Delphi Tutors Ltd, a company registered in England and Wales (No. 12620241) herein referred to as “Delphi” or “we” have created this privacy statement (“Statement”) in order to demonstrate our firm commitment to the privacy of the details that you provide to us when using this website, as the data controller for the purposes of the GDPR (General Data Protection Regulations EU 2016/679) and related UK legislation.
1.0 THIS POLICY
This Policy explains our processing of your personal data and your rights according to EU General Data Protection Regulation and UK data protection legislation. We reserve the right to modify this Statement at any time without notice by posting the changes on this page.
2.1 WHAT INFORMATION IS COLLECTED?
a. Personal information you give us that is necessary for the use of the Delphi Site
Delphi processes personal data as a necessary part of entering into and performing our contract with you, which is governed by our Terms and Conditions. As part of the process of using the Site and the Services, we require you to give us certain Personal Information which we need to provide our Service. Without this information we may not be able to fulfil our contract with you. This information includes:
Account information: to enable us to create an account for you on the Site. Depending on whether you register as a parent, student, school pupil, or tutor, this information can include your name, email, telephone number, postal address, and date of birth.
Tutor application details: so we can process your application to become a tutor. These details include your educational background and qualifications, your tutoring subjects, your profile picture and video resume, your resume, the prices you charge, your availability and your gender.
Communication history: to enable communication with other users of the website and with the Delphi Tutors team, we store details about your communication history including user messages, requests you have made, and your interactions with the Delphi Tutors team (including call recordings).
Booking history: to facilitate tutorials including information on booking requests, status of bookings, booking subjects and levels, results of your set-up tests whilst using the lesson space and recordings of your bookings (bookings include tutor interviews, free meetings, lessons and written sessions.)
Promotions you redeemed: we record details of referral codes shared, redeemed and other promotions you interact with to be able to apply rewards to your account.
Identity verification information: when you apply as a tutor we ask for verification that you study at the university you claim to, have a valid ID card and a clean DBS check (if applicable). We also ask for information to demonstrate that you have the right to work in the UK.
b. Information we automatically collect from your use of the Delphi Site
We collect some information from all users of the Delphi site regardless of whether you are registered with us as a customer or tutor, to fulfil our contract with users and to enable our legitimate interests in providing the Delphi site and services.
Automatically tracked information includes: Cookie information, your IP address, details of the device you use to access the Site, the pages you visit and the actions taken, the times and dates of actions you take on our website, your interactions with our email, text and in-app messages, the source of your visit and/or previous webpage before visiting our Site, and your page response times.
Tutor capacity information: If you have a profile as a tutor on the Site we collect information on your on-site behaviour, capacity and interactions with other users to help show you the most relevant requests and show customers the most relevant tutors.
c. Financial information
We may require you to provide us with Financial Information to authorise or process payment and bill you or pay you for the Services. These details include for tutors: your nominated bank account, your invoices and your payment history, and for customers your payment history and payment card details.
When you book Tutoring Services via the Site (if you are a Client) or when you receive payment for delivering Tutoring Services via the Site (if you are a Tutor), we will pass your Financial or Personal Information to those third parties necessary to process your transactions with us, such as credit card companies and banks.
The legal basis under GDPR by which we are permitted to process this information in this way is that it is necessary for the performance of a contract to which you are a party, or to take steps prior to entering into a contract with you or where we need to comply with a legal obligation.
This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction. Except as provided above, we will not share Financial Information with third parties without your prior consent.
2.2 HOW IS THE INFORMATION USED?
The Site asks you to provide various types of Personal Information to enhance the quality of the Services we can provide to you and the more accurate the information you provide, the better we are able to respond to your requirements.
Any Personal Information that is held with Delphi shall be retained in accordance with the GDPR. Delphi is the data controller in respect of all of the Personal Information which Delphi collects and receives about you when you use the Delphi Services.
a. Data processing to provide and improve the Delphi Site and Services
We use your information primarily to fulfil our contract to provide you with the Services that you request, and related services (this includes providing this Site, website administration and security). We run the following processes to fulfil our contract with you:
Enabling you to access the Site and create an account
Enabling you to communicate with other users, and receive updates from Delphi about your account
Enabling bookings between customers and tutors
Providing support for customers and tutors
Providing photos and videos to create trust and enable better connections between users
We also use your information to support our legitimate interests in developing the Site and the Services. These processes include:
To aid the technical administration of the Site
To ensure quality of service
To better understand how the Site is functioning for Users to inform our product development
To draw conclusions upon demographic information
Preventing fraud, spam and abusive or inappropriate behaviour
Fulfilling our safeguarding and legal obligations
You acknowledge that your Personal Information may be used by Delphi to contact you by post, phone or by electronic mail when necessary in connection with the Services requested by you on the Site.
b. Data processing to provide, tailor and improve our marketing activities
We also use your information to support our legitimate interests in marketing our Site and the Services. These processes include:
Marketing activities to promote our services to registered users. These communications may be personalised to you and your interactions with the Site and can be delivered by email, social media advertising and other digital marketing channels
Notifying you about upcoming promotions, Referral Discount Codes, services or customer surveys
Undertaking impact reporting to understand the efficacy of our Services
Undertaking research to better understand our customers interests
Analysing your interactions to improve the efficiency of our marketing activities
c. Third party direct marketing
If you have given your consent when submitting your information on the Site for your Personal Information to be provided to specific categories of third parties (other than Delphi), or for Delphi to send you marketing communications relating to products and services from third parties, then we/they may contact you by post, telephone (which may be recorded for quality assurance purposes) or email with information or offers regarding their products and services.
Opting out: If you decide to withdraw your consent to receive communications from or regarding third party goods and services please follow the unsubscribe link in the email, or email email@example.com with the subject line “THIRD PARTY UNSUBSCRIBE REQUEST” or similar. Please note that our systems may take a little time to fully register your opt-out, so if you continue to receive emails in the forty-eight (48) hours after making changes, please accept our apologies and ignore them.
e. The legal grounds under GDPR for processing your personal data described above are as follows
It is necessary for the performance of a contract to which you are a party, or to take steps prior to entering into a contract with you, for us to provide you with our products and services. Where we require information from you for these purposes we have set out above which information it is necessary for us to process, without which we will be unable to provide you with our services.
It is necessary for the purposes of our legitimate interests, such as fraud prevention, child protection, maintaining quality of service, error detection and cybersecurity, except where our interests are overridden by the interests, rights or freedoms of affected individuals (such as you). To determine this, we shall consider a number of factors, such as what you were told at the time you provided your data, what your expectations are about the processing of the data, the nature of the data, and the impact of the processing on you. In order to protect children from harassment and abuse, we video record and store tutoring sessions.
You have given us explicit opt-in consent to the processing of your personal data for one or more specific purposes, namely where you have given us consent to receive electronic Direct Marketing by us and/or by third parties as described in this notice.
Where we need to comply with a legal obligation; or in rare circumstances:
Where we need to protect your interests (or someone else’s interests); and/or
Where it is needed in the public interest or for official purposes
3.0 WHO ELSE HAS ACCESS TO THIS INFORMATION?
a. Third party companies and service providers
We use a variety of third party companies to provide the services and we may need to pass some Personal Information to these third parties. If we pass Personal Information to third parties, we minimise as far as possible what Personal Information is shared. The categories of third party providers we share personal data with include:
Sponsors of tutorials
Communications platforms for email, text and in-app communications
Business operations tools
Identity verification tools
Surveys and research providers
Accounting and finance platforms
Customer support platforms
b. Disclosure of your personal information and financial information in compliance with laws
You should be aware that we may release your Personal Information or Financial Information when we believe it is necessary to comply with laws or regulations, to assist law enforcement, to enforce the terms under which you transacted with Delphi, or to protect the rights, property or safety of Delphi, Site Users or others.
c. Transfer of your personal information and financial information outside of the EEA
We may transfer personal data to entities outside of the EEA including in the United States, which countries may not have data protection laws as strict as those in the EEA. Where we transfer your information outside the EEA we will either undertake an assessment of the level of protection in light of the circumstances surrounding the transfer or:
Only transfer it to a non-EEA country with privacy laws that give the same protection as the EEA; or
Ensure we have an agreement in place with the recipient under which they are under a duty to protect your data to the same standards as those in place in the EEA; or
Transfer it to US organisations that are signed up to the EU-US Privacy Shield scheme; or
We will make sure that any transfers are not repetitive and only limited to the minimum amount of information possible. In certain circumstances we may need to seek your consent unless there is an overriding legal need to transfer the information; and
In all cases where your information is transferred outside the EEA, you have a right to contact us for information on the measures we have put in place.
d. Other sites/third party vendors and their privacy policies and cookie policies
This Site may contain links to other websites. Delphi is not responsible for the privacy practices or the content of such websites or for the privacy policies, cookie policies and practices of other third parties, and so you should be careful to read and understand those website policies independently.
4.0 HOW DO WE PROTECT YOUR INFORMATION?
The privacy and protection of your Personal Information is important to us. You acknowledge that email messages sent over the internet are not encrypted and are not secure. Despite efforts to protect your Personal Information, we cannot ensure or warrant the security of any information you transmit to us, or to or from our online Services. You accept that Delphi cannot be held liable for any breaches of confidentiality that may occur as a result of the use of email. If there is any sensitive or confidential information which you do not wish to communicate by email, please contact Delphi by telephone or post to arrange an alternative method of communication. You transmit all such information at your own risk. However, once we receive your transmission, we use our best efforts to ensure its security on our systems.
The Site has security measures in place to protect the loss, misuse and alteration of the information under our control. We use 128-bit industry standard Secure Server Software (SSL) for your transactions with us. It encrypts all your Personal Information, including credit card number, name, and address, so that it cannot be read as the information travels over the Internet.
5.0 COMPLAINTS OR QUERIES
Delphi tries to meet the highest standards when collecting and using Personal Information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This Statement does not provide exhaustive detail of all aspects of Delphi’s collection and use of Personal Information.
However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the UK data protection regulator, the Information Commissioner’s Office. Further details can be found at ico.org.uk or 0303 123 1113.
7.0 HOW LONG DO WE KEEP YOUR INFORMATION FOR?
We will retain your personal data for different periods depending on the service you have chosen to use us for, which may be a longer period than that for which we need to hold your data to provide those services, i.e. where we are under regulatory or statutory duties to hold your data for a longer period. Data will be held by us for the period necessary to meet the purposes for which we initially collected the information.
By default, we retain personal data for six years after you have last been active on the Site. This is to allow you to continue to use your Delphi account for the duration of the average lifecycle of an Delphi user.
After that period has passed, or after you request us to delete your data (whichever is earlier) we will delete your personal data except where we have specific reason which means we need to keep it for longer.
Records that you have shared publicly or have shared with another user, for example reviews you leave, messages you send and bookings you make, may remain on the Site after your personal information has been deleted but will no longer have identifying information which links them to you associated with them.
We may retain records where necessary to fulfil our regulatory or statutory duties.
8.0 ACCESS TO AND RECTIFIATION OF PERSONAL INFORMATION
Delphi tries to be as open as it can be in terms of giving people access to their Personal Information. Individuals can find out if we hold any Personal Information by making a “subject access request”, normally free of charge, under the data protection legislation. If we do hold information about you we will let you have a copy of that information unless a legal exception applies, in which case we will inform you of this at the time. You also have the right to request that information we hold about you which may be incorrect, incomplete, or which has been changed since you first told us, is updated or removed.
To make a request to exercise either of these rights, please either put the request in writing addressing it to the address provided below or email us your request to firstname.lastname@example.org with the subject line “Subject Access Request”.
9.0 MOVING YOUR PERSONAL INFORMATION
In the event that we process your data by automated means where you have either provided us with consent for us to use your information or where we used the information to perform a contract with you, you have the right to request that we send to you or to another organisation, an electronic copy of the personal data we hold about you in a structured, commonly used and machine-readable format, for example when you are dealing with a different service provider. If you would like us to provide you, move, copy, or transfer your information in this manner, please let us know by email to email@example.com. We will respond to you within one month after assessing whether or not this is possible, taking into account the technical compatibility with the other organisation in question.
10.0 DELETION OF YOUR PERSONAL INFORMATION
You can ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where you have withdrawn consent for us to process it (as explained below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
To request that we delete your personal data please send an email with the subject line “Personal data deletion” to firstname.lastname@example.org.
11.0 HOW CAN YOU WITHDRAW CONSENT TO OUR PROCESSING YOUR PERSONAL INFORMATION
You have the right at any time to withdraw any explicit consent you have given us to process your personal data. Please note if you withdraw your consent it will not affect the lawfulness of any processing of your personal data we have carried out before you withdrew your consent. Should you wish to do so you can change your consent preferences at any time. To withdraw your consent for us to send your Third-Party Promotions change your preferences on your account settings and/or by contacting us at email@example.com.
12.0 HOW CAN YOU RESTRICT OR OBJECT TO OUR PROCESSING YOUR PERSONAL INFORMATION
You can ask us to suspend the way in which we are using your information in certain scenarios, or object to our processing your data where we are relying on a legitimate interest ground (or those of a third party) and you feel it impacts on your fundamental rights and freedoms, or where we are processing your personal data for direct marketing purposes. In some cases where you object, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Please note that if you want us to restrict or stop processing your data this may impact on our ability to provide our services. Depending on the extent of your request we may be unable to continue providing you with our service.
Any queries or concerns about the way in which your data is being used can be sent to firstname.lastname@example.org
13.0 HOW TO CONTACT US AND REQUEST INFORMATION
We keep our Statement under regular review. This Statement was last updated on 21 May 2018.
Back to top