Privacy Policy

Introduction 

1. Introduction

This Privacy Policy explains how Chiswick Education Institute Ltd collects, uses, stores, and protects personal data belonging to students, staff, contractors, and website users.
As a UK‑based educational provider, we act as a Data Controller and follow the UK GDPR and Data Protection Act 2018. UK schools must process data lawfully, fairly, transparently, and integrate data protection into all activities (“data protection by design and by default”). [eani.org.uk]

We also follow current UK government guidance for data protection in educational settings, including responsibilities, lawful bases, and breach management procedures. [gov.uk]

2. Personal data

2. What personal data we collect

Chiswick Education Institute Ltd may collect and process the following categories of data:

2.1 Student Data

• Full name, date of birth, and contact details

• Visa and passport information (for international students)

• Emergency contact details

• Special category data where relevant (e.g., health information, specific learning needs)

• Attendance records, progress reports, assessments.

Educational institutions in the UK commonly process highly sensitive student information such as identification, health, safeguarding concerns, and learning records. [cpdonline.co.uk]

2.2 Staff and contractor data

• Identification and contact details

• Employment records, qualifications, payroll information

• Background checks (e.g., DBS).

2.3 Website and communication data

• Contact form submissions

• IP address and browsing behaviour (collected via analytics tools)

• Cookies (see our Cookie Policy)

3. Lawful bases for processing

We process personal data using the lawful bases identified under the UK GDPR, including:

• Contract – to provide students with educational services

• Legal obligation – safeguarding, immigration compliance, record‑keeping

• Public task / legitimate interests – delivering education and maintaining school operations

• Consent – used only when no other lawful basis applies (e.g., for marketing communications).

Educational institutions in the UK must ensure lawful, fair, and transparent processing and base all activity on one of the legal grounds, in the UK, GDPR. [sprintlaw.co.uk]

4. How we use personal data

Chiswick Education Institute Ltd uses data to:

• Provide English language education services to mature students

• Ensure student welfare and safeguarding

• Communicate with students, staff, contractors, agents, corporate clients

• Process payments and manage accounts

• Support visa applications (when applicable)

• Monitor progress, attendance, and performance

• Improve teaching, administration, and digital tools

• Meet regulatory and inspection requirements.

5. Special category data

Special category data (e.g., health information or specific learning differences) is processed only when strictly necessary and in accordance with UK GDPR safeguards for sensitive data, which educational institutions frequently handle. [cpdonline.co.uk]

6. Sharing personal data

Chiswick Education Institute Ltd may share data with:

• Staff members with authorised access

• Immigration authorities (where required)

• Accreditation bodies and inspectors

• Payment processors

• Health and welfare services

• IT service providers (e.g., cloud platforms, learning tools).

Any third‑party suppliers must comply with UK GDPR and maintain strong data security measures. Educational institutions are responsible for ensuring digital tools and external providers meet data protection standards. [sprintlaw.co.uk]

7. International Data Transfers

Where data is transferred outside the UK (e.g., third‑party digital tools), we ensure adequate safeguards such as:

• UK‑approved adequacy regulations

• Standard Contractual Clauses (SCCs).

8. Data retention

Chiswick Education Institute Ltd retains personal data only as long as necessary for the purposes collected and in accordance with UK government retention guidelines for education providers. [gov.uk]

9. Data security

Chiswick Education Institute Ltd uses appropriate administrative, technical, and physical safeguards to protect data from loss, misuse, or unauthorised access. Robust data security practices are essential for UK schools and educational institutions especially given the sensitivity of data collected by educational institutions. [sprintlaw.co.uk]

Security measures include:

• Secure password protocols

• Encrypted storage

• Access controls

• Staff training

• Regular system audits

• Secure data disposal procedures.

10. Your data protection rights

Under UK GDPR, individuals have the right to:

• Access their personal data (Subject Access Request)

• Request correction of inaccurate data

• Request deletion (where applicable)

• Request restriction or objection to processing

• Data portability

• Withdraw consent (where processing is based on consent).

Educational institutions must handle Subject Access Requests and other information rights requests appropriately and without undue delay, as required by UK guidance. [gov.uk]