor the provision of our service to you.
We may also collect personal data about your health in order to make appropriate arrangements and reasonable adjustments for you regarding your welfare or attendance. We use this information in order to perform our contract with you and in order to comply with our legal obligations.
Where you have explicitly consented to do so, we may use your personal data to inform you of special offers and new or existing services that we believe may be of interest to you.
If you are opted into marketing, we may also upload an encrypted version of your email address to social media and advertising platforms to do the following if a match is found:
- show you direct, relevant marketing messages
- create audiences of people that are similar to you
- ensure you do not see irrelevant marketing messages.
If you would prefer that we do not send such communications to you or share your email address in this way, please follow the opt-out links on any marketing message or contact us using the contact details in this Privacy Notice.
Internal business purposes
We also may use your personal data for our internal business purposes. This is in our legitimate interests in order to operate as a business and monitor and improve the services we provide. Where possible we will anonymise this information. Please contact us using the contact details in this Privacy Notice if you would like more information.
Automated technologies or interactions
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
When and how we share your personal data with others
We may share your personal data with third parties where required by law, where it is necessary to perform a contract or where we have a legitimate interest in doing so. Such third parties may include the following:
- Our service providers: We may share your personal data with other companies that perform certain services on our behalf. These services may include processing payments, providing customer service and marketing assistance, performing business and sales analysis and supporting our website and IT functionality. These service providers may be supplied with or have access to your personal data solely for the purpose of providing these services to us or on our behalf. Kaplan is the data controller and will remain accountable for your personal data.
- Your employer or sponsor: We may share your personal data with your employer or sponsor with whom we have a contract relating to your programme of study.
- Parents and guardians: If you are under 18, we may share your personal data with your parents or guardians in order to perform our contract, comply with our legal obligations and if it is in your vital interests.
- Other entities in the Kaplan group: We may share your personal data with other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise or for system maintenance support and hosting of data.
- Professional bodies and regulators: We may need to share your personal data if required by a professional body or institute related to your programme or if required by a regulatory body or to otherwise comply with law.
- Others: We may share your personal information with other third parties such as in the context of the possible sale of our business. We may also need to share your personal data in order to permit us to pursue available remedies or limit damages we may sustain.
Transfer of your personal data to other countries
As we are an international business with employees, entities and service providers all over the world, we may need to transfer the personal data you provide to us to other countries which may be outside the European Economic Area (EEA).
The data protection laws in such countries may not be as comprehensive and provide the same level of protection for your personal data as those within the EEA. In these circumstances, we will take appropriate steps to ensure that your personal data is handled as described in this Privacy Notice. These steps will include appropriate contractual mechanisms. Please contact us using the contact details in this Privacy Notice if you would like more information.
The security of your personal data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, service providers, business partners, agents and other third parties who have a legitimate need to know. They will only process your personal information on our instructions or as otherwise agreed and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Our storage and retention of your personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Please contact us using the contact details in this Privacy Notice if you would like more information.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Your rights as a data subject
Under certain circumstances, by law you have the right to:
- Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal data to another party.
If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us using the contact details in this Privacy Notice.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Your right to withdraw consent
In circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us using the contact details in this Privacy Notice. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Changes to this Privacy Notice
We reserve the right to update this Privacy Notice at any time, and we will provide you with a new Privacy Notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.