Data Handling & Privacy Policy

The School of African Languages

Last updated: 13th September 2025

The School of African Languages (“we”, “our”, “us”) is committed to protecting your privacy and handling your personal data securely, fairly, and transparently. This policy explains how we collect, use, store, and protect your personal data in accordance with the UK GDPR and Data Protection Act 2018.

1. Who We Are

We are a UK-based language school providing courses to students in the UK and internationally. If you have questions about this policy or your data, you can contact us at:

📧 Email: support@theschoolofafricanlanguages.com
📍 Address: School of African Languages, Gillingham, ME74QR

2. What Data We Collect

We may collect the following information from you when you enrol in a course, use our website, or take part in lessons:

• Name, email address, phone number, country code

• Course enrolment information

• Lesson recordings (video, audio, chat, screen shares)

• Communications (emails, WhatsApp messages)

• Payment confirmations via third parties (PayPal, Tide Banking, card machine – we do not collect or store payment card details directly)

• In the future, website account login details (username, password)

We do not collect sensitive (“special category”) data such as health, ethnicity, or religion.

3. How We Collect Data

Data is collected through:

• Our website course enrolment form

• Direct communications (email, WhatsApp, in-class forms)

• Zoom (for lessons and recordings)

• Payment platforms (PayPal, Tide Banking, card machine)

• CRM systems (Zoho CRM, Outlook)

• Paper enrolment forms (stored securely at our office)

Our website may use cookies or analytics tools (e.g. Google Analytics) to track visits and improve services.

4. How We Use Recordings

All group lessons are recorded for educational purposes. Recordings may include video, audio, chat, and screen shares.

• Recordings are shared only with the students enrolled in that specific class, the tutor, and our admin team.

• They are provided so you can revisit lessons, catch up, and support your learning.

• Recordings are kept for 1–4 years depending on educational need, and then securely deleted.

• Recordings will never be used for marketing or promotional purposes without your explicit consent.

• You may choose to keep your camera off if you do not wish your video to appear in recordings.

5. Legal Basis for Processing

We process your personal data under the following lawful bases:

• Contract – to deliver the courses and services you have enrolled in.

• Legitimate Interests – to operate and improve our school, manage tutors, keep records, and prevent misuse.

• Legal Obligation – to comply with UK legal requirements (e.g. accounting, safeguarding, complaints handling).

• Consent – for optional uses such as marketing communications and promotional use of recordings.

6. Data Storage & Security

We store data securely using:

• Zoho CRM (student records, password-protected)

• Outlook (emails)

• Zoom Cloud (class recordings, Data7 region)

• PayPal and Tide Banking (payments)

• WhatsApp (end-to-end encrypted communications)

• Website (regular backups)

• Paper records (locked filing cabinet at our office)

We use password protection, encryption where applicable, access controls, and secure backups.

7. Data Sharing

We do not sell or share your data with third parties. However, during classes, students and tutors may voluntarily exchange contact details to support communication. This exchange is not managed by us and is entirely at your discretion.

We use trusted service providers (e.g. Zoom, Zoho, PayPal, Tide) who process data on our behalf. These providers comply with UK GDPR standards.

8. International Data Transfers

As we have students outside the UK and EU, your data may be accessed internationally. Where this occurs, we rely on secure platforms and international safeguards (such as standard contractual clauses and adequacy decisions) to protect your data.

9. Retention Policy

We keep personal data only as long as necessary:

• Student records & contact details – normally 5–6 years after your last course

• Class recordings – 1–4 years, then deleted

• Tutor records – 5–6 years

• Emails & correspondence – aligned with student records (up to 6 years)

• Website accounts (future) – while active + 1–2 years after inactivity

• Paper records – securely destroyed after 5–6 years

We review records annually and securely delete data that is no longer needed.

10. Data Breaches

We take data security seriously. If a breach occurs:

• We will assess the risk and contain the issue immediately.

• We will keep an internal log of all breaches.

• If the breach poses a risk to individuals, we will notify the ICO within 72 hours.

• If the breach poses a high risk, we will also notify affected individuals without delay.

11. Marketing & Communications

We send newsletters and marketing emails about new courses, offers, and events.

• We rely on soft opt-in for existing students or individuals who have joined our mailing list.

• Every email includes an unsubscribe link, allowing you to opt out at any time.

• We use Zoho CRM to manage emails and track open/click rates, but we do not use profiling.

12. Your Rights

You have the following rights under UK GDPR:

• To access your data

• To correct inaccuracies

• To request deletion (“right to be forgotten”)

• To restrict or object to processing

• To request a copy of your data (data portability)

👉 To exercise these rights, please email us at [Insert contact email]. We will respond within one month.

13. Updates to This Policy

We may update this policy from time to time to reflect changes in law or our operations. Updates will be published on our website, and the date at the top will be revised.