Privacy Policy

Step One Privacy Policy - Customers

Your privacy is very important to us.  We want you to be confident that the information you give us when using our site is safe and secure. Here we tell you how and why we collect your personal data It also explains your rights and choices when it comes to this information, as well as the steps we take to keep it secure and confidential.

If you are an educator wanting to know about how we keep our students’ data safe, please refer to our separate student private policy, also available online at step1.ac

Updated: 2 February 2021

1. What this Privacy Policy covers

This is the Privacy Policy for Step One Ltd, our related tools and Forum (the "Site").

Our Privacy Policy explains:

• the personal information we collect;
• how and why we collect and use your personal information;
• why we process your personal information;
• when and why we will disclose your personal information to third parties
• the rights and choices you have when it comes to your personal information
• the steps we take to ensure your information is kept secure and confidential
• how long we will hold your information for; and
• how to contact us.

2. Personal information we may collect and store

• Your personal details, possibly including without limitation your name, billing address, email address, bank details, purchase history
• We collect certain information in the form of cookies. We have a Cookie policy which is available on our website – please refer to this for more details

Unless we tell you otherwise, we do not collect and process any special categories of data.

3. How we collect your personal information:

We collect your information through your purchasing our services either independently, most likely as a parent/carer, or as an educator. We use the personal information you give us to enable your students to take our assessments and then to formulate and send them a personal guidance report that will help them to understand their strengths and skills and to make their best future educational or vocational decisions.

We may also collect your information via our website, when you sign up to receive some information or our newsletter.

4. How we use your personal information:

We use the personal information you give us to enable your students to take our assessments and then to formulate and send them a personal guidance report that will help them to understand their strengths and skills and to make their best future educational or vocational decisions.

If you have given us permission to do so, we may also use send you information about services that may be of interest.

We may also use data analytics to improve our website and keep the content relevant, and to inform our marketing strategy.

5. Legal basis

To provide our guidance services to you. Step One’s legal basis for processing your information is that of legitimate interests. You do not have to provide us with your personal information, but it would be difficult for us to provide your students with guidance if you didn’t.

Where we contact you for marketing purposes, it is because we have previously obtained your consent to do so. This may be withdrawn at any time.

6. Disclosure of your personal information to other organisations

We may share your personal information with third parties where required by law, where it is necessary to deliver our services to you, or where we have another lawful basis for doing so.

7. Data Security:

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees or agents who have a need to know: for example the guidance counsellor appointed to your school or student would need to see the student reports and be given your email address in order to liaise with you over interview logistics.

How long will Step One keep your personal information?

We will not keep your personal information for longer than is necessary. By law we have to keep basic information about our customers (including contact, identity, financial and transaction data) for six years after they cease being customers for legal and tax purposes.

8. How you can change permissions

Your privacy is of huge importance to us. All emails or other forms of communication directly from us to you will be timely and relevant to your use of our services. Other communications will include clear instructions on how to unsubscribe. Plus, if you don't want to be contacted by us you can email guidance@step1.ac

Section 9 below also sets out your other information rights.

9. Your information rights and responsibilities

9.1. You already have certain rights under existing data protection legislation, including a right to request a copy of the personal information we hold on you, if you request it in writing. From 25 May 2018 you have the following rights:

9.1.1. Right to correct: the right to have your personal information rectified if it is inaccurate or incomplete; this however is very unlikely as we only use information you have supplied directly to Step One.

9.1.2. Right to erase: the right to request that we delete or remove your personal information from our systems, where there is no good reason for us continuing to process it.

9.1.3. Right to restrict our use of your information: the right to 'block' us from using your personal information or limit the way in which we can use it.

9.1.4. Right to data portability: the right to request that we move, copy or transfer your personal information.

9.1.5. Right to object: the right to object to our use of your personal information including where we use it for our legitimate interests. If you raise an objection we will stop processing your personal information unless very exceptional circumstances apply, in which case we will let you know why we're continuing to process your personal information. Remember, we only use your personal information to deliver the guidance and advice you need

.9.1.6. Right to withdraw consent: In any circumstances where we have relied on your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.  This will not affect the lawfulness of any processing carried out before you withdrew your consent.

We will use reasonable efforts consistent with our legal duty to provide you with your rights in accordance with data protection legislation.

9.2. To make enquiries, exercise any of your rights set out in this Privacy Policy and/or make a complaint please email guidance@step1.ac or write to Step One, 46 Tallis Grove, London SE7 7LA .

9.3. If you're not satisfied with the way any complaint you make in relation to your personal information is handled by us then you may be able to refer your complaint to the relevant data protection regulator. In the UK, this is the Information Commissioner's Office.

10. Keeping your personal information secure – international transfers

Our company is based in the UK, so we store and process your personal information in accordance with the high standards required under data protection legislation.

The personal information we collect from you will only be transferred to and stored in countries outside of the European Economic Area ("EEA") or those countries not on the adequacy list, often called ‘third countries’, if you or your school are based in a third country. There will be appropriate safeguards, for example use of the European Commission’s Standard Contractual Clauses for data transfers between EU and non-EU countries.

11. How to contact us: Email: guidance@step1.ac or write to Step One Ltd 46 Tallis Grove, London SE7 7LA.

If you have any queries relating to our use of your personal information or any other related data protection questions, please contact us at guidance @step1.ac or write to us at Step One Ltd, 46 Tallis Grove, London SE7 7LA.

If you are based in the EU, we have appointed DataRep as our data representative in the European Union.

DataRep can be reached by email at datarequest@datarep.com quoting ‘Step One Limited’ in the subject line, or by contacting them online at www.datarep.com/data-request

You can also contact us by mailing DataRep’s office in your home country. Click here if you are based in the EU and would like to contact Step One’s European data protection representative by post.

DataRep is also our data representative in Switzerland. They can be contacted using the email or link above, and by post at: DataRep, Leutschenbachstrasse 95, ZURICH, 8050, Switzerland

12. Changes:

This updated policy is effective from 2 February 2021. We may, from time to time, make changes to this Privacy Policy to reflect any changes to our privacy practices in accordance with changes to legislation, best practice or Site enhancements. We will let you know what these changes are by posting them to this page. Where the changes are significant, we may also choose to email you with the new details and get your consent to make these changes where required by law

Step One Privacy Policy - Students

Your privacy is very important to us.  We want you to be confident that the information you give us when using our site or taking our programs is safe and secure.

In this Privacy Policy we'll explain how we use it. We'll also tell you how and why we collect your personal data that you or your school provides to us in relation to the education and careers assessment programs that we offer to students. It also explains your rights and choices when it comes to this information, as well as the steps we take to keep it secure and confidential.

Updated: 2 February 2021

1. What this Privacy Policy covers

This is the Privacy Policy for Step One Ltd, our related tools and Forum (the "Site").

Our Privacy Policy explains:

• the personal information we collect;
• how and why we collect and use your personal information;
• why we process your personal information;
• when and why we will disclose your personal information to your school
• the rights and choices you have when it comes to your personal information
• the steps we take to ensure your information is kept secure and confidential
• how long we will hold your information for; and
• how to contact us.

2. Personal information we collect

• Your personal details, possibly including without limitation your name, email address, date of birth, school year group or grade

Unless we tell you otherwise, we do not collect and process any special categories of data.

3. How we collect your personal information:

• When you participate in Step One’s assessment programs, you provide us with your email address so that Step One can enable you to complete your assessments and to access the resulting reports, within your own secure online account.

4. How we use your personal information:

We use the personal information you give us to enable you to take our assessments and then to formulate and send you a personal guidance report that will help you to understand your strengths and skills and to make your best future educational or vocational decisions.

5. Legal basis

Step One’s legal basis for processing your information is that the processing is necessary for our legitimate interests, i.e. to provide our guidance services to you. You do not have to provide us with your personal information, but it would be difficult for us to provide you with guidance if you didn’t.

6. Disclosure of your personal information to other organisations

We may share your personal information with third parties where required by law, where it is necessary to deliver our services to you, or where we have another lawful basis for doing so.

7. Data Security : We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees or agents who have a need to know: for example if you are having an interview, your Guidance Advisor would need to see your information.

How long will Step One keep your personal information?

We will not keep your personal information for longer than is necessary but, in case you want to access it again or for us to provide follow-up services to you at a later date, we will keep your personal information until you reach the age of 24. We may anonymise (make anonymous) the results of your assessment and keep indefinitely to aid research and analyse career and education trends.

If you prefer that we didn’t keep your information over this period of time, please let us know (see paragraph 12 below for contact details)

We will not disclose the results of your assessment program to your parent or guardian if you write to us and ask us not to (in which case, any such disclosure will be a matter for you to decide with your school)

8. How you can change permissions

Your privacy is of huge importance to us. All emails or other forms of communication directly from us to you will be timely and relevant to your use of our services. If you don't want to be contacted by us you can email guidance@step1.ac

Section 9 below also sets out your other information rights.

9. Your information rights and responsibilities

9.1. You already have certain rights under existing data protection legislation, including a right to request a copy of the personal information we hold on you, if you request it in writing. From 25 May 2018 you have the following rights:

9.1.1. Right to correct: the right to have your personal information rectified if it is inaccurate or incomplete; this however is very unlikely as we only use information you have supplied directly to Step One.

9.1.2. Right to erase: the right to request that we delete or remove your personal information from our systems, where there is no good reason for us continuing to process it.

9.1.3. Right to restrict our use of your information: the right to 'block' us from using your personal information or limit the way in which we can use it.

9.1.4. Right to data portability: the right to request that we move, copy or transfer your personal information

.9.1.5. Right to object: the right to object to our use of your personal information including where we use it for our legitimate interests. If you raise an objection we will stop processing your personal information unless very exceptional circumstances apply, in which case we will let you know why we're continuing to process your personal information. We only use your personal information to deliver the guidance and advice you have asked us to provide.

.9.1.6. Right to withdraw consent: In any circumstances where we have relied on your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.  This will not affect the lawfulness of any processing carried out before you withdrew your consent.

We will use reasonable efforts consistent with our legal duty to provide you with your rights in accordance with data protection legislation.

9.2. To make enquiries, exercise any of your rights set out in this Privacy Policy and/or make a complaint please email guidance@step1.ac or write to Step One, 46 Tallis Grove, London SE7 7LA (from 17 February 2021).

9.3. If you're not satisfied with the way any complaint you make in relation to your personal information is handled by us then you may be able to refer your complaint to the relevant data protection regulator. In the UK, this is the Information Commissioner's Office.

10.1. We use cookies (files which are sent by us to your computer or other access device) and tracking technology to help to improve the functionality and performance of our Site.

10.2. The information derived from our use of cookies will be aggregated to provide statistical information about the usage of our Site. However, we do not use any information derived from cookies, nor any IP addresses we collect, to identify any individual user of our Site.

10.3. Some third-party technology we use (eg, embedded videos, social sharing) also drop cookies to improve your experience on their sites.

10.4. For details on what cookies we use, information on how to stop them being stored or how to delete ones already stored, read our Cookie Policy.

10. Keeping your personal information secure – international transfers

Our company is based in the UK, so we store and process your personal information in accordance with the high standards required under data protection legislation.

The personal information we collect from you will only be transferred to and stored in countries outside of the European Economic Area ("EEA") or those countries not on the adequacy list, often called ‘third countries’, if you or your school are based in a third country. There will be appropriate safeguards, for example use of the European Commission’s Standard Contractual Clauses for data transfers between EU and non-EU countries.

11. How to contact us: Our Email: guidance@step1.ac or write to Step One Ltd 46 Tallis Grove, London SE7 7LA

If you have any queries relating to our use of your personal information or any other related data protection questions, please contact us at guidance @step1.ac or write to us at Step One Ltd, 46 Tallis Grove, London SE7 7LA.

If you are based in the EU, we have appointed DataRep as our data representative in the European Union.

DataRep can be reached by email at datarequest@datarep.com quoting ‘Step One Limited’ in the subject line, or by contacting them online at www.datarep.com/data-request

You can also contact us by mailing DataRep’s office in your home country. Click here if you are based in the EU and would like to contact Step One’s European data protection representative by post.

DataRep is also our data representative in Switzerland. They can be contacted using the email or link above, and by post at: DataRep, Leutschenbachstrasse 95, ZURICH, 8050, Switzerland

12. Changes: This updated policy is effective from 2 February 2021. We may, from time to time, make changes to this Privacy Policy to reflect any changes to our privacy practices in accordance with changes to legislation, best practice or Site enhancements. We will let you know what these changes are by posting them to this page. Where the changes are significant, we may also choose to email you with the new details and get your consent to make these changes where required by law.