Data Protection Privacy Notice
This notice applies to your information provided to Aardman Animations Limited, specifically at the Aardman Academy (“Aardman Academy”, “we” or “us”), or because you have submitted some other enquiry in relation to the Aardman Academy.
The Aardman Academy is a “controller”, which means we control and are responsible for personal data we collect in connection with the Aardman Academy and for using that personal data in compliance with data protection laws. This notice sets out our views and practices regarding your personal information and how we treat it, and explains some of your rights under data protection law (specifically the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and any equivalent UK legislation).
DATA PROTECTION PRINCIPLES
We will comply with applicable data protection law and principles, which means that your data will be:
- used lawfully, fairly and in a transparent way;
- collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
- relevant to the purposes we have told you about and limited only to those purposes;
- accurate and kept up to date;
- kept only as long as necessary for the purposes we have told you about; and
- kept securely.
INFORMATION WE MAY COLLECT FROM YOU OR ABOUT YOU
We may collect the following information about you:
- your contact details
- information you have provided to us in your course application, including information about your skills and experience, education and training;
- any information you provide to us during email correspondence or in an interview;
- any information you provide as part of any testing we ask you to carry out as part of a course application;
- information you provide to us during your participation in a course or as part of a course assessment or project;
- any other information you wish to provide to us.
We may also receive more sensitive personal information about you, where you provide us with information about your personal circumstances relevant to your participation in a course, including your health.
HOW WE COLLECT YOUR INFORMATION
We collect your personal information from:
- you, in the course of your enquiry about us or during your application to us, during course delivery or your communicating with us;
- publically available data, where relevant to our operation of the Aardman Academy or management of your application;
- any referees or third parties who support your course application with a reference, financially or in other ways.
HOW WE USE YOUR INFORMATION
We will use the personal information we collect about you to:
- provide you with details about the Aardman Academy and our courses. Where we contact you about the Aardman Academy by email, we will give you the option to unsubscribe from our mailing lists;
- process your application for a course and assess your skills, qualifications, and suitability;
- administer your payment obligations in respect of a course, including obtaining a credit reference check (if applicable);
- deliver and administer courses to you;
- provide you with learning materials and access to information, software and online services relevant to course delivery. This includes online tools which we use for collaboration between you and other Aardman Academy students;
- publicise the Aardman Academy (although we will not identify you for such purposes without your approval and we will credit you as the author of any of your work which we make available);
- deal with and resolve complaints and issues relating to courses;
- keep records related to the Aardman Academy’s operations;
- comply with legal or regulatory requirements.
WHY WE USE YOUR INFORMATION
We make sure that our use of your personal information complies with the lawful reasons available to us. These are:
- to perform our contractual obligations to you to deliver a course;
- to comply with legal and regulatory obligations;
- our legitimate interests including publicising our courses, accepting and processing your application to us, managing and monitoring compliance with our policies applicable to the Aardman Academy, and ensuring the security of our courses and the information systems used to deliver them.
We use more sensitive information about you to ensure that you are able to participate in a course fully and to consider any issues relating to our policies regarding course operation and assessment.
SHARING YOUR INFORMATION
Our staff and colleagues involved in delivery of the Aardman Academy and our courses will access your information but we will not generally share your personal information with anyone else.
As part of a course you may have the opportunity to collaborate and interact with other Aardman Academy students and you will be taught using online collaborative learning spaces. We will only share your name with other students, but you may choose to share more information with them. All our students are required to use those spaces, and personal data about other students, in accordance with Aardman Academy policies.
If applicable, we may share your personal information with credit reference agencies in order to manage your application, assess your credit and for the purposes of fraud protection. We may provide your information to other members of our group of companies for the purposes described above, or with any person who buys the Aardman Academy business. Sometimes we will need to share your personal information with partners who provide IT and other services to us in relation to the Aardman Academy, or learning materials. They will only use your information under our control and on the terms of this notice. We might be required to disclose your data under a legal obligation.
DATA TRANSFER AND STORAGE
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area, which currently comprises the EU member states plus Norway, Iceland and Liechtenstein (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the provision of support services to us (or you) in relation to our interactions with you.
Where we transfer your personal data to another country outside the EEA, we will take all steps reasonably necessary to ensure that your personal data is treated securely and in a manner consistent with legal requirements and this notice. In relation to data transferred outside the EEA, for example, this may be done in one of the following ways:
- the country to which we send the data might be approved by the European Commission as offering an adequate level of protection for personal data;
- the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal data in accordance with standards of protection that apply within the EEA;
- where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme; or
- in other circumstances the law may otherwise permit us to transfer your personal data outside the EEA.
You can obtain more details of the protection given to your personal data when transferred outside the EEA by contacting us using the contact details provided below.
We have extensive controls in place to maintain the security of our information and information systems. Files are protected with safeguards according to the sensitivity of the relevant information, including hashing or data encryption where appropriate. Appropriate controls (such as restricted access) are placed on our computer systems. Physical access to areas where personal data is gathered, processed or stored is limited to authorised employees.
As a condition of employment, our employees are required to comply with all applicable laws and regulations, including in relation to data protection law. Unauthorised use or disclosure of confidential information (including personal data) by an employee of Aardman is prohibited and may result in disciplinary measures.
If you contact us about your information, you may be asked for some personal data for identification purposes. This type of safeguard is designed to ensure that only you, or someone authorised by you, has access to your information.
We use the internet to support delivery of our courses, and despite the safeguards set out in this notice, unfortunately the transmission of information by online or mobile means is not completely secure. We cannot guarantee the security of information transmitted in communications with us or during course delivery, and for that reason any transmission you make is at your own risk. We recommend that you use anti-virus, firewall and/or other security protections according to your own analysis of your security requirements. Once we have received your personal data, we will use the procedures and security features set out in this notice to try to prevent unauthorised access to, or loss or destruction of, your personal data.
HOW LONG WE KEEP YOUR PERSONAL INFORMATION
How long we will hold your personal data for will vary and will be determined by the following criteria:
- the purpose for which we are using it (as further described in this notice) – we will need to keep the data for as long as is necessary for that purpose; and
- legal obligations – laws or regulations may set a minimum period for which we have to keep your personal data.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION THAT WE ARE HOLDING
Where we collect, use or store your personal data under this notice, you may, depending on your circumstances, have the following rights:
- the right to obtain information regarding the processing of your personal data (including whether or not we are holding and/or processing your personal data, the extent of the personal data we are holding and the purposes and extent of the processing) and access to the personal data that we hold about you, if any;
- where we are relying on consent for a particular purpose, the right at any time to withdraw your consent to the processing of your personal data for such purpose;
- in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible – which is sometimes known as the right to “data portability”, and please note that: (a) this right only applies to personal data which you have provided directly to Aardman and which we are processing either on the basis of consent or because the processing is necessary in order for us to perform our contractual obligations to you and; (b) if you request the right to data portability and it is not available to you, we will let you know;
- the right to request that we rectify your personal information if it is inaccurate or incomplete;
- the right to request that we erase your personal data in certain circumstances – please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it, in which case we will let you know;
- the right to object to, or request that we restrict, our processing of your personal data in certain circumstances – again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but we are legally entitled to refuse that request and, if so, we will let you know;
- the right to object to decisions based solely on automated processing, including profiling, which produce legal effects or otherwise significantly affect you (for example, where a computer algorithm, rather than a person, makes decisions that affect your contractual or other rights) – please note that we do not currently carry out any such automated decision-making processes; and
- the right to lodge a complaint with the relevant data protection regulator if you think that any of your rights have been infringed by us.
The data protection regulator for the UK is the Information Commissioner’s Office (“ICO”). You can submit complaints through the ICO helpline by calling 0303 123 1113 and further information on reporting concerns is available at https://ico.org.uk/concerns/. To find out more about your legal rights, please see the ICO’s website (www.ico.org.uk).
You can exercise your rights above at any time by contacting us at Aardman Animations Limited, Gas Ferry Road, Bristol, BS1 6UN or [email protected], giving us enough information to identify you and to respond to your request.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). We may, however, charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in those circumstances.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we shall notify you and keep you updated.If you are not happy with the way we have collected and used your personal information then you also have the right to lodge a complaint with the ICO. Complaints can be submitted to the ICO through the ICO helpline by calling 0303 123 1113. Further information about reporting concerns to the ICO is available at https://ico.org.uk/concerns/.
Questions, comments and requests regarding this notice or the handling of your personal data are welcomed and should be addressed to:
If you are not satisfied with the response you receive, you may escalate concerns to the applicable privacy regulator in your jurisdiction, which for the UK is the ICO (see above for their contact details).
CHANGES TO THIS NOTICE
We may notify you by email of changes to this notice and our handling of your personal information.