Privacy notice

We are Zen Educate Limited (Zen), trading as Zen Educate and Zen Locum, based at 9th Floor 107 Cheapside, London, United Kingdom, EC2V 6DN. In the UK we are registered with the ICO under number ZA243765.

In the most part, Zen acts as a Data Controller with regards to the user data we collect for the purposes of providing Zen Educate or Zen Locum services. If you’re based in the US, Zen Educate US is a joint controller for this data.

Being a Controller means that we are trusted to look after and deal with your personal information in accordance with data protection law. We determine the ways and means of processing your data and must therefore be accountable for it.

However, in some cases we may also act as a Data Processor where our client (a school) is the Controller. That means when we process personal data, we are doing so purely on the instruction of the Controller. This is the case where we offer Software Services to schools.

This privacy notice refers only to the personal data Zen processes as a Controller. If you are a Zen Educate US customer, please refer to the privacy notice on the US website.

You have rights in respect of our processing of your personal data. The relevant rights are:

• Right of access: You can request access to a copy of the personal data which we hold about you, as well as details about why and how we use it;
• Right to rectification: You can ask us to change or complete any personal data we hold about you which is inaccurate or incomplete;
• Right to be forgotten/erasure: You have a right, under certain circumstances, to ask us to delete any personal data we hold about you. Please note that there may be situations where we must retain your personal data after a request for erasure where we have a lawful basis for doing so;
• Right of restriction: You can ask us to restrict (i.e. prevent) the processing of your personal data where you have objected to our use of it and we have no lawful basis to continue processing your personal data;
• Right of data portability: In certain circumstances, you can ask us to transfer the data we hold about you to another service. This would be sent in a structured, commonly used, electronic form;
• Automated decision making: You have a right not to be subjected to automated decision making and profiling in certain circumstances.

If you want to exercise any of these rights, please contact us:
Email address: dpo@zeneducate.com

Postal address: Zen Educate Limited, 9th Floor 107 Cheapside, London, United Kingdom, EC2V 6DN.

You also have the right to lodge a complaint about our processing with a supervisory authority; in the UK that is the ICO whose details are here: https://ico.org.uk/make-a-complaint/

We have a number of processors such as cloud service providers who act on our behalf. We have Data Processing Agreements in place with all of these processors to ensure that your data is processed in compliance with the law and only upon our instruction. We never sell your data.

When we work with external service providers, or group companies outside the UK or EU, we only transfer data if the destination country or organisation is considered by the UK/EU to have sufficient data protection safeguards in place. If not, we take steps to ensure your data's safety, and rely on the EU Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement (IDTA) to enable us to legally transfer the data. We also conduct transfer impact assessments when required.

We do not use your personal data in any automated processes to make decisions about you.

We will take all reasonable steps to protect your personal information and prevent unauthorised access, alteration or destruction of personal information in our possession. All areas of our premises that hold personal data are protected by secure physical access controls. Data stored in electronic form is secured using industry-standard cloud service providers and security configurations are reviewed regularly. Computing devices used to access personal information are centrally managed to ensure access controls, encryption, antivirus and system security are maintained. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.

We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, depending on the lawful basis, be permitted to use that data only for the same purposes for which it was originally collected by us.

In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes.

We may change this privacy notice from time to time (for example, if the law changes). We recommend that you check this page regularly to keep up-to-date.

If we make any material changes to the manner in which we process and use your personal data, we will contact you to let you know about the change.

If you have any questions about this privacy notice or our privacy practices, please contact our DPO in the following ways:

Email address: dpo@zeneducate.com

To see more about how we use your personal data, read the notice or notices below which apply best to your relationship with us:

• I am a School or Pharmacy/Optician looking for staff
• I want to start using Zen as a School or Pharmacy/Optician to find staff
• I am a Teacher or Pharmacy/Optician employee/locum looking for work
• I am a Zen Supplier
• I want to work at Zen
• I already work at Zen
• My child was part of the National Tutoring Program during covid
• I am just browsing your website

Note: We may also process your personal data for legal reasons if we are obliged to provide it to a regulatory authority or to respond to a Data Subject Request. If you are not the requester, we will redact your data from Data Subject Request responses unless you agree to provide it. The lawful basis for this processing is Legal Obligation and the timeframe for the data to be kept will depend on the nature of the data involved.

If you represent a school or pharmacy or optician who uses Zen to fill positions, as a client of Zen Educate or Zen Locum, we hold the following data on you:

• Contact details (name, email, phone number, organisation address, job title, organisation you work for)
• Log-in details of users (name, username, role, system access level)
• User signed T&Cs
• User activity logs
• Details of feedback left
• Records of our interactions with you and contents of messages exchanged. When we record telephone calls for training purposes, we also hold the information you supplied during the call.

We use this data to:

• Provide authorised access to the Zen product/service
• Send invoices and manage billing accounts
• Enable organisations and candidates to benefit from feedback
• Enable records of users’ activities in the system (e.g. a change of payment method)
• Manage the client / user relationship and provide customer support.
• We use your contact details to deliver and analyse our marketing activities such as online advertising and telephone marketing, and to provide webinars. We track your interactions with our marketing.

We will have received this information from you directly, unless your details were added in the system by a system administrator at your organisation with your knowledge

Our lawful basis for processing your data is:

• Contract – when using billing details to invoice you, manage our relationship, and deliver access to our system / service.
• Legitimate Interest – when providing customer support and when recording calls for training purposes, for improving our product and service, marketing activities, and resolving client queries.

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you OR by contacting us at any time.

We will retain your data for the length of our relationship plus 7 years in case of any dispute. If you opt out of marketing, then we will move you to a suppression list so that can respect your preference in the future.

If you are not yet using Zen to find staff for your School or Pharmacy/Optician, we hold the following data about you in order to send you information we believe will be of interest to you and to nurture the relationship: name, email, phone number, school address, job title, organisation you work for, whether you have attended our in-person or webinar events, records from our interactions with you and contents of messages exchanged.

Your contact details may have been sourced directly from you e.g. via a website form, meeting you at an event, or it may have come from a publicly available list or a purchased list of relevant contacts. If your data came to us from a public source or a third party then, when we contact you, we will let you know where the data came from, and you will be able to opt out of marketing. We hold correspondence that is generated in the course of our business development with you. When we record telephone calls for training purposes, we also hold the information you supplied during the call.
We use your data to deliver and analyse our marketing activities such as online advertising and telephone marketing, and to provide webinars. We track your interactions with our marketing.

Our lawful basis for processing your data is our Legitimate Interest for business development. You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you OR by contacting us at any time.

We abide by the Privacy and Electronic Communications Regulations (PECR). That means that as your email address belongs to a corporate entity, we are able to email you without your consent. However, we give you the chance to opt out of all marketing on anything that we send you. We only share details of our own goods and services in our marketing. If your data was not sourced directly from you, then we contact you once we have the data to let you know that we have your data and give you the chance to opt out. Our legitimate interest balancing test indicates that this is a legitimate purpose: you would not be surprised to hear from us based on the nature of your job role, and our processing does not cause any harm or risk to you as a data subject.

We retain your data for the length of time we think you may be interested in our services.

Recordings are held for 12 months unless we need to hold them longer in case of any dispute.

If you opt out of marketing, then we will move you to a suppression list so that can respect your preference in the future.

If you are a Teacher or Pharmacy/Optician employee/locum looking for work, then we hold the following data about you.

After you’ve registered: We use an Employer of Record to manage your payments, so we securely share some information with them to ensure you are paid for your work.

When we use third party providers to complete right-to-work checks, identity checks and DBS checks, either you will provide your information to them directly or we may securely provide some information to enable those checks.

We will keep your details in line with our regulatory requirements to in line with Keeping Children Safe in Education statutory guidance and other laws.

If you opt out of marketing, then we will move you to a suppression list so that can respect your preference in the future.

As a supplier or contractor to Zen we hold the following data on you:

• Contact details (name, email, phone, address, organisation)
• Billing / bank details
• Contracts / agreements between us
• Details of work agreed and undertaken, dates of work
• Correspondence generated in the course of our interactions with you.

We use this data:

• To manage our relationship and account with you
• To ensure your invoices are paid.

We will have received this information from you directly.

Our lawful basis for processing your data is for the performance of a Contract.

We will keep your details for the length of our relationship plus 7 years.

If you apply to work at Zen we will hold the following data on you:

• Your name, contact details, CV information, interview screening answers, interview notes and test results, role details, and correspondence relating to a potential contract with us. 
• Information in a draft contract, including proposed role, location and salary details.
• Information about your visa sponsorship requirements, if applicable.

We use this data to help us identify and recruit the best suitable candidates for our roles, and to draft a contract for successful candidates.

We will have received this information directly from you or generated it in the course of the recruitment process. If you have been referred as a potential job candidate by a member of our staff, we will have received your CV and contact details with your agreement.

If you are successful in gaining employment with Zen Educate then you will fall under the employee privacy notice going forward; please refer to the employee handbook.

Our lawful basis for processing your data is Contract; we use the data to recruit appropriate candidates for roles, with a view to entering into an employment contract.

If you are not successful in securing a role, then we will keep your details on our database for a period of 12 months unless you consent to us holding it longer.

If you are an employee of Zen then please refer to the employee privacy notice in the employee handbook.

If your child was part of the National Tutoring Program during covid, we hold the following information about them:

• Pupil data such as a pupil’s name, age or date of birth and year group
• Special Educational Needs status
• Pupil’s eligibility for Pupil Premium
• Pupil’s attendance record and pupil progress and attainment

We receive this data from your child’s school. We use it so that the Tutor can record who attended the sessions, and pseudonymised data is used to assess the effectiveness of the program.

This data is shared with the UK Government, as per our obligations as a Tutoring provider.

The lawful basis for processing this data is public task.

The data is kept for 6 years after the end of the programme, in line with government requirements.

As a visitor to our website we hold the following information about you: data about use of the website, downloads, pages visited, IP address.

This information is sourced from your activity, using cookies, and we use it to understand and improve users’ experience on the website, and for intelligence, analytics and marketing purposes.

At times we experiment with the content on our site and may present different content or a different experience to different users. Cookies help us with this website personalisation by helping keep track of what content you should see.

We also use cookies to track campaigns from banner advertisements and opt-in emails. We may use third-party providers to help us determine which of our advertisements are most likely to be of interest to you. These providers may use behavioural information, such as how you navigate the internet, to provide relevant advertisements to you.

In some cases, we may also use tracking pixels from these companies. Tracking pixels may be used to send data about your visit to our website, such as which pages you viewed as well as if you followed a specific advertisement to visit our site. We use this information to understand, for example, the effectiveness of our advertising and marketing.

For more information about the cookies we use, please see our cookie banner.

Where we have adverts placed on third party websites, we may share data with those third parties about advert interactions.

Our lawful basis for processing your data is legitimate interest for cookies that are essential for the website to function correctly or for security purposes, and consent for non-essential cookies/trackers under cookie laws.