Gramacri

Menu
Log In

Data Protection and Data Security Policy

1. Statement and Purpose of Policy

Gramacri Limited is committed to handling personal data responsibly, securely and in accordance with applicable UK data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

The purpose of this policy is to:

  • explain how Gramacri Limited approaches data protection and data security;
  • outline the responsibilities of staff and contractors when handling personal information;
  • support the secure and lawful handling of personal data relating to staff, schools, customers and other individuals;
  • promote good practice in relation to confidentiality, safeguarding and data security.

This policy is intended as internal guidance and does not form part of any contract of employment or engagement. Gramacri Limited reserves the right to review or amend this policy where reasonably necessary.

2. Definitions

For the purposes of this policy:

  • Personal Data means any information relating to an identifiable individual.
  • Processing means any use of personal data, including collecting, storing, sharing, amending or deleting it.
  • Special Category Data includes sensitive information such as health information, racial or ethnic origin, religious beliefs or similar protected data.
  • Data Subject means the individual to whom the personal data relates.
  • Staff includes employees, contractors, consultants, agency workers, volunteers and any individuals working on behalf of Gramacri Limited.

3. Data Protection Principles

Gramacri Limited aims to process personal data in accordance with the following principles:

  1. Personal data should be processed lawfully, fairly and transparently.
  2. Personal data should only be collected for specified and legitimate purposes.
  3. Personal data should be limited to what is reasonably necessary for the relevant purpose.
  4. Reasonable steps should be taken to keep personal data accurate and up to date.
  5. Personal data should not be retained for longer than reasonably necessary.
  6. Appropriate technical and organisational measures should be used to help protect personal data against unauthorised access, loss, misuse or disclosure.

4. Responsibilities

Maintaining appropriate standards of data protection and data security is a shared responsibility between Gramacri Limited and all Staff working on behalf of the company.

All Staff are expected to:

  • handle personal data responsibly and confidentially;
  • follow reasonable security procedures;
  • report suspected data breaches or security concerns promptly;
  • only access information required for legitimate work-related purposes;
  • comply with this policy and any related procedures or guidance.

Questions relating to this policy should be directed to Gramacri Limited management at:
info@gramacri.com

Any deliberate misuse of personal data or serious breach of confidentiality may result in disciplinary action or termination of engagement where appropriate.

5. Personal Data Covered by this Policy

This policy applies to personal data relating to:

  • schools, teachers, parents, customers and suppliers;
  • staff, contractors and applicants;
  • website users, subscribers and platform users;
  • customer communications and service-related records;
  • assessment-related information provided by schools where applicable.

Personal data may be stored electronically, digitally or in limited paper-based form where reasonably necessary.

6. Personal Data We May Process

Depending on the nature of the relationship with the individual or organisation, Gramacri Limited may process information including:

  • names and contact details;
  • school contact information;
  • subscription and account information;
  • communication records;
  • billing or payment-related information;
  • safeguarding or incident-related records where appropriate;
  • website usage information and analytics data;
  • limited assessment-related information provided by schools.

Gramacri Limited aims to minimise unnecessary collection of personal data wherever reasonably possible.

7. How Personal Data May Be Used

Personal data may be processed for purposes including:

  • providing educational services and subscriptions;
  • managing customer accounts and subscriptions;
  • communicating with schools, customers or staff;
  • responding to enquiries or support requests;
  • maintaining safeguarding, security or operational records where appropriate;
  • complying with legal or regulatory obligations;
  • improving services, website functionality and user experience;
  • limited marketing or service updates where lawful to do so.

Where consent is relied upon, individuals may withdraw consent or unsubscribe from marketing communications at any time.

8. Accuracy and Retention

Gramacri Limited aims to take reasonable steps to ensure that personal information is accurate and kept reasonably up to date.

Personal data will generally only be retained for as long as reasonably necessary for:

  • operational purposes;
  • safeguarding or legal purposes;
  • accounting or regulatory requirements;
  • legitimate business needs.

When personal data is no longer required, reasonable steps will be taken to securely delete, anonymise or dispose of it.

9. Individual Rights

Individuals may have rights under UK data protection laws, including the right to:

  • request access to their personal data;
  • request correction of inaccurate data;
  • request deletion of data in certain circumstances;
  • object to certain types of processing;
  • withdraw consent for marketing communications.

Requests relating to personal data should be sent to:
info@gramacri.com

Gramacri Limited reserves the right to verify the identity of any person making a request before disclosing information.

Requests that are manifestly unfounded, excessive or repetitive may be refused or handled in accordance with applicable law.

10. Data Security

Gramacri Limited aims to use reasonable technical and organisational measures to help protect personal data.

These measures may include:

  • password-protected systems and devices;
  • restricted access to personal information;
  • secure cloud-based platforms and services;
  • anti-malware and software security measures where reasonably appropriate;
  • secure disposal of confidential information;
  • limiting unnecessary storage or sharing of personal data.

No internet-based system or electronic storage method can be guaranteed to be completely secure. Staff and users should exercise reasonable care when handling or sharing information electronically.

11. Staff Responsibilities and Good Practice

Staff should:

  • avoid leaving confidential information unattended;
  • avoid sharing passwords;
  • use reasonable care when accessing school or customer information;
  • report lost devices or suspected security incidents promptly;
  • avoid storing unnecessary personal data;
  • use approved or reasonably secure systems where possible.

Where personal devices are used for work-related activities, Staff are expected to exercise reasonable care to help protect confidential or personal information.

12. Data Breaches

Any suspected data breach, accidental disclosure, loss of information or security concern should be reported to Gramacri Limited management as soon as reasonably practicable.

Where required by law, Gramacri Limited may notify the Information Commissioner’s Office (ICO) and/or affected individuals in accordance with applicable legal obligations.

13. International Transfers

Some third-party service providers used by Gramacri Limited may process data outside the United Kingdom.

Where international transfers occur, Gramacri Limited aims to use providers and safeguards that are considered appropriate under applicable UK data protection laws.

14. Training and Awareness

Gramacri Limited may provide guidance, training or instructions to Staff regarding confidentiality, safeguarding, data protection and information security where reasonably appropriate.

Staff are expected to familiarise themselves with relevant policies and procedures and to seek clarification where required.

15. Review of Policy

This policy may be reviewed, updated or amended by Gramacri Limited where reasonably necessary to reflect operational, legal or regulatory changes.

We are launching
our Foreign Language Platform soon.

If you want to be notified once it is live please subscribe here.
We can’t wait to see you on board!