Menu
Privacy Notice
Introduction
This privacy notice describes the processing of personal data we undertake as a business, including the data processed by our cloud-based service platform. The following are our reasons for collecting your personal data, what we do with it and what your rights are under UK GDPR.
1. Who Are We?
We are Senshine Ltd, a company registered in England, registration number: 15216102, registered office address 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ. You can email us using hello@senshine.co or contact us via the forms on our site.
We are registered as a Data Controller with the Information Commissioner’s Office (ICO – the UK’s regulator for data protection), registration number ZB701643.
Where we are processing personal data of teachers and pupils on behalf of a school we do so as their data processor and you should contact them if you wish to know more about how and why they are processing your personal data, however please see the Teachers & Pupils section (section 11 of this Privacy Notice) below for information on our processor activities.
We have appointed a Data Protection Officer, who can be contacted at dpo@senshine.co.
2. Purpose of Processing
We process your personal data for a variety of purposes as set out in the table below, which also shows our lawful bases under UK data protection legislation (UK GDPR) for doing so.
| Purpose | Lawful Basis under UK GDPR |
| Managing your commercial and support enquiries | Our legitimate interests in responding to and managing your enquiry. |
| Managing our commercial relationship with you as a member of school staff | Our legitimate interests in managing commercial relationships and associated contracts between us and your organisation. |
| Managing our commercial relationship with you as a contact employed by one of our suppliers |
Our legitimate interests in managing our commercial relationships and any associated contracts between our respective organisations. If you are a sole trader or partner in a partnership then our lawful basis will be that processing is necessary to manage the contract we have with you. |
| Direct marketing | Our legitimate interests in ensuring we appropriately manage, deliver or suppress direct marketing activity. |
| Research projects & pilot evaluation | Our legitimate interests in researching and evaluating the use of our products to inform further developments and marketing strategies. |
| Recruitment Enquiries | Taking the steps necessary to enter into a contract with you. We will provide further privacy information to you as the recruitment process progresses. |
Where we are relying on our legitimate interests you are free to object to that at any time. In the case of direct marketing activities we will ensure that we cease to market our services to you should you object to our legitimate interests.
Where we are relying on your consent you are free to change your mind and withdraw your consent at any time.
3. Data We Collect
The table below gives information on the categories of personal data we process for each of the purposes shown above.
| Purpose | Categories of Data Processed |
| Managing your commercial and support enquiries | Name, contact details, message content and contact history. |
| Managing our commercial relationship with you if you are a member of school staff | Name, role, contact details, contact history, school, account ID. |
| Managing our commercial relationship with you as a contact employed by one of our suppliers |
Name, role, contact details, and contact history. If you are a sole trader then your personal data will also include financial information (invoices, payments etc) and records of orders placed. |
| Direct marketing | Name, contact details, marketing preferences. |
| Research projects & pilot evaluation | Name, role, contact details, feedback / comments (as text or via recorded calls / video). |
| Recruitment Enquiries | Name, contact details, role applied for. |
We use third party payment processors to manage payments, so we do not have access to payment card details.
4. Special Category Data
There are additional rules we must follow if we collect certain types of more sensitive data, known as Special Category Data. These include details of your ethnicity, beliefs, health and sexuality and in each case we must let you know what our additional lawful basis is for processing such data.
As our platform’s purpose is to empower teaching teams to better engage SEN learners, we routinely process special category data. Upon doing so we will provide additional privacy information regarding such processes.
5. How Long Do We Keep Your Data For?
Where we are relying on our legitimate interests to process your data then we will keep your personal data until you object to our legitimate interests and we agree with your objection, or until the following default periods have elapsed after our last contact with you.
We will retain your personal data by default for the following periods:
|
Purpose |
Maximum Retention Period |
|
Managing your commercial and support enquiries |
7 years |
|
Managing our commercial relationship with you if you are a member of school staff (or a tutor employed by a company) |
7 years |
|
Managing our commercial relationship with you if you are an independent tutor (a sole trader) or a parent who has subscribed to our packages |
7 years |
|
Managing our commercial relationship with you as a contact employed by one of our suppliers |
7 years |
|
Direct marketing |
7 years |
|
Research projects & pilot evaluation |
7 years |
|
Recruitment Enquiries |
1 month if application does not proceed |
6. Do We Ever Share Personal Data?
We will share your data if we receive a legitimate request from a law enforcement agency.
When you submit your personal data online your data is shared with our partners who manage and host our websites.
If we are communicating with you via email or social media channels (e.g. LinkedIn, Facebook and twitter), we will be sharing your personal data with those email and social media providers.
We also utilise external suppliers to provide several business supports services. We always ensure that we have appropriate contracts in place to protect your rights when personal data are processed on our behalf by these third parties. There is further information regarding these suppliers in the “10. Where Do We Process Data?” section.
7. How Do We Keep Your Data Secure?
We take sensible steps to keep your data secure and ensure we can uphold your rights and meet our obligations under UK GDPR:
- All data sent between your browser and our website are encrypted in transit,
- Access to personal data is role based: only those members of staff with a legitimate need will have access,
- Systems are password protected and multi-factor authentication is enabled where available,
- We ensure that appropriate contracts are in place with our suppliers who process your personal data to protect your rights, to ensure that they take appropriate security measures to safeguard your data, and that any international transfers are done correctly under UK GDPR,
- Our employees are all subject to an obligation of confidentiality, and receive training on data protection matters,
- We utilise appropriate technical and organisational measures to optimise the security of your personal data.
8. Your Rights
You have a number of rights relating to the processing of your data, if you would like to use them or have any questions then please contact us.
We won’t charge you for doing any of the following, however we may make a charge in the case of frequent repeat or unfounded requests:
- Awareness: You have the right to be fully informed about why and how we process your information. This privacy notice is intended to meet that requirement, but please do contact us if you have any questions. If we obtain your personal data from a third party (e.g. a social media platform or recruitment platform) then we will tell you where we have obtained your information from,
- Access: You have the right to a copy of the data we hold about you,
- Rectification: If you think some of the data we hold is wrong then you have the right to ask us to correct it,
- Erasure: You have the right to ask us to delete the data we hold about you. Where we are holding the data to fulfil a contract with you or your organisation then we will need to retain the data in accordance with the data retention requirements shown above,
- Restriction: You have the right to ask us to restrict the processing of personal data whilst we check its accuracy, if you think the processing is unlawful, if you believe we no longer need to process the data but you need us to store it due to pending legal claims, or when you object to our processing based upon our legitimate interests and we are assessing the validity of that,
- Object: Where we are processing your personal data based upon our legitimate interests you have the right to object to that. If your objection is valid (for instance in the case of any direct marketing activity) then we will stop processing your personal data for that purpose,
- Data portability: You can request a copy of your data in a digital format which you can then supply to another provider when we are processing your personal data under the lawful basis of performing a contract with you or because we have your consent,
- Automated decisions and profiling: You have the right, in certain circumstances, not to be subject to decisions based on automated processing (including profiling) if it has a significant or legal impact on you. This doesn’t apply if the processing is necessary to fulfil a contract with you, or if you have given us your consent to do so. We do not currently use any technology to make automated decisions about you.
9. What Occurs When I Follow Links To Other Sites?
If you follow a link from our site to another site then you should read the privacy notice on the other site prior to providing your data to them. We are not responsible for the cookies installed upon your device by other websites.
10. Where Do We Process Data?
We primarily process data in the UK however we use partners to help us deliver our services, some of these services will mean that your personal data are transferred outside of the UK.
|
Partner |
Where are they located? |
What additional protections are in place to safeguard your rights if processing is transferred overseas |
|
Microsoft UK Ltd – office productivity tools including email |
UK |
N/A |
|
Name Hero, LLC – website hosting provider |
US |
UK extension to the EU-US Data Privacy Framework |
|
HubSpot – Customer management and marketing services provider |
US (data in Germany) |
UK extension to the EU-US Data Privacy Framework |
We may share your personal data with professional advisors from time to time, such as our accountants or legal advisors. We will always ensure that appropriate protections to your rights and freedoms are in place.
11. Teachers & Pupils
This section describes the data processed within our systems where we are acting as a Data Processor on behalf of another organisation such as a school or tutoring business.
We apply default retention periods, however the Data Controller can manually delete any of these data at any time or contact us and ask us to do this for them.
|
System |
Data Processed |
Default Retention Periods |
|
Senshine.co |
For school staff: Name, address, email address, job title / role information, school name, account ID, timetable data, absences data, salary data, activity log. For learners: Name, age, class, family data, medical data, demographics, learning needs and planning data, achievement data, timetable data, attendance data, behaviour data, detentions data, exclusions data, communications with school. For parents/carers: Name, address, email address, family data, cultural identifiers data, communications with school. |
The Data Processor retains personal data by default for 30 days from when data about person(s) concerned are no longer controlled by the Data Controller (for example when a learner leaves a School that is a customer of SENshine) or if said Controller ceases to be a customer of the Processor. The 30 days allows time for the Controller to fulfil its obligations e.g. to forward on key information and documents about learners to said learners’ new school. If a learner in the system is aged 16 years or more, then as long as the school that child is leaving is still SENshine’s customer, SENshine will retain their data until 6 years after their 25th Birthday. |
12. Making A Complaint
Please contact us at the above address (in section 1 of this Privacy Notice). You can also contact the Information Commissioner’s Office (ICO) on their helpline 0303 123 1113 or online at www.ico.org.uk. If you should contact the ICO they will normally ask you to contact us first.
