We recognize that users of our website have the right to be informed about what happens to the information they provide when they make use of the system. We also recognize that organisations procuring the use of this site has a duty to protect the privacy of information provided by their employees or students when they make use of the Website. This privacy notice outlines the obligations and requirements of AKD Solutions in relation to the provision of Services in the use of this website. By using this research platform, users agree to the terms and conditions outlined in this notice.
1 Definition
For this privacy notice, the following words and expressions shall have the following meanings: Privacy Notice This privacy notice.
Data Controller The legal person or any other body which alone or jointly with others determines the purposes and means of the processing of Personal Data. For this privacy notice, the Data Controller is the business or organisation making use of the Service provided
Data Processor The natural or legal person, authority, agency or any other body which processes Personal Data on behalf of the Data Controller and in accordance with the terms of this privacy notice. For this privacy notice the
Data Processors is AKD Solutions Ltd
Data Protection Legislation All applicable legislation and regulations relating to the protection of the fundamental rights and freedom of natural persons and, their right to privacy with respect to the processing of Personal Data applicable in the country in which the Data Controller is established.
Data Processing Systems All the software, hardware and systems used by the Data Processor to process the Personal Data and to fulfil its obligations under this privacy notice.
Data Subject Any person who uses the website.
Data Protection Authority The authority responsible for the enforcement of the applicable Data Protection Legislation
Customer The business, organization or group that has procured the services of the Data Processor
Consent “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”
Personal Data Any information relating to a Data Subject.
Processing Includes both automatic processing and manual processing, provided that in respect of manual processing the manual data is organized in a relevant filing system (as defined under the Data Protection Legislation) and “Processed” shall be construed accordingly.
E-Privacy Regulations All applicable laws, rules and regulations regarding the sending of unsolicited electronic commercial messages.
Services The provision of the Learning platform product by the Data Processor, which records individual student scores.
2 Services and Personal Data
2.1 This is a web-based platform for the purpose of collecting users data for research.
2.2 Users will upload their stories relating to experiences involving race. Users can upload their stories, via video, written content or audio files.
2.3 Users will be required to complete a questionnaire in which they will share personal data, including special categories of data. This data is saved on the hosting platform.
2.4 The Personal Data will be used for the personal of collection, analysis and compilation of a report. User data will be anonymised in the compilation of the reports for the research.
2.14 AKD Solutions operates an archiving system to retain user data for a period of no more than 1 year during the provision of the Service and for no more than 1 year after termination of the Service.
2.15 AKD Solutions will use aggregated de-identified user data for the development, promotion and improvement of its Services.
2.16 User data stored within the platform is and will remain the property of the user.
2.17 AKD Solutions will act as the Data Controller of the Personal Data.
2.18 Individuals can request a copy of all data relating to them stored within the Learning platform. This request should be made to AKD Solutions. The platform provides the ability to generate data for an individual in a .csv format opened in popular spreadsheet software and text editors.
2.19 Individuals can request that data held about them, within the platform, is rectified. This request should be made to the Data Controller. The platform provides the administrator with the ability to rectify data for an individual.
2.20 Individuals can request that all data relating to them, within the platform, is permanently deleted. This request should be made to the Data Controller. The Learning platform provides the administrator with the ability to permanently delete all data for an individual held by the Data Controller.
2.21 Where the Data Controller has obtained valid consent for the processing of Personal Data via this platform, Individuals can withdraw their Consent. Requests to withdraw Consent should be made to the Data Controller.
2.22 Individuals that have a Learning platform account have the right to complain to the Information Commissioner’s Office if they believe there is a problem with the way their data is being handled.
3 Obligations of the Data Processor (AKD Solutions)
3.1 The Data Processor agrees and warrants that it will:
(a) only process the Personal Data in accordance with the terms and conditions set out in this privacy notice and in accordance with any further written instructions from the Data Controller;
(b) unless otherwise agreed in writing, only process the Personal Data to the extent and in such manner as is necessary for the provision of the Services or as is required by law or any regulatory body;
(c) keep the processed data strictly confidential and ensure that each of its employees, agents and/or permitted subcontractors engaged in processing the Personal Data will be informed of the confidential nature of the Personal Data;
(d) only process Personal Data based on Consent properly obtained by the Data Controller or where it is necessary for legitimate interests pursued by the Data Controller, the obligations of the Data Controller to comply with the 6th data protection principle and to demonstrate compliance with all the data protection principles.
(e) implement appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. Such measures shall be appropriate to the harm that might result from unauthorised or unlawful processing or accidental loss, destruction or damage to Personal Data and to the nature of Personal Data to be protected;
(f) promptly notify the Data Controller if it receives a request from a Data Subject to have access to Personal Data or any other complaint or request relating to the Data Controller’s obligations under the Data Protection Legislation and provide full cooperation and assistance to the Data Controller at the Data Controller’s sole cost and expense in relation to any such complaint or request (including, without limitation, by allowing Data Subjects to have access to their Personal Data);
(g) comply with all reasonable requests or directions by the Data Controller to enable the Data Controller to verify and/or procure that the Data Processor is in full compliance with its obligations under this privacy notice;
(h) provide the Data Controller with full details of any complaint or allegation that the Data Controller is not complying with the Data Protection Legislation by a Data Subject or from the relevant Data Protection Authority;
(i) assist the Data Controller (at the cost of the Data Controller) in taking any action that the Data Controller reasonably deems appropriate to deal with such complaint or allegation pursuant to clause 3.1 (a).
3.2 Notwithstanding anything else in the privacy notice, the Data Processor shall not be in breach of the privacy notice to the extent that any such breach and/or failure to comply with the privacy notice is necessary to comply with the Data Protection Legislation and/or any rule, order or enforcement notice of a competent authority in respect of the Data Protection Legislation.
3.3 Upon the termination of the provision of the Service all Personal Data processed by Data Processor on behalf of the Data Controller and its copies will be retained by the Data Processor for a maximum of 1 year. After which the Data Processor will, destroy all Personal Data and certify the Data Controller that it did so or upon the request of the Data Controller, be immediately returned/provided to the Data Controller.
4 Obligations of the Data Controller
4.1 The Data Controller agrees and warrants that it shall:
(a) provide the Data Processor with clear, comprehensible and specific written instructions about the processing of Personal Data by the Data Processor for any activity required beyond that of the normal Services;
(b) provide the Data Processor with specific written instructions about the security and confidentiality of the Personal Data in accordance with applicable Data Protection Legislation for any activity required beyond that of the normal Services;
(c) inform the Data Processor of any legitimate inspection or audit of its Processing of Personal Data by any competent Data Protection Authority which relates to the Processing by the Data Processor;
(d) provide the Data Processor with prior notice of any intended inspection of the Processing of Personal Data under this privacy notice;
(e) inform the Data Processor immediately of any access request, request for correction or blocking of Personal Data or any objection made by a Data Subject related to the Processing of Personal Data by the Data Processor;
(f) comply with all relevant provisions of the Data Protection Legislation and Privacy Regulations, including but not limited to the following general obligations:
– the informing of Data Subjects regarding the processing of their Personal Data through a privacy statement or other appropriate means;
– the notification of the processing of Personal Data to the Data Protection Authority;
– the compliance with applicable Privacy Regulations regarding the sending of unsolicited messages, either electronically or by ordinary post.
5 Indemnity
5.1 The Data Controller shall indemnify the Data Processor against each claim, loss, liability and cost incurred by the Data Processor as a result of unlawful Data Processing by the Data Controller, the breach of any relevant legislation, including but not limited to relevant Data Protection Legislation and e -privacy Regulations or the breach of this privacy notice by the Data Controller or any of its employees, agents or sub-contractors.
5.2 The Data Controller shall inform the Data Processor immediately regarding any claim or any threat thereof that is made to the Data Processor in relation to this privacy notice.
5.3 The Data Processor shall indemnify the Data Controller against each claim, loss, liability and cost incurred by the Data Controller as a result of a material breach of the obligations of Data Processor under this privacy notice.
5.4 The Data Processor shall inform the Data Controller immediately regarding any claim or any threat thereof that is made to the Data Controller in relation to this privacy notice.