Springpod Help Centre
Head to Springpod
In this article
Your right to privacyWho we are1. How we follow data protection regulations2. Information we hold about you and how we use it3. How we get your personal information4. How long we keep your information5. How we protect your information6. Where we process your information7. How we share your information8. How you can manage the information we hold and how we use itCookiesChanges to this policy
Home
Categories
Policies

Privacy policy

Edited

Your right to privacy

Your right to privacy is important to us. We take the security of your information seriously and have policies and processes in place to ensure that your data is safe. This notice describes how we collect information, use it, and protect it.

Who we are

Springpod is a trading name of The Education Hub Group Limited, registered in England and Wales under company number 10150500. Our address is Arch 6, Maltings Place, 169 Tower Bridge Road, London. SE1 3LJ and  our website is www.springpod.com

To ensure the best possible consideration is given to protecting your data, we subscribe to expert support from a specialist consultancy called Business Risk and Compliance Experts Ltd who supply us with our dedicated  Data Protection Officer, Kieran Morgan-McGeehan. If you have any queries or concerns, you can contact him by telephone at 0203 637 8665 or by email at dpo@springpod.com.

1. How we follow data protection regulations

We are committed to the ethical use and protection of personal information. We are legally obliged to use your information in line with all laws concerning personal information security. We have several policies and processes to ensure that we protect your personal information as well as we can. 

We are a UK Company, so while we are aware of our obligations on a global scale, this notice outlines our approach to protecting your personal information in the UK and has been put together in compliance with all applicable UK data protection legislation and guidance, including but not limited to; the General Data  Protection Regulation (GDPR), the Privacy in Electronic Communications Regulation (PECR), the Data Protection  Act 2018, and the Data Protection, Charges and Information Act 2018. 

As a company that uses personal information, we have registered with the UK Information Commissioners  Office ("ICO"), and our registration number is ZA195343. The ICO is the independent regulator of data protection in the UK. 

California residents have the right to request access to their personal information, request deletion of personal information, and opt out of the sale of personal information. We do not sell personal information. You also have the right not to be discriminated against for exercising any of your consumer privacy rights. 

For users in Canada, we comply with the Personal Information Protection and Electronic Documents Act  (PIPEDA).  

For users in Singapore, we adhere to the Personal Data Protection Act (PDPA).

2. Information we hold about you and how we use it

We use personal information to deliver the services accessed by users of Springpod.com, including virtual work experiences, internships, university experiences, and other services. As the data controller, we ensure that your information is used to provide and enhance these services. When we partner with another organisation to deliver content via the same platform under their brand, we act as a data processor on their behalf, adhering to strict data protection agreements to safeguard your privacy. 

We collect personal information about you when you enquire about or make use of our services.  The lawful reasons that we process information varies depending on the purpose, but, depending on the use,  we will only ever process your data if:  

  • You have given us your consent, which you can remove at any time. 

  • We have a contractual obligation. 

  • We have a legal obligation. 

  • We have a vital interest. 

  • We need it to perform a public task. 

  • We have a legitimate interest. 

In general, we may use your information to: 

  • Communicate with you. 

  • Keep our records up to date. 

  • Process payments. 

  • Ensure the safety of users. 

  • For research and statistical purposes. 

  • To fulfil our legal and regulatory obligations. 

  • Process job applications. 

  • Gain feedback from you. 

  • Prevent crime and meet our legal obligations. 

  • Prudentially manage our business using models and forecasts. 

  • Keep you informed of products or services that may be of interest to you where you have given us consent for us to do this. 

We use different personal information for other purposes, depending on the type of services you use. 

For all users of our services, the information we collect and hold may include: 

  • We need basic information, such as your name, date of birth, address, telephone number, and email address, to stay connected and manage your service. We may also use this information to verify your identity. • Information we need to process payments for you, such as bank and credit or debit card details. • Records of contact with you, such as system notes, emails, and letters. 

  • Your Internet Protocol (IP) address, together with cookies and other information about how you use our website,  your browser, operating system, any plug-ins, and your time zone. We use this information to optimise our website. 

For students, the information we collect and hold may also include: 

  • Information about you, such as your gender, date of birth, year group, expected leaving year group, application details, qualifications, and information about your interests and skills to help employers judge whether you are well suited to the position or work experience. 

  • Some more sensitive details about you, such as your ethnicity, any disabilities, special needs or learning difficulties, whether you receive free school meals, details about your parents, whether you have completed a DofE award, and details about your career, if applicable, help schools understand your next steps and enable them to plan. 

  • Information about the services you use, together with other related information, includes data about your progress after using our services, such as what salary you achieve or details about any further education you move to. This helps schools understand what happens to their students when they leave school and helps them meet their obligations to supply data to Ofsted and the Government. 

  • Interests and usage data, including which opportunities, companies, and careers you view and interact with to personalise the suggested careers and opportunities you see.  

  • This information is also visible to all staff at your school to help them give you personalised careers advice. 

For school and college employees, the information we collect and hold may also include:

  • You provide us with personal information about students, including name, email address, year group, expected leaving year group, gender, Unique Learner Number, and destination data, including destination, level, salary,  company/university, and role/course. This information will be visible to all staff at your school, together with destination data, to help understand where groups of students go when they leave and meet the school's obligations with supplying data to Ofsted and the Government.  

For alumni, the information we collect and hold may also include: 

  • For example, the year you left your school, the year group you left in, and information about what you currently do to supply a support network for current students. 

  • Some sensitive personal information, including ethnicity and disability status to help schools understand where groups of students go when they leave school and help them set targets to aid underperforming groups. We never show your sensitive personal information to employers. 

  • A link to your LinkedIn account and the "About Me" section. 

  • Details of any help you are happy to offer, including work experience, mentoring, attending careers events, and giving talks. 

  • Your interests and skills. This information is visible to all staff members at your school.

  • All data related to any earlier student account if your account transfers to an alumnus account, just in case your school needs to convert it back to a student account and help them maintain records. 

For company representatives, the information we collect and hold may also include: 

  • Details of any help you are happy to offer schools, such as mentoring, attending careers events, and talking about careers. 

  • Information about your role, including job title, how long you have been in the position, answers to questions about the nature of the role, what you do day-to-day, and how you do the job. This information will be visible to your organisation's administrator and every student, alumnus, and school staff member on Springpod once the administrator approves your organisation's profile.  

  • You can hide your profile from your account at any time, which means students, school staff, and alumni cannot see it, but your organisation's administrator will still be able to. 

Letting us know about your sensitive data is optional, and you can always select "don't want to say" without any adverse effects on your experience of using the platform. 

3. How we get your personal information

We collect data through various methods, including our website and correspondence by phone, email, live chat,  or social media. This could include information you provide when you register to use our site, subscribe to our services, take part in discussion boards or other social media, enter a competition, promotion, or survey, and report a problem with our site. 

Most of the personal information we process is provided to us directly by you. We will only collect, use, hold or disclose personal data where we have a lawful basis for doing so. This means the information needed to provide you with a product or service, to satisfy legal or regulatory requirements, or where we have your consent.  

We also receive some personal information from schools, colleges, universities, and employers that use our services, as well as third parties conducting marketing activities on our behalf, but only ever under the protection of a written agreement.

4. How long we keep your information

According to regulatory and legal requirements, we will keep your personal information only for as long as necessary. After that, we will either anonymise it or destroy it securely when we do not need it anymore.

We use a retention schedule to manage the length of time we keep personal data. If you would like to know any specific timescales listed on it, please use the contact details on this form.

5. How we protect your information

The security of your information is important to us. We protect your information by maintaining physical,  electronic, and procedural safeguards concerning collecting, storing, and disclosing personal data to prevent unauthorised access, accidental loss, disclosure, or destruction. 

No data transmission over the internet can be entirely secure, and therefore, we cannot guarantee the security of your personal information and/or use of our sites. However, we use our reasonable endeavours to protect the security of your personal information from unauthorised access. 

In the unlikely event of a data breach, we will notify affected individuals promptly and report to the relevant supervisory authority as required by applicable laws.

6. Where we process your information

Your data is stored securely on servers located within the UK and EU, as well as in cloud-based applications.

To deliver some aspects of our service, we may transfer personal data we have collected from you to countries outside the United Kingdom and, in some cases, outside Europe. Where this is the case, we will not transfer your information unless it is unavoidable to allow us to deliver our products and services. If we do, we take care to ensure the same privacy and security level as the UK.

7. How we share your information

From time to time, we may send information to, receive information from, or exchange your personal information with: 

  • Partners or agents who support us in delivering our products and services to you or to whom we refer you.

  • Companies who perform essential services for us. 

  • Third-party organisations that conduct research, analysis, and marketing activities on our behalf.

  • Regulators, courts, or other public authorities. 

  • The emergency services in case of an accident or emergency. 

  • Law enforcement agencies for the prevention of crime. 

  • Appropriate authorities to ensure safety, especially considering safeguarding concerns. 

We utilise third-party companies to improve our website and platform's experience, and some of your data might be passed to these providers. Some of these key suppliers include: 

  • Segment to integrate our marketing, automation and analytics activities and ensure data integrity between all areas. You can view their privacy notice at www.segment.com/docs/legal/privacy

  • Autopilot to manage our transactional and marketing emails. You can view their privacy notice at  www.autopilothq.com/privacypolicy

  • Typeform to create and use data capture forms on our marketing website and for application forms. You can view their privacy notice at www.admin.typeform.com/to/dwk6gt

  • Google Analytics tracks users on our website and captures the pages visited, duration of stay, user device, and more. We use this information to optimise your experience of our site and identify any problems. You can view their privacy notice at www.privacy.google.com/businesses/compliance

  • Hubspot to manage our marketing database. You can view their privacy notice at www.legal.hubspot.com/privacy-policy

  • Heysummit to operate some of our online events, including but not limited to Learn Lounge, Online Open Days and Online Insight Days. You can view their privacy notice at www.heysummit.com/legal/privacy.

  • Onesignal to send you information via push notifications. You can view their privacy notice at www.onesignal.com/privacy_policy

  • Facebook – for tracking pixels to serve relevant adverts to you on the Facebook platform. You can view their privacy notice at www.facebook.com/privacy

  • Google for tracking pixels to serve relevant adverts to you on the Facebook platform. You can view their privacy notice at www.google.com/privacy

  • Bigmarker to deliver some of our webinars and live online events. You can view their privacy notice at www.bigmarker.com/privacy

We are proud to partner with UCAS to provide enhanced educational and career opportunities for students. Through this partnership, we share relevant data with UCAS to support their application processes and services,  ensuring students have access to the best resources and guidance. All data sharing is conducted under strict data protection agreements to maintain the highest standards of privacy and security.

We may share student information with schools and employers so that everyone can work together, give the students better and more targeted careers advice, and build a better understanding of how well-suited opportunities may be for them. 

We will only share or exchange data with third parties under the protection of a written agreement and the ability to oversee their activities unless the information is needed for legal or regulatory reasons.  

We may receive information about you if you use any other websites we operate or the other services we provide. In this case, we will inform you when we collect that data that it may be shared internally and combined with data collected on this site. We are also working closely with third parties (including, for example,  business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, and search information providers). As a result, we may receive information about you from them. 

Our website may have links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that they have their privacy notices and do not accept any responsibility or liability for these policies. Please check these policies before you send any personal data to these websites. 

We may share your information with organisations based outside the UK and European Union. However, where this is the case, we will only do so if the organisation follows local data protection regulations and it is done under the protection of a written agreement. 

If we do transfer your information outside the UK, when doing so, we ensure that appropriate safeguards are in place, such as: - Standard Contractual Clauses (SCCs) approved by the European Commission. - Binding  Corporate Rules (BCRs) for intra-group transfers. - Certification schemes like the EU-US Privacy Shield (if applicable). 

If a third party delivers all or part of the service requested by you, whilst the information you provide will be disclosed to them, it will only be used to administer the service provided and maintain management information for business analysis. 

Where we have relationships with other organisations that process your information on our behalf, we always ensure they have high data security standards. We will not allow these organisations to use your personal information for unauthorised purposes.  

If the business is reorganised or sold, we may transfer any personal information we hold to that organisation.

8. How you can manage the information we hold and how we use it

Data protection regulations mean you have rights in respect of the information we hold about you:

Your right to transparency 

You have the right to know what information is being processed about you and why. 

Your right to manage consents 

You have the right to give your consent to us using your data for any activities we do not have another lawful basis to carry out, for example, sending you certain direct marketing communications. You can withdraw consent at any time. 

Your right to access your data 

You have the right to request access to the information we hold about you; this is called a Data Subject Access Request. 

Your right to know about sharing 

You have the right to know who your data is shared with and why. 

Your right to rectification 

You have the right to have your details updated if they are inaccurate and for information not needed for lawful reasons to be deleted. You also have the right to ask us to complete information you think is incomplete.

Your right to be forgotten 

You have the right to ask us to erase your personal information in certain circumstances.

Your right to object to processing 

You have the right to object to the processing of your data in certain circumstances. For example, if you want to reactivate your account in the future, your information may be transferred to a secondary database, and it will be kept and securely destroyed in line with our Data Retention Policy. 

Your right to restrict processing 

You have the right to restrict automated processing and profiling. Profiling may be used to analyse or predict economic situations, health, personal preferences, interests, reliability, behaviour, location, or movements. Without it, you may find that the suggestions and guidance you receive from us do not accurately reflect your circumstances.  

Your right to data portability 

You have the right to ask us to send information that we process by automated means to you or another nominated data controller in a commonly used electronically readable format. 

You do not have to pay any charge to exercise your rights. If you make a request, we will respond to you within one month. 

If you wish to action any of the above, please contact us by: 

  • Emailing dpo@springpod.com

  • Writing to Springpod, Arch 6, Maltings Place, 169 Tower Bridge Road, London. SE1 3LJ. 

  • Telephoning us on 0203 637 8665 

If you are concerned about the way we process your personal information, you can also complain to the  regulator in the territory you live in:  

  • In the UK, the regulator is the Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF. 

  • In Austria, the regulator is the Österreichischen Datenschutzkommission, Hohenstaufengasse 3 1010 Wien. Autriche 

  • In Belgium, the regulator is the Commission de la protection de la vie privée, Rue de la Presse, 35, 1000 Bruxelles,  Belgique. 

  • In Bulgaria, the regulator is the Bulgarian Commission for Personal Data Protection, 2 Prof. Tsvetan Lazarov Blvd,  Sofia 1592, Bulgaria. 

  • In Croatia, the regulator is the Croatian Personal Data Protection Agency, Fra Grge Martića 14, HR - 10 000  Zagreb. Croatia. 

  • In Cyprus, the regulator is the Office of the Commissioner for Personal Data Protection, P.O. Box 23378, 1682  Nicosia, Cyprus. 

  • In the Czech Republic, the regulator is the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Praha 7,  Czech Republic. 

  • In Denmark, the regulator is the Datatilsynet, Borgergade 28, 5, 1300 Copenhagen, Danemark.

  • In Estonia, the regulator is the Estonian Data Protection Inspectorate l, Andmekaitse Inspektsioon, Väike Ameerika 19, Tallinn 10129, Estonie. 

  • In Finland, the regulator is Office of the Data Protection Ombudsman, P.O. Box 800, Fin-00521, Helsinki, Finlande

  • In France And French Territories, the regulator is the Commission Nationale De L'informatique Et des Libertés  (CNIL), 3 Place De Fontenoy, TSA 80715, 75334 PARIS. CEDEX 07 

  • In Germany, the regulator is the Virtuelles Datenschutzbüro, C/O Unabhängiges Landeszentrum Für Datenschutz  Schleswig-Holstein, Independent Centre for Privacy Protection Schleswig-Holstein, Holstenstraße 98, D-24103  Kiel. Allemagne. 

  • In Greece, the regulator is the Hellenic Data Protection Authority, Kifisias Avenue 1-3, 115 23, Athens, Grece.

  • In Hungary, the regulator is the National Authority for Data Protection and Freedom of Information, Szilágyi  Erzsébet Fasor 22/C, H-1125 Budapest, HUNGARY. 

  • In Iceland, the regulator is the Persónuvernd, Rauðarárstíg 10, 105 Reykjavík, Iceland. 

  • In Ireland, the regulator is the Office of The Data Protection Commissioner, Canal House, Station Road,  Portarlington, Co. Laois. Ireland. 

  • In Italy, the regulator is the Garante Per La Protezione Dei Dati Personali, Piazza Di Monte Citorio, 121, 00186 Rome,  Italie. 

  • In Latvia, the regulator is the Datu Valsts Inspekcija, Data State Inspectorate, Blaumana Street 11/13-11 Riga, LV 1011, Latvia. 

  • In Leichtenstien, the regulator is the Data Protection Commissioner of The Principality of Liechtenstein,  Datenschutzstelle (DSS), Kirchstrasse 8, Postfach 684, 9490 Vaduz, Liechtenstein. 

  • In Lithuania, the regulator is the Valstybinė Duomenų Apsaugos Inspekcija, State Data Protection Inspectorate of  The Republic of Lithuania, A. Juozapavičiaus G. 6 / Slucko G. 2, 09310 Vilnius, Lithuania. 

  • In Luxembourg, the regulator is the Commission Nationale Pour La Protection des Données 1, Avenue Du Rock’n’Roll, L-4361 Esch-Sur-Alzette, Luxembourg. 

  • In Malta, the regulator is the Office of The Information and Data Protection Commissioner Airways House, Second Floor, High Street, Sliema, SLM 1549, Malta. 

  • In the Netherlands, the regulator is the Dutch Data Protection Authority, Postbus 93374, 2509 AJ Den Haag, Pays  Bas. 

  • In Norway, the regulator is the Datatilsynet, PO. Box 8177 Dep, NO-0034 Oslo, Norvege.

  • In Poland, the regulator is the Biuro Generalnego Inspektora Ochrony Danych Osobowych (GIODO), Ul. Stawki 2,  00-193 Warsaw, Poland. 

  • In Portugal, the regulator is the Comissão Nacional De Protecção De Dados, Rua De São Bento, 148, 3º, 1200-821  Lisboa, Portugal. 

  • In Romania, the regulator is the National Supervisory Authority for Personal Data Processing, 28-30 G-Ral  Gheorghe Magheru Bld., District 1, Post Code 010336, Bucurest, Romania. 

  • In the Slovak Republic, the regulator is the Office For Personal Data The Protection, Úrad Na Ochranu Osobných  Údajov, Hraničná 12, 820 07 Bratislava 27, Slovak Republic. 

  • In Slovenia, the regulator is the Information Commissioner, Namestnik Varuha Clovekovih Pravic, Vošnjakova 1  P.P, 78 1000 Ljubljana, Slovenia. 

  • In Spain, the regulator is the Agencia De Protección De Datos, C/ Jorge Juan, 6, 28001, Madrid, Espagne.

  • In Sweden, the regulator is the Datainspektionen, Drottninggatan 29, 5th Floor, Stockholm, Suede.

Cookies

We use cookies to distinguish you from other users of our website. This helps us provide you with the best experience when you browse and improve our website.  

For detailed information on our cookies and why we use them, please read our Cookie Policy, which is available on our website at www.springpod.com/cookie-policy.

Changes to this policy

We regularly review this policy. Any changes that we may make in the future will be made available at  www.springpod.com/privacy-policy, so you can always view the most recent version there. This Privacy notice is the 30th July 2024 version SPR43.3

privacy
policy