Effective Date: December 1, 2024.
SisuBloom (“we,” “us,” or “our”) is a UK-based company committed to protecting the privacy of visitors and users (“you” or “your”) of our Website, www.sisubloom.com (the “Website”) and users of our services. This Privacy Policy details how we collect, use, disclose, and protect your personal data when you interact with the Website and our services. We adhere to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Personal Data: Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Special Category Data: This refers to personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Child: For the purposes of this policy, a child is any individual under the age of 18. We acknowledge the special protections afforded to children’s data under the UK GDPR and the Children’s Code.
Processing:
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data Controller:
The entity that determines the purposes and means of the processing of personal data. SisuBloom is the data controller for the personal data collected through the Website and its services.
Data Processor:
Any person (other than an employee of the data controller) who processes the data on behalf of the data controller.
Account Registration:
– Adult name, email address, password, and contact details.
– Child’s name, age, gender identity (optional), interests, hobbies, strengths, challenges, learning differences (if any), and specific needs. This may include Special Category Data relating to health or learning disabilities, which we will only process with explicit consent and where necessary for the provision of our services.
Programme Enrolment:
– Learning preferences (visual, auditory, kinesthetic, read/write).
– Motivational factors (curiosity, challenges, rewards, etc.).
– Preferred learning environment (structured, flexible, collaborative, independent).
– Technology comfort level and preferred learning apps/websites.
– Goals and aspirations for the child.
– Reasons for choosing SisuBloom and expectations for the programme.
– Information about how you heard about SisuBloom.
– Purchases:
Payment information (credit/debit card details, billing address) processed securely through third-party payment gateways compliant with the Payment Card Industry Data Security Standard (PCI DSS). SisuBloom does not store this data.
– Communications:
Any information you provide when contacting us via email, contact form, or phone, including queries, feedback, and complaints.
– Newsletter Subscription:
Email address and any indicated preferences. We use a double opt-in process for subscriptions to ensure consent.
– Surveys, Questionnaires, and Feedback:
Opinions, feedback, and demographic information (optional). We will clearly indicate which information is required and which is optional.
– Testimonials:
Name and testimonial content (with explicit consent for publication).
– Website Usage Data:
IP address, browser type and version, operating system, referring website, pages visited, links clicked, date, and time of access.
– This data is collected through server logs, cookies, and similar tracking technologies.
– Device Information:
Device type, unique device identifiers, operating system, and mobile network information.
– Cookies and Similar Technologies:
We utilize cookies and similar technologies (e.g., web beacons, pixels) to enhance functionality, personalize your experience, and analyze website traffic.
– We use both session cookies (temporary) and persistent cookies (stored on your device).
– We provide clear information about the cookies we use and obtain your consent for non-essential cookies through a cookie banner and our Cookie Policy.
– You can manage your cookie preferences through your browser settings.
We process your personal data in accordance with the UK GDPR. Our lawful bases include:
– Contract: Processing is necessary for the performance of a contract with you (e.g., providing access to SisuBloom programmes, delivering coaching services).
– Consent: We obtain your freely given, specific, informed, and unambiguous consent for specific processing activities, such as marketing communications, personalized advertising, and the use of certain cookies. You can withdraw your consent at any time.
– Legitimate Interests: We process data for our legitimate interests, such as improving our services, website analytics, network security, preventing fraud, and direct marketing (where appropriate), provided these interests do not override your fundamental rights and freedoms. We conduct Legitimate Interests Assessments (LIAs) to ensure compliance.
– Legal Obligation: We process data to comply with legal obligations, such as responding to lawful requests from authorities, complying with financial regulations, or fulfilling child protection duties.
– Service Delivery and Improvement:
To deliver and personalize the SisuBloom programmes, including matching students with appropriate learning pathways and resources based on their age, learning preferences, and goals.
To provide ongoing support and guidance to students and parents, including progress reviews and feedback sessions.
To improve our curriculum, platform, and overall service offerings based on user feedback and data analysis.
– Account Management:
To create and manage user accounts, process payments, and provide customer support.
– Communication:
To send important updates, service announcements, and respond to inquiries in a timely and efficient manner.
– Marketing:
To send newsletters, promotional materials, and information about new products or services, but only with your explicit consent. You can opt-out of marketing communications at any time by clicking the “unsubscribe” link in the email or contacting us directly.
– Website Analytics:
To analyze website traffic, understand user behaviour, and improve the Website’s design and functionality using tools like Google Analytics. We may use IP anonymization features to protect your privacy.
– Research and Development:
To conduct research and analysis to improve our programmes and develop new offerings, ensuring they are effective, engaging, and aligned with best practices in education and child development.
– Legal Compliance:
To comply with applicable laws and regulations, including data protection laws, financial regulations, and law enforcement requests.
We may share your information with:
– Service Providers: Trusted third-party service providers who assist us with payment processing (e.g., Stripe), email marketing (e.g., Mailchimp), data analytics (e.g., Google Analytics), IT support, and customer service. We have contracts with these providers that include data processing agreements (DPAs) requiring them to protect your information in accordance with UK GDPR.
– Business Partners:
We may share information with carefully selected business partners who offer products or services that complement SisuBloom’s offerings, but only with your explicit consent. We will be transparent about the purpose of sharing and the types of data shared.
– Legal Authorities:
We may disclose information to legal authorities if required by law (e.g., court order, warrant) or if we believe in good faith that such action is necessary to comply with a legal obligation, protect and defend our rights or property, prevent fraud or illegal activity, or protect the safety of users or the public.
– Aggregated and Anonymised Data:
We may share aggregated and anonymized data with third parties for research, analytics, and marketing purposes. This data does not identify any individuals and cannot be used to trace back to you.
We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction.
These measures include:
– Data encryption: We use industry-standard encryption technologies (e.g., TLS/SSL) to protect your data during transmission and storage.
– Access controls: We restrict access to your information to authorized personnel only, who are trained on data protection best practices and subject to confidentiality obligations.
– Secure servers: We store your information on secure servers with appropriate physical and technical safeguards, including firewalls, intrusion detection systems, and access control measures.
– Regular security assessments: We conduct regular security assessments, penetration testing, and vulnerability scans to identify and mitigate potential risks.
– Data breach response plan: We have a data breach response plan in place to promptly address any security incidents.
Data breach response – plan: We have a data breach response plan in place to promptly address any security incidents and notify affected individuals and the ICO as required by law.
– Regular staff training: We provide regular training to our staff on data protection best practices and our security procedures.
We retain your personal information only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
Our data retention schedule considers:
– Legal obligations: We retain data to comply with legal obligations, such as tax laws and record-keeping requirements.
– Contractual obligations: We retain data for the duration of our contract with you and for a reasonable period afterwards to handle any related queries or claims.
– Legitimate interests: We retain data for our legitimate interests, such as preventing fraud and defending legal claims, for a period that is proportionate to the risk.
– Consent: Where we rely on your consent for processing, we will retain your data for as long as you maintain your consent.
Specific retention periods may vary depending on the type of information and the purpose for which it was collected. For example:
– Account information: Retained as long as your account is active or as needed to provide services and for a reasonable period afterwards to handle any related queries.
– Payment information: Retained as long as necessary to comply with legal and financial obligations.
– Marketing communications: Retained until you unsubscribe.
– Children’s data: We will retain children’s data only for as long as necessary to provide the SisuBloom services and will delete it securely once the child is no longer enrolled in the programme, unless we have a legitimate reason for continued retention (e.g., legal obligation).
You have the following rights under the UK GDPR:
– Right of access: You can request access to your personal information that we hold.
– Right to rectification: You can request that we correct any inaccurate or incomplete personal information.
– Right to erasure: You can request that we delete your personal information, subject to certain exceptions (e.g., when we need to comply with a legal obligation).
– Right to restriction of processing: You can request that we restrict the processing of your personal information in certain circumstances (e.g., if you contest the accuracy of the data).
– Right to object to processing: You can object to the processing of your personal information based on legitimate interests or direct marketing.
– Right to data portability: You can request to receive your personal information in a structured, commonly used, and machine-readable format and to have it transmitted to another controller.
– Right to withdraw consent: If we rely on your consent for any processing activity, you have the right to withdraw your consent at any time. This will not affect the lawfulness of any processing carried out before you withdrew your consent.
To exercise any of these rights, please contact us using the details provided in Section 12. We will respond to your request without undue delay and within one month of receipt.
SisuBloom is committed to protecting the privacy of children. We comply with the Children’s Code (age-appropriate design code) and take additional measures to safeguard children’s data:
– Age-appropriate design: Our Website and services are designed to be age-appropriate and accessible for children.
– Parental consent: We obtain parental consent before collecting or processing any personal data from children under 13. For children aged 13-17, we provide age-appropriate information about their privacy rights and encourage them to involve their parents in decisions about their personal data.
– Data minimization: We collect only the minimum amount of personal data necessary from children.
– Transparency: We provide clear and age-appropriate information to children about how we collect, use, and protect their personal data.
– Security measures: We implement appropriate technical and organizational measures to protect children’s data from unauthorized access, use, or disclosure.
– While SisuBloom is based in the UK, we may use third-party service providers located outside the UK or the EEA. If we transfer your personal data outside the UK, we will ensure that appropriate safeguards are in place to protect your information, such as:
– Standard contractual clauses: We will use standard contractual clauses approved by the UK Information Commissioner’s Office (ICO).
– Adequacy decisions: We will transfer data to countries that have been deemed to provide an adequate level of data protection by the European Commission.
– Other appropriate safeguards: We will rely on other appropriate safeguards as permitted by applicable data protection laws, such as binding corporate rules or approved codes of conduct.
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will post any changes on the Website and notify you as required by law. We encourage you to review this Privacy Policy periodically.
If you have any questions about this Privacy Policy or our data protection practices, please contact us at:
SisuBloom
65 Middleham Road, N18 2RZ
hello@sisubloom.com
0203 375 0095
Data Protection Officer:
Kamsikwa Ezeanyika
kamsikwa@sisubloom.com
This revised privacy policy provides a more comprehensive and detailed explanation of SisuBloom’s data protection practices, ensuring compliance with UK GDPR and best practices for children’s online safety.
Want to read more? Get fresh practical neuroscience tips direct to your inbox.
Copyright ©2024 Sisu Bloom. All Rights Reserved | designed by AZMarketingmedia
