powered by twinkl

Privacy Policy

OneStep CPD

Privacy Policy

We ask that you read this Privacy Policy carefully as it contains important details about what personal data we collect and process when you use our services, including the choices we offer you to access, maintain and control it.

OneStep CPD is part of Twinkl Educational Publishing. OneStep CPD and Twinkl Educational Publishing are trading names of Twinkl Ltd. a company registered in England and Wales. Throughout this privacy policy, we refer to ourselves as Twinkl Ltd, Twinkl or we or us. We refer to you as you.

Your Account and Service Data

When you register for and use our services, or when you school registers for our service and enters your data on your behalf or sign up to our competitions or free giveaways, we will collect and process your personal data, supplied by you or your school, in order to be able to provide our services, competitions, giveaways, prizes and gifts to you.  Below is a table to inform you clearly of:

  • What personal data we may collect on registration;
  • The purposes for processing; and
  • The lawful basis for processing;
 
Data Collected | Purpose for Processing | Lawful Basis of Processing
First and Last Name  | To contact you about products, events, services, prizes, gifts and free giveaways Service personalisation and service improvement; Record keeping; Prevention of crime; Security | Contractual obligation and consent

Email address | To manage registration, perform account management and provide customer services; To identify you within our services and service usage; Administrative (i.e. financial, legal and regulatory compliance); To contact you about products, events, services, prizes, gifts and free giveaways; Security | Contractual obligation, legal obligation, consent and legitimate interest

Username | To manage registration, perform account management and provide customer services; To identify you within our services and service usage; Administrative (i.e. financial, legal and regulatory compliance); Security | Contractual obligation, legal obligation and legitimate interest

Password | Security | Contractual obligation, legal obligation and legitimate interest 

Country | To manage registration, perform account management and provide customer services; Administrative (i.e. financial, legal and regulatory compliance); To provide service personalisation and service improvement | Contractual obligation, legal obligation and legitimate interest

Occupation | To provide service personalisation and service improvement | Contractual obligation

Experience of teaching | To provide service personalisation and service improvement | Contractual obligation

Name of School | Service personalisation and service improvement; Customer services; Security | Contractual obligation

Year group or subject taught | Service personalisation and service improvement | Contractual obligation

Evidence from classroom e.g. pictures, resources, class data samples | Service personalisation and service improvement | Contractual obligation

We may also collect additional personal data if you or your school supplies it to us or contact us. The consequences of not supplying this personal data may be that you cannot benefit from all of the services that you have signed up for, or that the services we provide to you will not be as customised, effective or secure. Below is a table to inform you clearly of:

  • What personal data we may collect;
  • The purposes for processing; and
  • The lawful basis for processing.

Data Collected | Processing Purpose | Lawful Basis of Processing
Full Address | Provide a delivery service for goods purchased, prizes won and free gifts; Record keeping & prevention of crime; Service personalisation and service improvement; Security; To contact you about products, events and services | Contractual obligation and consent

Phone number | Customer services; Security; To contact you about products, events and services | Consent

Gender | Service personalisation and service improvement; Security | Consent

Date of Birth | Service personalisation and service improvement; Customer services; Security | Consent

Profile Information | Service personalisation and service improvement; Customer services; Security | Consent

County | Service personalisation and service improvement; Customer services; Security | Consent

Enquiry and Correspondence Data | Customer services; Account management; To offer, market and promote products, events and services | Legitimate interests

Publishing Data (i.e. your posts and comments on our website)  | To enable the publication of comments, reviews and posts on our website | Consent

Transactional Data (i.e. your payments) | To process information on your purchases; To provide good administration; Business reporting | Contractual obligation and legitimate interest

Where legitimate interest is the lawful basis of processing your personal data, the legitimate interests we are pursuing are as follows: -

  • Providing you any products or services you have requested;
  • Analysing your use and measuring the effectiveness of our services to better understand how they are being used so we can improve them and engage and retain users;
  • Sending you information about our products, events and services, special offers and similar information (where your consent is not required);
  • To enable and support our recruitment of employees and sub-contractors;
  • Analysing your use of our services and interaction with our communications, to tailor and customize our services and marketing communications;
  • Diagnosing problems in our services;
  • Conducting surveys and market research about our customers, their interests, the effectiveness of our marketing campaigns, and customer satisfaction (unless we need consent to undertake such surveys, in which case we will only do this with your permission);
  • Investigating and responding to any comments or complaints that you may send us; or
  • In connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of information in connection with legal process or litigation).

Where contractual and legal obligations are the lawful basis of processing your personal data, the consequence of failing to provide your personal data will be that we are unable to provide our service to you.

Your Service Usage Data

When you interact and make use of our services, we may capture and process usage data and may use this data to provide rewards and incentives either randomly or as part of a programme and we may publicly publish your success in achieving these rewards or incentives. This data is ultimately processed with the purpose of delivering reliable, secure and accurate services and to consistently enhance, improve and optimise your experience of using our services. We do not sell this data to third parties. Our legal basis for this processing is that of legitimate interest. Examples include: IP address; browser type and version; operating system used; website speed, website navigation paths and actions; and patterns of service use.

Sharing Your Personal Data

We will disclose your personal data to our employees to enable them to process your data.

Your personal data may also be disclosed to other companies in the Twinkl group, and to our agents, sub-contractors, data processors and suppliers (3rd parties) to enable them to process your personal data on our behalf.

When we supply any of your personal data to our agents, sub-contractors, data processors and suppliers (3rd parties), we protect your personal data by ensuring reasonable contractual arrangements are in place that stipulate compliance with this Privacy Policy.

Marketing and Product Preferences

We may use account, service and usage data to provide you with information about our products and services. Our purpose is to provide you with a service to help meet your needs. Our lawful basis for processing this data is consent. You are free to withdraw your consent at any time. The consequences might be however, that we cannot offer you certain things, such as offers, promotions or product alerts, which may be beneficial to you.

You may change your preferences or opt-out at any time by either accessing ‘Your Contact Preferences’ within your OneStep CPD account or by unsubscribing from Twinkl marketing emails by using the 'unsubscribe' link at the end of the email received. Please note that as a OneStep CPD user or subscriber you are unable to unsubscribe from customer service emails (such as service updates) as these are required to provide our service to you and the lawful basis of processing is contractual or legitimate interests depending on the circumstances.

If you have signed up for a competition or free gift without being a service subscriber, you may opt-out at any time by using the unsubscribe link at the end of the email received. 

Our Use Of Cookies and Stored Device Data

A cookie is a small text file that is downloaded onto a computer or smartphone when the user accesses a website. It allows the website to store and retrieve information about how the device is using the website.

The One Step CPD website uses cookies and stored device data for the following purposes:

  • to ensure the correct technical functionality of the services we provide and optimise global performance - for example, to help you find the most relevant content and get that content to you quickly and accurately;
  • to maintain website security, prevent website abuse and ensure legislative/regulatory compliance - for example, to prevent cyber-attacks;
  • to compile, and enrich, internal business data regarding website traffic and activity - for example, to help us to understand our most popular website pages, visit sources and time-of-day traffic;
  • to advertise our services to you across our website and on 3rd party websites - for example, to market and remarket our products and services to you using Google Adwords when using Google Search; or
  • to help to improve our services to you and better meet your future needs - for example, to understand your needs and preferences so as to improve your website experience.
 
If at any point you wish to withdraw consent for the use of cookies you can clear these from your browser by clearing your website history and configure your browser to block cookies. Some of our website features may not function correctly and/or you may not receive the best website experience if you disable/do not consent to the use of cookies. You can control cookies relating to Google Adwords here:

Remarket link = https://support.google.com/adwords/answer/1752338   

Adword link = https://adssettings.google.com/authenticated  

We use Adwords re-marketing to attract you back to our website with content that may be of interest to you. To do this we advertise using Google search and Google recommended websites. Google uses cookies to track your activity and show you adverts that may be of interest to you and they use this data to show you relevant messages. You are able to opt out of Google using cookies by visiting Google's Ads Settings or third-party vendors.

We use the reCAPTCHA v3 service provided by Google Inc. (Google). This service checks if you are a person in order to prevent spam and abuse of our website. The service places a cookie on your computer that communicates information such as how many mouse clicks you have made, what other Google cookies you have on your computer and the language your browser is set to verify that you are a person, not a robot. Your use of reCAPTCHA v3 is subject to Google's Privacy Policy and Terms of Use. 

How We Protect Your Personal Data

We have put in place a number of security procedures and technical organisational measures to safeguard your personal data. These measures are reviewed regularly and updated when necessary in order for us to meet business needs and in accordance with changes in technology and regulatory requirements.

Examples of procedures and technical and organisational measures:

  • We train and take steps to ensure our employees operate in accordance with our information security policies, procedures and applicable contractual conditions;
  • We have measures in place to protect against accidental loss and unauthorised access, use, destruction or disclosure of data. Some examples are: staff screening, encryption and hashing; firewalling and content filtering; virus/malware scanning and protection; vulnerability scanning; multi-factor authentication; pseudonymization; logging, monitoring, inventory and auditing; secure design; privacy impact assessments, physical security controls; system authentication/role-based access control, high availability configuration and regular backups; and
  • We have a business continuity and disaster recovery strategy that is designed to safeguard the continuity of Twinkl’s service and to protect you and your data.

We will use all reasonable efforts to safeguard your personal data. However, you should be aware that the use of the Internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data which is transferred from you or to you via the Internet.

Overseas Transfers

The personal data you provide may be transferred to countries outside the European Economic Area ('EEA') that do not have similar protections in place regarding your data and restrictions on its use as set out in this Privacy Policy. However, transfers outside of the EEA will be protected by us imposing appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission to ensure the security of your data or via, independent privacy schemes approved by regulators (like the US ‘Privacy Shield Scheme).

The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein. By submitting your data, you consent to these transfers for the purposes specified above.

Your Rights Under Applicable Data Protection Law

Your rights in respect to how we process your personal data are set out in the table below. Please note that some of these rights only apply in certain circumstances.

Your rights  | Information Commissioner’s Office (ICO) Guidance
The right to be informed about the collection and use of your personal data. | https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-be-informed/
The right to have inaccurate personal data rectified or completed if it is incomplete. | https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-rectification/
The right to have your personal data erased in certain circumstances. | https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/
The right to object to the processing of personal data in certain circumstances. | https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-object/
The right to request the restriction or suppression of your personal data | https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-restrict-processing/
The right to access your personal data. | https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-of-access/
The right to obtain and reuse your personal data for your own purpose across different services. | https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-data-portability/
The right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner’s Office. | https://ico.org.uk/for-the-public/raising-concerns/ 

We respect and value your right to access and control your data. You can exercise your rights, subject to appropriate identity verification procedures, in the following ways:

  • By amending your data or consent within your account area;
  • By contacting our CPD Specialists using support@onestepcpd.com; or
  • By sending a letter to The Data Protection Officer, Twinkl Global HQ, Wards Exchange, 195-199 Ecclesall Road, Sheffield, S11 8HW, United Kingdom.

We take your rights seriously and want you to feel confident that we are handling your personal data responsibly and in line with good practice. You can seek further information, or raise a concern to us using any of the following ways:

  • By contacting our CPD Specialists using support@onestepcpd.com; or
  • By sending a letter to The Data Protection Officer, Twinkl Global HQ, Wards Exchange, 195-199 Ecclesall Road, Sheffield, S11 8HW, United Kingdom.

Data Retention

We retain personal data for as long as we reasonably require it for legal or business purposes. When determining data retention periods, we take into consideration applicable laws, contractual obligations and the expectations and requirements of our customers. When we no longer need personal data, we securely delete or destroy it.

If you have signed up for competitions and/or free giveaways and are not registered for and use our services, data will be retained for 30 days after the prizes or giveaways have been dispatched unless you have consented to being contacted for more information on OneStep CPD services or for receiving marketing emails. 

Sale Of Business

If Twinkl Ltd. is sold or integrated with another business your personal data may be disclosed to our advisers, or any prospective purchasers and their advisers, and will be passed on to the new owners of the business.

Your Consent

By using or interacting with our service, or by signing up to competitions and free giveaways, you are consenting to:

  • the use of cookies and other technologies;
  • the transfer of your data outside of the country where you live;
  • the transfer of your data outside of the European Economic Area; and
  • the collection, use, sharing, and other processing of your information as described in this Privacy Policy.

In each case, you consent to the processing of data by Twinkl Ltd., as data controller. If you don't agree with the terms of this Privacy Policy, then please don't use our service.

Where the lawful basis of processing your data is consent, you have the right to withdraw your consent at any time. To withdraw your consent, please contact our Data Protection Officer using the details below.

Identify and Contact Details of the Data Controller and Data Protection Officer

OneStep CPD is a trading name of Twinkl Ltd. Twinkl Ltd. of Wards Exchange, 195-199 Ecclesall Road, Sheffield, S11 8HW is the Data Controller. You can contact the Data Controller using a variety of methods found here: https://www.twinkl.co.uk/contact-us. Our Data Protection Officer can be contacted at the address of the Data Controller or by email at dpo@twinkl.co.uk.

Changes to this Policy

We keep this policy under regular review. If we change the content of our Privacy Policy we will post the changes on this page.


OneStep CPD is a trading name of Twinkl Ltd. Twinkl Ltd. is a company registered in England and Wales with company number 07201458 at Wards Exchange, 197 Ecclesall Road, Sheffield, England, S11 8HW