YHJS Privacy Policy

YHJS Privacy Policy

Your privacy is important to us, which is why we only collect and use data in ways that are beneficial to you. This is set out in the Privacy Policy, shown below, which explains how we collect, use, disclose, transfer, and store all data you provide us.

Who Are We?

We are the Yorkshire and Humberside Japanese School, whose address is *YHJS TO COMPLETE*. We are a Japanese Supplementary School, and we own, operate and manage the website, www.yhjs.uk.

When Was Your Privacy Policy Created?

Our Privacy Policy was created on the 11th of July, 2022. Since its creation, there have been no amendments.

From time to time, we may need to make further amendments to our Privacy Policy. When we do so, we will log the changes above. You are therefore advised to check our Privacy Policy page from time to time. Any such changes will go into effect 30 days after the new terms have been posted.

What Data Do You Collect?

Like most websites, when you visit our website, we send some of your personal information to our analytics provider, in this case, Automattic. This is so that we can analyse your use of our website in order to continually improve your user experience. The information we send to our analytics provider includes your IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language and country code. None of your personal information is visible to us. We can only see the number of website views, the number of downloads, the number of video plays (if videos are hosted by WordPress.com), the outbound link clicks, the referring URLs, the search engine terms, and the country users are visiting from. If you do not want your visit to our site tracked, we honour the Do Not Track (DNT) feature that is now available in the majority of web browsers.

If you choose to send us a message using a contact form or an email, we will collect a copy of your name, email address, message and any other information you include about yourself or others within the message. This is so that we can respond to the message and undertake any actions required as a result of the message. We also send your IP address, user agent, referrer, name, username, email address, comment and our Site URL to Akismet. This is to aid spam detection.

If you choose to phone, voice message or text message us, we may collect your contact details including your name, phone number and postal address, along with any message or instruction that you provide us with. This is so that we can respond and undertake any actions required from your phone call or text message. 

If you choose to add a comment to any posts that we have published on our blog, we will collect a copy of your name, email address and comment. Furthermore, we will collect your IP address and browser user agent string. This is to aid spam detection. We also send your IP address, user agent, referrer, our Site URL, name, username, email address, and your comment to Akismet. This is again to aid spam detection. Finally, we may send an anonymised string created from your email address (also called a hash) to the Gravatar service to see if you are using it. If you are, a link to your profile image will be included in your comment.

If you choose to upload images to the website, we will store both the images and the embedded location data (EXIF GPS). We recommend removing all embedded location data (EXIF GPS) before uploading. Any images you upload will also be transferred to a remote QUIC.cloud server where they will be optimised for use on our website and then transferred back to us. QUIC.cloud keeps copies of the optimised images or CSS for 7 days (in case of network stability issues). Image previews, and URLs of recent image or CSS requests are available in the QUIC.cloud dashboard during the month in which they were requested and then are permanently deleted. Image previews, and URLs of recent image are also available in the QUIC.cloud dashboard during the month in which they were transferred.

For users that register on our website, we also store the personal information they provide in their user profile. Website administrators can also see and edit this information.

If you request a password reset, your IP address will be included in the reset email.

If you choose to enrol with us, we will collect *YHJS TO COMPLETE*.

If you visit suspicious URLs on our website, your IP address will be added to our security log. This is to check for malicious activity and to protect the site from specific kinds of attacks.

If you attempt to log in to our website, your IP address, the username you entered and the number of logins you attempted will be added to our security log. This is to check for malicious activity and to protect the site from specific kinds of attacks. Your IP address will also be shared with ithemes.com. This is to protect against distributed brute force attacks.

If you log in to our website, your IP address, usedID and username will be added to our security log. This is again to check for malicious activity and to protect the site from specific kinds of attacks.

Please rest assured, we will never send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the UK Data Protection Act 1988 (DPA), the EU Data Protection Directive 1995 (DPD), the EU General Data Protection Regulation 2018 (GDPR) and the Australian Privacy Act 1988 (APA).

Who Has Access To My Data?

Our school has a parent head of school, parent secretary, parent treasurer and parent web managers. Depending on what data you provide us, one or all of the above people may have access to your data. The parent head of school, parent secretary and parent treasurer have access to your message data, contact details and enrolment data. Web managers will have access to your analytics data, message data, comment data, image data, WordPress user data and security log data. Please also note that the parent performing each of these roles changes on an annual basis.

How Long Do You Store My Data?

Depending on what data you provide us with depends on how long we keep it.

For anonymous analytics data, we will hold it for a period of 50 months or until it no longer serves any purpose, at which point it will be deleted. Unfortunately, we are unable to delete any data related to a specific user because the data is anonymous.

For message and phone data, we will hold the data indefinitely for our records, unless, and where possible, you request that we remove data pertaining to you.

For your Skype IDs, Google Hangouts IDs and/or Facetime IDs, we will hold these for the duration of your lessons with us, after which they will be deleted.

For comments data, we will hold this as long as it remains published on this website, after which, we will delete it. In most instances, comments can be removed on request, however, this is not always the case. Please refer to our Terms of Use for more details.

How Do You Store My Data?

All data related to your interactions with this website are stored with Google Analytics, a third party data processor. All data accessible to us will be anonymised and will not include any personally identifying information. Please be aware, Google Analytics also records your computer’s IP address which could be used to personally identify you but Google does not grant us access to this.

If you choose to send us a message using the contact form or an email link, the data will be collated into an email and sent to us via Simple Mail Transfer Protocol (SMTP). A copy of the email will then be stored on our web server, on our email server, some local computers and our backup server. Your contact details may also be added to our contact server.

If you choose to phone us your contact details might be added to our contact server and our backup server. Furthermore, we might add your message to our file server.

If you choose to contact us using an app such as Viber or WhatsApp your data might be added to our contact server and our contact backup server. Furthermore, any messages you send will be stored in the respective app.

If you choose to leave a comment, your data will be stored within a database on our web server and a backup will be stored on our file server. Only your name will be shown on the public-facing website, although, if the supplied email address is linked to a Gravatar account, your Gravatar photo will also be displayed.

Finally, if you choose to undertake lessons with us, your name, phone number and email address will be added to our contact server, our contact backup server and Wave, our cloud accounting software. Furthermore, your Skype IDs, Google Hangouts IDs and Facetime IDs will be stored in the respective app and in our contacts and backup contacts server.

Who Provides Your Servers?

Google provides our web, file, email and contact server. Spanning Cloud Apps provide our backup server. Please be aware, this means some of your data may be transferred and stored outside of the European Economic Area. You are deemed to accept and agree to your data being stored in this manner by using our website and submitting information to us.

Do You Share My Data?

We may, from time to time, share the anonymised data that we collect with third parties such as prospective investors, affiliates and partners. Furthermore, in certain circumstances, we may be legally required to share some of your data held by us. Examples of this include court orders and government requests. Please be aware, in such circumstances, we will not require any further consent to share your data with the parties involved.

How Do You Secure My Data?

Data security is of great importance to us, and to protect your data, we have put in place a variety of measures to safeguard the data we collect from you. This includes the following:

– Only keeping your data for as long as we need to and for as long as we have your permission to keep it.

– Password protecting all data that we hold about you.

– Passcode protecting all mobiles devices.

– Password protecting all computers and laptops.

– Using two-step authentication on all mobile devices, computers and laptops.

– Using two-step authentication to protect our website, web server, file server, email server and contact server.

– Adding the facility to remotely erase all content on a device in the event of a theft as soon as the device connects to the internet.

– Encrypting all data stored on our local devices, file server, contact server and backup server.

– Ensuring all data transferred between our server and your web browser is encrypted.

– Ensuring all emails are encrypted before being sent across the internet.

– Securing our website using established and highly reputable security software.

– Undertaking daily scans of our site to ensure no malware is present.

Please be aware, like on most websites, the data stored on our web server is currently in an identifiable fashion, a limitation of the content management system that this website is built on. In the future, we aim to change the storage of this data to a pseudonymous fashion meaning that the data would require additional processing using a separately stored ‘key’ before it could be used to identify an individual. Pseudonymisation is a recent requirement of the GDPR which many web application developers are currently working to fully implement. We are committed to keeping it as a high priority and will implement it on this website as soon as we are able to.

If you would like more information about the measures that we take to protect your data, please feel free to ask for a copy of our ‘Data Protection Policy’ by sending a message to alexa@french-coach.online.

Why Do You Use Third Parties?

We use some third parties because they are able to perform the services that we require more effectively and more securely than ourselves.

Are the Third Parties You Use Safe?

All of the third parties that we use have been carefully chosen and all of them, with the exception of Wave, are based in the USA and are EU-U.S Privacy Shield compliant. The reason Wave is not EU-U.S Privacy Shield compliant is because it is based in Canada. If you would like more details about our third parties security arrangements, you can review their privacy policies by clicking the links below.

Google Analytics Privacy Policy

Gravatar’s Privacy Policy

Spanning’s Privacy Policy

Wave’s Privacy Policy

Please be aware, Wave is not yet fully GDPR compliant, however, they are working towards compliance and anticipate achieving this in the future.

Where we send your data

Suggested text: Visitor comments may be checked through an automated spam detection service. MISSING CATCHPA. We collect information about visitors who comment on Sites that use our Akismet anti-spam service. The information we collect depends on how the User sets up Akismet for the Site, but typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Can I See the Data That You Hold About Me?

You are welcome to request a copy of the personal data we hold about you. Please simply send me a request at alexa@french-coach.online.

Can You Remove the Data That You Hold About Me?

If you would like any of the data that we hold about you removed, please send me a message at alexa@french-coach.online. Where ever possible, I will then delete the data from our servers.

Please note, we are unable to delete information from our backups because this is technically too difficult to accomplish. However, we keep a log of deletion requests so we can re-run any deletion requests in the event of needing to restore a backup.

Can I Withhold My Data?

You can access our website without providing any data at all. You can do this by not completing any of the online forms and enabling the Do Not Track (DNT) feature that is now available most of web browsers.

Do You Comply with Legislation Outside of the EU?

Our compliance with EU legislation, which is very stringent in nature, means that this website is likely to be compliant with the data protection and user privacy legislation set out by most other countries and territories. If you are unsure about whether this website is compliant with your own country of residences’ specific data protection and user privacy legislation, please send us a message at alexa@french-coach.online.

What Happens If You Have a Security Breach?

We will report any unlawful data breach of this website’s data or the data held at any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner could have been stolen.

Who Is Your Data Protection Officer?

All public authorities and any organisation that processes personal data on a significant scale must appoint a Data Protection Officer responsible for monitoring internal compliance of the GDPR regulations within the organisation. While we do not process personal data on a significant scale, we have still opted to appoint a Data Protection Officer to further secure the data that you provide us. Our data protection officer is David James-Arnold, the founder and managing director of SUPER RADICAL LTD.

What Happens if I Want to Make a Complaint?

If you believe we are using your data unlawfully, or not protecting your data sufficiently, you can make a complaint to any of the supervisory authorities established to uphold information rights. Please click the link below for a list of the supervisory authorities within the EU.

EU Supervisory Authorities

Furthermore, please click the following link for UK’s supervisory authority.

Information Commissioner’s Office (ICO)

Do You Have Any Other Terms or Policies?

Use of this website is also governed by a Cookie Policy and a set of Terms of Use. Please ensure you read both these documents carefully and ensure that you understand them as, by using this website, you are deemed to accept them both.

What Happens if Your Business Changes Hands?

In the future, we may expand or reduce SUPER RADICAL LTD, and this may involve the sale or the transfer of some or all parts. If this happens, we will contact you in advance, informing you of the changes that are going to take place. Relevant data provided by you will then be transferred to the new owner who will be legally bound to continue using your data under the terms of this Privacy Policy.

Where Can I Get Further Information?

If you have any questions about this Privacy Policy or our website in general, please contact me by email at alexa@french-coach.online, by telephone on +44 (0) 1904 466 020, or by post at SUPER RADICAL LTD, 15 Alma Grove, York, North Yorkshire, YO10 4DH, United Kingdom.