ISEB Privacy Policy

scroll to discover

Introduction

The Independent Schools Examination Board (ISEB) administers Britain’s oldest exam, the Common Entrance (CE) for UK independent and international schools. It also produces a range of qualifications (including the Common Pre-Tests and iPQ: the ISEB Project Qualification), assessment, training and resources to support pupils, teachers, parents and pupils.

ISEB is a data controller, registered with the UK Information Commissioner’s Office (ZA078200).

Where personal data is provided directly to ISEB through use of the website, the exam booking portal, by email or by registering for ISEB events, or other means where ISEB is determining the way in which that personal data is processed for its own use, then ISEB will be a data controller of such information.

ISEB is firmly committed to complying with privacy and data protection laws and being transparent about how we process personal data and will to the best of its ability comply with the principles set out in this Privacy Policy.

Data Protection Principles

We have policies, procedures and training in place to ensure that everyone employed by ISEB understands their responsibilities to protect personal data, and ensure the security of our systems.

1

Lawfulness, fairness and transparency

We will use personal data in compliance with the law, and in a way that our customers and staff expect us to. We will also tell you what we do with that data.

2

Purpose limitation

We will not use data for any other reason than for which we have collected it.

3

Data minimisation

We will only collect the data we need, for the purpose it is collected for. Nothing more.

4

Accuracy

We will ensure the personal details in our records are kept accurate and up to date.

5

Storage limitation

We will only keep personal data for as long as we need it. After which time it will be securely and permanently destroyed.

6

Integrity and confidentiality (security)

We will ensure that all personal data is protected but accessible when required.

6

Accountability

We will ensure that we have appropriate measures in place and keep records to demonstrate how we achieve data protection compliance.

How we collect and use personal information

We may collect personal data via post, email, or our website, from you and from third parties for a number of purposes.

ISEB will only use your personal data if we have a legal basis for doing so, and for the purposes for which it was collected.

We have set out below all the ways we use your personal data, and which of the legal bases we rely on to do so. We may process personal information where it is in our legitimate interests to do so and where we are confident that such processing will not infringe on your rights and freedoms. Where required, we will process personal information in order to comply with our legal obligations, to assist the prevention and detection of crime, and in order to assist the police and other competent authorities with investigations (including criminal and safeguarding investigations).

Purpose/ Activity Lawful basis for processing
To process an exam, event, take payment and contact you in relation to our service Performance of a contract
To inform you about changes to our service Performance of a contract/ legitimate interests
To respond to a query and manage the complaint process Consent/ legitimate interests
To perform credit checks Consent/ legitimate interests
To process your order from our online shop Performance of a contract
To send marketing messages to you (You can change your mind on how you receive marketing messages or you can stop receiving them at any time) Consent
To process special category information that we need to run events, courses, meetings and exams Consent
To improve our website and services to you Legitimate interests
To administer our own discussion forums for product development Consent
Market research We may use your anonymised information to identify trends and to design market research Legitimate interests
We may share your information with relevant agencies, law enforcement and other third parties for the purpose of preventing or detecting crime, or where it is the public interest Legitimate interests/ legal obligation/ public interest

What we collect

  • What information does ISEB collect?

    The information that we collect may include:

    – Contact details such as name, address, email address and phone numbers

    – Your relationship to a candidate

    – Credit or debit card details and any purchases you have made

    – Date of birth, gender and title

    – Any access or Special Educational Needs (SEN) requirements for your exams and medical reports where relevant

    – School or organisation you belong to/work for

    – Name of parent or guardian

    – Nationality

    – Optional information about race and ethnicity for monitoring purposes

    – Recordings, meetings, telephone calls, webchat

    – Emails, letters

  • Information and young people

    We need to collect and use relevant information about young people so that they can enter exams and competitions, attend events, and sign up to some of our services. We consider a young person to be under 14 years old. If you are under 14 years old, please get your parent/guardian’s permission before you provide any personal information to us.

  • Does ISEB use cookies?

    As with many websites, we use cookies and log files to store information about how you interact with our website.

    A cookie is a piece of data stored on the user’s computer tied to information about the user. This enables us to create a profile which details your viewing preferences. We use this information to tailor your visit and to make navigation easier and the data you see more relevant to you.

    Aggregate information is collected from users. This information will includes users’ Internet Protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time of visit, number of clicks, error pages and number of unique visits. We use this information it to analyse visitor trends and use of our website.

  • Who does ISEB share information with?

    We may where it is necessary for the performance of our service, or legal duties, share your personal data to third parties such as schools, our bank in order to process a payment; our professional advisers where it is necessary to obtain their advice (such as legal advice); our IT support and data storage providers; printers; website administrator.

    Sometimes these third parties will share your information with us and we will use it in accordance with this Privacy Policy.

  • How are payments made?

    Payments in relation to exams are processed by BACS or Stripe.

    By completing the payment, you agree that these third parties may process your data in accordance with their Privacy Policies.

    In accordance with the Payment Card Industries Data Security Standard (PCI DSS), ISEB does not process, transmit or store credit card data.

  • How and when would data be transferred outside of the EEA?

    We may need to collect or send some personal information outside of the European Economic Area (EEA). If we transfer personal information to countries or jurisdictions which are not subject to an adequacy decision granted by the European Commission, we will take measures to comply with our legal obligations and all reasonable safeguards to ensure that your personal information is treated securely and in accordance with this Privacy Policy. For example, we may, depending on the specific circumstances enter into standard contractual clauses that have been approved by the European Commission.

  • European Union (EU) Representative

    ISEB is based in the UK and has no offices, branches or other establishments in the EEA.

  • Information security

    We take data protection and information security seriously and make every effort to protect our staff and customers’ information. ISEB has an ongoing programme of works to protect against cyber security threats and ensure that we are as resilient as possible.

    Exam entries are stored on the ISEB’s secure database, hosted and backed up in the UK. All online information is held purely for examination purposes.

    We use encryption to protect sensitive information online and we also do everything we can to protect user-information offline. Access by staff to personal information is restricted to only those people requiring access for their jobs. All employees are provided with a unique username and password in order to gain access to our systems.

  • What are my rights?

    If you no longer wish to receive communications about products and services from us, please contact marketing@iseb.co.uk. You can also unsubscribe at any time to emails that we may send to you about the products and services that we think will be of interest to you.

    You also have the right to:

    – Request a copy of the information we hold about

    – Ask us to change or correct your personal information if it is incomplete or inaccurate.

    – Ask us to restrict our processing of your personal data or to delete your personal data if there is no compelling reason for us to continue holding this information (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal).

    – Receive any information we hold in an accessible

    – Object to any of our particular processing activities where you feel this has a disproportionate impact on

    Contact us by submitting an enquiry, via the Common Entrance, Common Pre-Tests or iPQ Support Portal.

    We aim to respond within one month. Please note that we may be entitled to refuse requests where exceptions apply, for example if we have reason to believe that the personal data we hold is accurate or we can show our processing is necessary for a lawful or necessary purpose set out in this Privacy Policy.

  • How long does ISEB retain information?

    We will retain your personal information in accordance with our Data Retention Policy which follows the principle of retaining information for only as long as is necessary.

  • How can I make a complaint to the Information Commissioner's Office?

    If you are not satisfied with our response to any query you raise with us, or you believe we are processing your personal data in a way which is inconsistent with the law, you can complain to the Information Commissioner’s Office. Their helpline number is 0303 123 1113.

Contacting us

Our Data Protection Lead is Gary Peace, our Data Protection Officer. If you have any questions regarding our Privacy Policy, please contact us.

Email: DPO@iseb.co.uk

Post: Gary Peace, Data Protection Lead at the following address: Endeavour House, Crow Arch Lane, Ringwood, BH24 1HP, United Kingdom

 

This Privacy Policy may change from time to time.

GDPR DATA SUBJECT ACCESS REQUEST FORM

Data Subject’s Full Name(Required)
MM slash DD slash YYYY
Data Subject’s Current Address(Required)
To help us search for the information you require, please let us know the data you require with as much detail as possible (e.g. copies of emails between and ). If we do not receive sufficient information to locate the data you require, we may be unable to comply with your request.

Consent

The Data Subject (whose data is being requested) must confirm that they are the data subject or give authorisation for the information to be released to his/her authorised representative.
Is the information going to be sent to the data subject or his/her representative?(Required)
Authorisation(Required)
If the data is sent to the representative, then fill out the section below.
To be filled out by the Representative of the Data Subject
Name of the Authorised Representative
Where the personal data is to be sent

Proof of Identity

Max. file size: 1 GB.
Copy of a government issued ID document.
Max. file size: 1 GB.
Copy of a government issued ID document.
Max. file size: 1 GB.
For example a Birth Certificate.

Sign up to our newsletter