Privacy notice

The Association for Language Learning is a registered charity in England and Wales (registered charity number 1001826). The ALL office can be contacted at the following address: Association for Language Learning, 1A Duffield Road, Little Eaton, Derby, DE21 5DR, via telephone: 01332 227 779 and by email at [email protected].

This notice explains how and why we collect, hold and use your personal information.

If you no longer wish us to process your personal data you can at any time ask us to stop by emailing us at [email protected]

This privacy notice covers:

  • Why we use your personal information
  • The legal basis for processing
  • What personal information we use
  • How we use your personal information
  • Your rights under data protection legislation
  • Sharing personal information with third parties
  • How long we may keep your information
  • Changes to our privacy notice
  • Contact details for our Data Protection Officer

Why we use your personal information

We process your personal data for the following purposes:

  • To ensure you receive the service, product or information you have requested or bought from us
  • Carry out reasonable administration of your membership, bookings, volunteering, donations and other services
  • Keep in touch with you in the way that you wish us to
  • Better understand our users and members to enable us to improve the services we offer – for example for research and statistical analysis including usage patterns
    • We only use the data in an anonymized manner when we use your data for this purpose.
  • to enable us to comply with our legal and regulatory obligations
  • to offer new products and services to you which are relevant and appropriate, and only to the extent that would be reasonably expected.

If we plan to introduce further processes for the use of your information, we will provide information about that purpose prior to such processing.

The legal basis for processing

Under Data Protection Law, there are various grounds which are considered to be a ‘legal basis for processing’.
The legal basis for processing should be determined by the Data Controller.

Where we are the Data Processor, the legal basis is determined by the Customer. Typically, the legal basis in this scenario is:
                ‘processing is necessary for the performance of a task carried out in the public interest’

Where we are the Data Controller, the legal basis for processing is based on:
                ‘processing is necessary for the purposes of legitimate interests pursued by the controller’

It should be noted that in some circumstances this legal basis may vary, however, we always operate in full compliance with Data Protection Law and will only process data with a fair and reasonable legal basis for doing so.

What personal information we process

In order to carry out these services, we obtain and process the following chart:

Data Subject (Who) Data Category (What) Description of data obtained
Individual Member Forename This is the forename of the member
Individual Member Surname This is the surname of the member
Individual Member DOB This is the date of birth of the member
Individual Member Gender This is the member’s gender
Individual Member Membership type This is the grade of membership
Individual Member Salutation This is the member’s salutation.
Individual Member Job Title This is the members job title at time of record
Individual Member Place of work This is the members place of work at time of record
Individual Member Payment method This is the method of payment for membership
Individual Member Payment History and balances This is the member’s history of payment transactions, including subscriptions, refunds and balances
Individual Member Payment card details Payment card details are captured and passed to a 3rd party for authorisation.
Individual Member Postal Address The member’s postal address
Individual Member Identifiers This is the membership number used to identify a members record
Individual Member Authentication data Username and password, single-sign-or multi-factor-authentication tokens
Individual Member Email Address This is the primary contact telephone number of the member
Individual Member Telephone number This is the primary contact email address of the member used to receive communications from ALL
Representative of member organisation Forename This is the forename of the representative of member organisation
Representative of member organisation Surname This is the surname of the representative of member organisation
Representative of member organisation Gender This is the member’s gender
Representative of member organisation Membership type This is the grade of membership
Representative of member organisation Salutation This is the representative of member organisation salutation.
Representative of member organisation Job Title This is the job title of the representative of member organisation at time of record
Representative of member organisation Place of work This is the members place of work at time of record
Representative of member organisation Payment method This is the method of payment for membership
Representative of member organisation Payment History and balances This is the member’s history of payment transactions, including subscriptions, refunds and balances
Representative of member organisation Payment card details Payment card details are captured and passed to a 3rd party for authorisation.
Representative of member organisation Identifiers This is the membership number used to identify a members record
Representative of member organisation Authentication data Username and password, single-sign-or multi-factor-authentication tokens
Representative of member organisation Postal Address The organisation’s postal address
Representative of member organisation Email Address This is the primary contact telephone number of the representative of member organisation used to receive communications from ALL
Representative of member organisation Additional Email Address This is the primary contact telephone number of the representative of member organisation
Representative of member organisation Telephone number This is the primary contact email address of the representative of member organisation
Contact (lapsed member, shop) Title This is the contact’s title (Mr, Mrs, Ms, etc).
Contact (lapsed member, shop) Forename This is the contact’s forename.
Contact (lapsed member, shop) Surname This is the contact’s surname.
Contact (lapsed member, shop) Authentication data Username and password, single-sign-or multi-factor-authentication tokens
Contact (lapsed member, shop) Gender The contact’s gender (Salutation)
Contact (lapsed member, shop) House Name The text entered as the contact’s house name.
Contact (lapsed member, shop) Street The text entered as the contact’s street.
Contact (lapsed member, shop) Locality The text entered as the contact’s locality.
Contact (lapsed member, shop) Town The text entered as the contact’s town.
Contact (lapsed member, shop) Postcode The text entered as the contact’s post code.
Contact (lapsed member, shop) Mobile Telephone This is the contact’s mobile telephone number used to receive information on membership
Contact (lapsed member, shop) Email This is the contact’s E-mail address used to receive communications from ALL, including purchase confirmations and purchase downloads
Contact (lapsed member, shop) Payment History and balances This is the member’s history of payment transactions, including  purchases and refunds
Contact (lapsed member, shop) Payment card details Payment card details are captured and passed to a 3rd party for authorisation.
Contact (lapsed member, shop) Shop information ALL website can be used as a payment page from externally or internally hosted shop systems. This the information captured as part of that (“shopping basket”).
Contact (lapsed member, shop) Browser Details IP address, cookies, browser information
Website Access IP Address The network address of your device or internet connection
Website Access Browser Type and Version The type of Web Browser your device is using
Website Access Cookies Special records in your browser to help the website operate
Website Access Web Analytics Generalised information about browsing behaviour and page statistics

 

How we process your personal information

We use your personal information, and some of our employees have access to such information, only to the extent required to carry out the services for you.

We have introduced appropriate technical and organisational measures to protect the confidentiality, integrity and availability of your personal information during storage, processing and transit.

ALL only processes your personal information in the UK.

Credit Card Payments
We use PayPal as our credit card gateway for both membership and website purchases online and over the telephone. We do not store credit card details nor do we share financial details with any 3rd parties.

Cancellation / Renewal
Your membership starts from the date of cleared funds in to our account and lasts for a period of one year. You will be invited to renew your membership 11 months later and can accept or decline at that time for payment / cancellation the following month. You cannot cancel your membership or will a refund be given for membership of ALL during your annual membership period.

Your rights under Data Protection Law

Right to Access

You have the right of access to your personal information that we process and details about that processing.
If you are a current member of ALL you can usually access that information directly from our website. However, should this not be possible, you can raise a Data Subject Access Request (DSAR) to receive this information in another format.

Right to Rectification

You have the right to request that information is corrected if it’s inaccurate.  If you are a current member of ALL you can usually update your own information directly in our website.  However, should this not be possible, you can contact us to make the changes on your behalf.

Right to Erasure (Right to be Forgotten)

You have the right to request that your information is removed; depending on the circumstances, we may or may not be obliged to action this request.

Right to Object

You have the right to object to the processing of your information; depending on the circumstances, we may or may not be obliged to action this request.

Right to Restriction of Processing

You have the right to request that we restrict the extent of our processing activities; depending on the circumstances, we may or may not be obliged to action this request.

Right to Data Portability

You have the right to receive the personal data which you have provided to us in a structured, commonly used and machine readable format suitable for transferring to another controller.

Right to lodge a complaint

If you think we have infringed your privacy rights, you can lodge a complaint with the relevant supervisory authority. You can lodge your complaint in particular in the country where your live, your place of work or place whereby you believe we infringed your right(s).

You can exercise your rights be sending an e-mail to [email protected]  Please state clearly in the subject that your request concerns a privacy matter, and provide a clear description of your requirements.

Sharing personal information with third parties

We use a range of trusted service providers to help deliver our services. All of our suppliers are subject to appropriate safeguards, operating in accordance with our specific instructions and limitations, and in full compliance with Data Protection Law.

These service providers include:

  • Payment Processors – to securely process your card payments (we do not see, or store payment card details)
  • Email Providers – to send out our email notifications or messages to ALL members, current and lapsed
  • Hosting Providers – to manage our secure enterprise data centres
  • Security Providers – to protect our systems from attack
  • Telephony Providers – we might record calls for training, quality and security purposes
  • Mailing houses – we provide postal and member data to enable the mailing of printed materials (e.g. Languages Today)

We may also have access to your personal information as part of delivering the service. If we need to change or add additional third parties, we will always update our Privacy Notice accordingly. We will only disclose your information to other parties in the following limited circumstances

  • where we are legally obliged to do so, e.g. to law enforcement and regulatory authorities
  • where there is a duty to disclose in the public interest
  • where disclosure is necessary to protect our interest e.g. to prevent or detect crime and fraud
  • where you give us permission to do so e.g. by providing consent within our website or via an online application or consent form

How long will we keep your personal information

We will only retain information for as long as is necessary to deliver the service safely and securely. We may need to retain some records to maintain compliance with other applicable legislation – for example finance, taxation, fraud and money laundering law requires certain records to be retained for an extended duration, in some cases for up to seven years.

Changes to our Privacy Notice

This policy will be reviewed regularly and updated versions will be posted on our websites.

What to do if you’re not happy

In the first instance, please talk to us directly so we can resolve any problem or query.
You also have the right to contact the Information Commissions Office (ICO) if you have any questions about Data Protection, or if you would like to make a complaint. You can contact them using their help line 0303 123 113 or at www.ico.org.uk.

For broader advice and guidance please contact the data protection regulator:

The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 01625-545700
Fax: 01625 524510