Website Privacy Policy

Welcome to the London School of Innovation (LSI). We are committed to safeguarding your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you interact with our website and services. By using our website, you consent to our practices described in this policy. For processing activities that require explicit consent (such as marketing and non-essential cookies), we will obtain your consent separately through appropriate mechanisms.

• Institution Name: London School of Innovation (LSI)
• Registration Number: 11942630
• Address: 6 Sutton Park Road, Sutton, Greater London, United Kingdom, SM1 2GD
• Data Controller: London School of Innovation (LSI)
• Data Protection Officer (DPO): Director of Technology
• Contact Information:
• Email: privacy@lsi-ac.uk
• Phone: +44 (0)203 507 0033

A. Technical Data:

• IP Address: Identifies your device and location. We use IP addresses to enhance security and to ensure that our website functions properly.
• Device Information: Details about the device you use, including hardware and software. This helps us ensure compatibility and optimise the website’s performance for different devices.
• Referral Data: Information about how you found our website. This assists us in understanding and improving our marketing strategies.
• Pages Visited: URLs of pages you visit on our site. We use this data to track user interests and to improve the content we offer.
• Time Spent: Duration of your visit on specific pages. This helps us gauge the effectiveness of our content and user engagement.
• Clickstream Data: Your interactions with our website, such as links clicked and navigational paths. This data helps us enhance user experience by improving website navigation.
• Form Submissions: Data entered into forms on our site. We use this information to process your requests and provide the services you need.
• Search Queries: Terms you search for on our website. This helps us understand user needs and improve our content and search functionality.
• Content Downloads: Files or content you download from our site. This helps us monitor the popularity of our content and improve our offerings.
• Cookies and Tracking Technologies: Used to enhance your browsing experience and track your preferences. Cookies are used in accordance with the Privacy and Electronic Communications Regulations (PECR), and we inform you about their use through our Cookie Policy.
• JavaScript and Page Errors: Errors encountered during your visit to improve website performance. This helps us fix bugs and enhance the functionality of our website.

B. Personal Data:

• Contact Details: Your name, email address, phone number, and other contact information may be collected. We collect this information to communicate with you and provide the services you request. Legal basis: Consent and contractual necessity.
• Use Surveys: Feedback provided through surveys and questionnaires. This helps us understand user satisfaction and improve our services. Legal basis: Consent.
• Registration Data: Information, in particular, provided during registration for events or services. This allows us to manage your participation and provide relevant information. Legal basis: Contractual necessity.
• Login Attempts: Details of attempts to access secure areas of our website. This is used to maintain security and prevent unauthorised access. Legal basis: Legitimate interest.
• Security Logs: Records of activities to monitor for security purposes. This helps us detect and respond to potential security threats. Legal basis: Legitimate interest.
• Geolocation: Information about your location for personalisation and service improvements. We use this data to offer location-specific content and services. Legal basis: Consent.
• Consent Tracking: Records of your consent for data processing activities. We keep track of your consent to comply with GDPR requirements and to manage your preferences. Legal basis: Legal obligation.

We use your personal data for various purposes, including:

A. Providing Services:

• Prospective Students: To provide information on courses and programmes and facilitate requests for information. This may be necessary to fulfil our contractual obligations and to provide information you have requested. Legal basis: Contractual necessity.
• General Visitors and Researchers: To provide information about research activities, events, and community outreach. This helps us engage with our community and provide relevant updates. Legal basis: Legitimate interest.

B. Improving Our Website:

• All Users: To analyse website performance and user behaviour, helping us enhance your browsing experience, identify and fix technical issues, and improve website functionality. Legal basis: Legitimate interest.

C. Marketing and Communications:

• Prospective Students: To provide updates about new courses, events, and offerings that may be of interest. We rely on your consent or our legitimate interests to send marketing communications.
• General Visitors: To keep you informed about relevant activities and updates. Legal basis: Consent or legitimate interests.

Users can withdraw their consent at any time by following the unsubscribe instructions included in each marketing communication or by contacting us directly.

Cookies are small data files stored on your device to help us enhance your browsing experience. We use the following types of cookies:

A. Functional Cookies:

• User Log Cookies: To remember your login status and preferences. These cookies are essential for providing a seamless user experience.
• Preferred Language Settings Cookies: To set and remember your language preferences. This ensures the website is presented in your preferred language.
• Saved User Video Player Cookies: To retain video player settings. This allows you to continue watching videos from where you left off.

B. Analytical Cookies:

• Google Analytics Tracking Cookies: To collect data on how you use our website, helping us analyse performance and improve user experience. These cookies are used under our legitimate interests to monitor and enhance website performance. Consent will be obtained for these cookies.
• Google Analytics Tracking for User Engagement Cookies: To track user engagement metrics, such as time spent on pages. This helps us understand which content is most engaging. Consent will be obtained for these cookies.

C. Security Cookies:

• Bot Management and Security Cookies: To protect against malicious activity and ensure secure user sessions. These cookies are essential for maintaining the security of our website.
• Trusted Web Traffic Cookies: To ensure legitimate web traffic and prevent fraud. These cookies help us distinguish between genuine users and malicious traffic.
• Protection from Malicious Bots Cookies: To detect and block automated bots and harmful scripts. This is important for protecting our site from security threats.

D. Cookie Consent:

• Cookie Consent Preferences Cookies: To remember your choices regarding cookie usage on our site. We use these cookies to ensure we comply with your preferences and legal requirements.

You can manage your cookie preferences through your browser settings or via our cookie management tool, which allows you to opt-in or opt-out of non-essential cookies. For detailed information on how cookies are used, please refer to our Cookie Policy.

We collaborate with several third-party providers to offer various services. These include:

• Stripe: For secure payment processing, including handling credit card transactions and financial data. Stripe complies with the Payment Card Industry Data Security Standard (PCI DSS) to protect your financial information. Legal basis: Contractual necessity.
• Vimeo: For hosting and streaming video content on our site. Vimeo has its own privacy policies that govern how your data is handled. Legal basis: Legitimate interest.
• Google Analytics: For analysing website usage and performance. Google Analytics uses cookies and other tracking technologies, and its data handling practices are governed by its privacy policy. Legal basis: Consent.
• WordPress: For managing and maintaining our website content. WordPress provides technical support and ensures the platform's security. Legal basis: Legitimate interest.
• CookieYes: For managing user consent regarding cookies. CookieYes helps us comply with legal requirements for cookie consent. Legal basis: Legal obligation.
• Social Media Platforms: Facebook, Twitter, LinkedIn, Instagram for social media integration and marketing. These platforms have their own privacy policies and practices. Legal basis: Consent or legitimate interest.

These third parties may have their own privacy policies. We encourage you to review them to understand how they handle your data. If any of these services involve international data transfers, appropriate safeguards will be implemented, such as Standard Contractual Clauses or other measures compliant with UK GDPR.

We are committed to ensuring the security of your personal data through:

• TLS/SSL Encryption: To secure data transmitted between your browser and our servers. This encryption helps protect data during transmission, complying with GDPR's requirement for appropriate technical measures.
• Database Encryption: To protect data stored within our systems from unauthorised access. This ensures that data is stored securely and cannot be accessed without proper authorisation.
• Regular Security Audits: To identify and address vulnerabilities. Regular audits help us maintain the highest level of data security and compliance.
• Data Access Controls: To ensure that only authorised personnel have access to your data. This includes role-based access controls and monitoring to prevent unauthorised access.
• Staff Training: To ensure that all staff are aware of data protection principles and responsibilities. Regular training helps us maintain a culture of data protection compliance.
• Incident Response Plan: To handle data breaches or security incidents effectively. We have a process in place for identifying, containing, and responding to breaches in accordance with GDPR requirements, including notifying the ICO and affected individuals when required.

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by law:

• Financial Information: Retained for up to 6 years to comply with legal obligations, including accounting and tax purposes.
• Marketing Data: Retained until you withdraw your consent or unsubscribe. Users can opt-out of marketing communications at any time.
• User Feedback and Surveys: Retained for 2 years for research and service improvement purposes.
• Registration and Contact Data: Retained for up to 6 years following the end of the user relationship to comply with legal and regulatory obligations.
• Technical Data and Security Logs: Retained for 1 year for security, auditing, and troubleshooting purposes.
• Event Participation Data: Retained for up to 6 years for event management and compliance purposes.

Exceptions may apply to these retention periods, such as when we need to comply with a legal obligation, protect our legal rights, or fulfil contractual requirements.

As a data subject, you have the following rights under the UK GDPR:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request that we correct any inaccuracies in your personal data.
• Erasure: Request the deletion of your personal data, subject to legal and contractual limitations.
• Restriction of Processing: Request that we limit the processing of your data under certain conditions.
• Data Portability: Request to receive your personal data in a structured, commonly used, and machine-readable format, or to have it transferred directly to another data controller.
• Object to Processing: Object to the processing of your data based on our legitimate interests or for direct marketing purposes.
• Withdraw Consent: Withdraw your consent for processing activities at any time, where processing is based on consent.
• Complain to ICO: If you are not satisfied with our handling of your data, you can lodge a complaint with the Information Commissioner's Office (ICO) via their website: https://ico.org.uk/.

To exercise your rights, please contact us at privacy@lsi-ac.uk. We may require verification of your identity before processing your request.

We do not transfer personal data outside the European Economic Area (EEA) without appropriate safeguards. Where our third-party service providers may involve international data transfers, we will ensure that adequate protection is in place through mechanisms like Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or reliance on adequacy decisions by the European Commission.

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any changes will be posted on this page. We encourage you to review this policy periodically to stay informed about how we protect your data.

If you have any questions, comments, or concerns about this Privacy Policy or our data practices, please contact us:

• Email: privacy@lsi-ac.uk
• Phone: +44 (0)203 507 0033
• Address: London School of Innovation (LSI), 6 Sutton Park Road, Sutton, Greater London, United Kingdom, SM1 2GD