Introduction
Autism Education Services Scotland (AESS) respects your privacy and is committed to protecting your personal data. Whenever you provide AESS information, we are legally obliged to use your information in accordance with the General Data Protection Regulation (GDPR).
This privacy policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.
This statement relates to the use of your personal information you provide to us online, by phone, text, email, letter, or other correspondence.
Important information and who we are
- Purpose of this privacy policy
- Controller
- Contact details
- Changes to the privacy policy and your duty to inform us of changes
- Third-party websites
Purpose of this privacy policy
This privacy policy aims to give you information on how AESS collects and processes your personal data through your use of this website, including any data you may provide through this website when you sign up to book a training, subscribe to the website and/or download any of our free digital resources.
It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.
Controller
AESS is the controller and responsible for your personal data (collectively referred to as AESS, “we”, “us” or “our” in this privacy policy).
We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.
Contact details
If you have any questions about this privacy policy or our privacy practices, please contact our data privacy manager in the following ways:
Full name of legal entity: Autism Education Services Scotland
Email address: autismedservscot@gmail.com
Postal address: 130 Crofton Avenue, Glasgow G44 5JD
Telephone number: 0790 4344435
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Changes to the privacy policy and your duty to inform us of changes
We keep our privacy policy under regular review and we may update it from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy.
This version was initiated on 1st June 2020.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third-party websites
This website includes hyperlinks to, and details of, third-party websites, plug-ins and applications. These are provided for your information and convenience only.
Clicking on those links or enabling those connections may allow third parties to collect or share data about you. Please note that we do have no control over, and are not responsible for, the privacy policies and practices of third parties, and we do not accept any responsibility or liability for these policies or practices.
When you leave our website, we encourage you to read the privacy policy of every website you visit.
The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes [first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender].
- Contact Data includes [billing address, delivery address, email address and telephone numbers].
- Financial Data includes [bank account and payment card details].
- Transaction Data includes [details about payments to and from you and other details of products and services you have purchased from us].
- Technical Data includes [internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website].
- Profile Data includes [your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses].
- Usage Data includes [information about how you use our website, products and services].
- Marketing and Communications Data includes [your preferences in receiving marketing from us and our third parties and your communication preferences].
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
How is your personal data collected
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your [Identity, Contact and Financial Data] by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- apply for our products or services;
- create an account on our website;
- subscribe to our service or publications;
- request marketing to be sent to you; or
- give us feedback or contact us.
- Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookie policy for further details.
How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use your personal data, the data collected (may fall under one of the previously described groups) and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
| Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
| To register you as a new customer | Identity and Contact | Contractual obligation |
| To process and deliver your order including: Manage payments, fees and charges Collect and recover money owed to us | Identity, Contact, Financial, Transaction, Marketing and Communications | Contractual obligation and legitimate interest |
| To manage our relationship with you which will include: Notifying you about changes to our terms or privacy policy Asking you to leave a review or take a survey | Identity, Contact, Profile, Marketing and Communications | Contractual obligation, legal obligation and legitimate interest |
| To enable you to complete a survey | Identity, Contact, Profile, Usage, Marketing and Communications | Contractual obligation and legitimate interest |
| To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | Identity, Contact and Technical | Legitimate interest and legal obligation |
| To make suggestions and recommendations to you about goods or services that may be of interest to you | Identity, Contact, Technical, Usage, Profile, Marketing and Communications | Legitimate interest |
Where legitimate interest is the lawful basis of processing your personal data, the legitimate interests we are pursuing are as follows:
- Providing you any products or services you have requested;
- Analysing your use and measuring the effectiveness of our services to better understand how they are being used so we can improve them and engage and retain users;
- Sending you information about our products, events and services, special offers and similar information (where your consent is not required);
- To enable and support our recruitment of employees and sub-contractors;
- Analysing your use of our services and interaction with our communications, to tailor and customise our services and marketing communications;
- Diagnosing problems in our services;
- Conducting surveys and market research about our customers, their interests, the effectiveness of our marketing campaigns, and customer satisfaction (unless we need consent to undertake such surveys, in which case we will only do this with your permission);
- Investigating and responding to any comments or complaints that you may send us;
- In connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of information in connection with legal process or litigation).
How we use your Service Technical Data
When you interact and make use of our services, we may capture and process Technical Data. This data is ultimately processed with the purpose of delivering reliable, secure, and accurate services and to consistently enhance, improve and optimise your experience of using our services. We do not sell this data to third parties. Our legal basis for this processing is that of legitimate interest.
Marketing and product preferences
We may use your profile, usage and marketing and communications data to provide you with information about our products and services. Our purpose is to provide you with a service to help meet your needs. Our lawful basis for processing this data is consent. You are free to withdraw your consent at any time. The consequences might be however, that we cannot offer you certain things, such as offers and promotions or resource alerts, which may be beneficial to you.
You may change your preferences or opt-out at any time by either accessing ‘My Account’ within your AESS account or by unsubscribing from any AESS emails by using the ‘unsubscribe’ link at the end of the email received.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law
Who we share your information with
We may disclose your personal data with the parties set out below (third parties) for the purposes set out on this policy.
- to our employees to enable them to process your data.
- to our agents, sub-contractors, data processors and suppliers to enable them to process your personal data on our behalf. When we supply any of your personal data to our agents, sub-contractors, data processors and suppliers, we protect your personal data by ensuring reasonable contractual arrangements are in place that stipulate compliance with this Privacy Policy.
- Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
International data transfers
Information that we collect may be stored and processed in accordance with this policy. We do not transfer your personal data outside the European Economic Area (EEA) and we will request your permission for any sharing of data.
Personal information that you publish on our website or submit for publication may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.
How we protect your personal information
We take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We store all the personal information you provide on our secure (password and firewall protected) servers and all electronic financial transactions entered into through our website are protected by encryption technology.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
You are responsible for keeping your log-in details, username and password that you use for accessing our website confidential.
How long will you use my personal data for
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
We may retain your personal data for a longer period. When determining retention data periods, we take into consideration applicable laws, contractual obligations and the expectations and requirements of our customers. When we no longer need personal data, we securely delete or destroy it.
In some circumstances you can ask us to delete your data: see your legal rights below for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Your legal rights
Your rights in respect to how we process your personal data are set out in the table below. Please note that some of these rights only apply in certain circumstances.
We respect and value your right to access and control your data. You can exercise your rights, subject to appropriate identity verification procedures, in the following ways:
- By amending your data or consent within your Service account area;
- By contacting AESS by letter to our contact address or email to autismedservscot@gmail.com for the attention of our data privacy manager.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made several requests. In that circumstance, we will notify you and keep you updated.
Our cookie policy
We do not presently use cookies for any purpose.
Third-party services accessed through our website (for example payment processing services) may use cookies in the course of carrying out their functions. For further information about such use, please consult the website(s) concerned.
Your Personal Information
Visitors to our website may be able to register to use our services, make a purchase or download information. When you register, you will provide identity data and other relevant information. If you are making a purchase, we will request contact, financial and transaction data. Any financial data we collect is used only to bill you for your purchase, as described in the purposes for which we will use your personal information. This information may be forwarded to your bank. We will not disclose personally identifiable information we collect from you to third parties without your permission except to the extent necessary, including: to fulfil your requests, comply with contractual obligations, legal obligations, and/or legitimate interests.
Your Consent
By using or interacting with our service, you are consenting to:
- the use of other technologies;
- the transfer of your data, with your express permission, outside of the country where you live, but within the EEA;
- the collection, use, sharing, and other processing of your information as described in this Privacy Policy.
In each case, you consent to the processing of data by AESS, as data controller. If you don’t agree with the terms of this Privacy Policy, then please don’t use our service.
Where the lawful basis of processing your data is consent, you have the right to withdraw your consent at any time. To withdraw your consent, please contact our Data Privacy Manager using the details provided in this policy.
Every care is taken to ensure that the information included in this website is accurate, but inaccuracies may nevertheless occur. If you discover any information which you believe to be inaccurate, please email: autismedservscot@gmail.com There are a number of links from this website to sites maintained by other groups. These links are provided purely to assist you and in good faith. AESS recognises the copyright and Intellectual Property of the owners of such sites. The presence of a link does not imply that AESS endorses or supports these groups nor does the absence of a group imply that the AESS does not support it. AESS cannot be held responsible for any damage or loss caused by any inaccuracy in the materials on this site, or in linked sites/pages.
To get in touch, contact Lorna Wallace – austismedservscot@gmail.com, 0790 434 4435
© 2020 Lorna Wallace, Autism Education Services Scotland