Privacy notice
Who we are
We are Zen Educate Limited (Zen), trading as Zen Educate, based at 9th Floor 107 Cheapside, London, United Kingdom, EC2V 6DN.
In the UK we are registered with the ICO under number ZA243765.
Our role
In the most part, Zen acts as a Data Controller with regards to the user data we collect for the purposes of providing Zen Educate services. If you’re based in the US, Zen Educate Limited is a joint controller with Zen Educate US for this data.
Being a Controller means that we are trusted to look after and deal with your personal information in accordance with data protection law. We determine the ways and means of processing your data and must therefore be accountable for it.
However, in some cases we may also act as a Data Processor where our client (a school) is the Controller. That means when we process personal data, we are doing so purely on the instruction of the Controller. This is the case where we offer Software Services to schools.
This privacy notice refers only to the personal data Zen processes as a Controller of personal data in its UK operations. If you are a Zen Educate US customer, please refer to the privacy notice on the US website.
Your rights
You have rights in respect of our processing of your personal data. The relevant rights are:
Right of access: You can request access to a copy of the personal data which we hold about you, as well as details about why and how we use it;
Right to rectification: You can ask us to change or complete any personal data we hold about you which is inaccurate or incomplete;
Right to be forgotten/erasure: You have a right, under certain circumstances, to ask us to delete any personal data we hold about you. Please note that there may be situations where we must retain your personal data after a request for erasure where we have a lawful basis for doing so;
Right of restriction: You can ask us to restrict (i.e. prevent) the processing of your personal data where you have objected to our use of it and we have no lawful basis to continue processing your personal data;
Right of data portability: In certain circumstances, you can ask us to transfer the data we hold about you to another service. This would be sent in a structured, commonly used, electronic form;
Right to object: You can object to us using your personal data for particular purposes; and
Automated decision making: You have a right not to be subjected to automated decision making and profiling in certain circumstances.
If you want to exercise any of these rights, please contact us:
Email address: dpo@zeneducate.com
Postal address: Zen Educate Limited, 9th Floor 107 Cheapside, London, United Kingdom, EC2V 6DN.
You also have the right to lodge a complaint about our processing with a supervisory authority; in the UK that is the ICO whose details are here:
https://ico.org.uk/make-a-complaint/
Zen Locum
Zen Locum is no longer trading. Any data that we were processing and are required to keep for regulatory purposes will be held by Zen for 7 years. Any data requests can be sent to the address above.
Data sharing and transfers
We have a number of processors such as cloud service providers who act on our behalf. We have Data Processing Agreements in place with all of these processors to ensure that your data is processed in compliance with the law and only upon our instruction. We never sell your data.
Transfers of your data outside the UK or EEA
When we work with external service providers, or group companies outside the UK or EU, we only transfer data if the destination country or organisation is considered by the UK/EU to have sufficient data protection safeguards in place. If not, we take steps to ensure your data's safety, and rely on the EU Standard Contractual Clauses (SCCs), or the UK International Data Transfer Agreement (IDTA) to enable us to legally transfer the data. We also conduct transfer impact assessments when required.
Automated decision making
We do not use your personal data in any automated processes to make decisions about you.
Technical and operational security
We will take all reasonable steps to protect your personal information and prevent unauthorised access, alteration or destruction of personal information in our possession. All areas of our premises that hold personal data are protected by secure physical access controls. Data stored in electronic form is secured using industry-standard cloud service providers and security configurations are reviewed regularly. Computing devices used to access personal information are centrally managed to ensure access controls, encryption, antivirus and system security are maintained. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.
What happens if our business changes hands?
We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, depending on the lawful basis, be permitted to use that data only for the same purposes for which it was originally collected by us.
In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes.
Changes to our privacy notice
We may change this Privacy Policy from time to time (for example, if the law changes). We recommend that you check this page regularly to keep up-to-date.
If we make any material changes to the manner in which we process and use your personal data, we will contact you to let you know about the change.
Contact us
If you have any questions about this privacy notice or our privacy practices, please contact our DPO in the following ways:
Email address: dpo@zeneducate.com
Tell me more…
To see more about how we use your personal data, read the notice or notices below which apply best to your relationship with us:
Note: We may also process your personal data for legal reasons if we are obliged to provide it to a regulatory authority or to respond to a Data Subject Request. If you are not the requester, we will redact your data from Data Subject Request responses unless you agree to provide it. The lawful basis for this processing is Legal Obligation and the timeframe for the data to be kept will depend on the nature of the data involved.
Zen Organisational user: School
Data that we hold and how we use it
If you represent a school who uses Zen to fill positions, as a client of Zen Educate, we hold the following data on you:
Contact details (name, email, phone number, organisation address, job title, organisation you work for)
Log-in details of users (name, username, role, system access level)
User signed T&Cs
User activity logs
Details of feedback left
Records of our interactions with you and contents of messages exchanged. When we record telephone calls we also hold the information you supplied during the call.
We use this data to:
Provide authorised access to the Zen product/service
Send invoices and manage billing accounts
Enable organisations and candidates to benefit from feedback
Enable records of users’ activities in the system (e.g. a change of payment method)
Manage the client / user relationship and provide customer support.
We use your contact details to deliver and analyse our marketing activities such as online advertising and telephone marketing, and to provide webinars. We track your interactions with our marketing.
We use recorded calls to:
Provide staff training
Enable performance management that ensures better customer service
Investigate customer queries and resolve disputes related to payments, AWR, Safeguarding or other issues related to the delivery of our service
We will have received this information from you directly, unless your details were added in the system by a system administrator at your organisation with your knowledge.
Lawful basis for processing
Our lawful basis for processing your data is:
Contract – when using billing details to invoice you, manage our relationship, and deliver access to our system / service.
Legitimate Interest – when providing customer support and when recording calls for training and performance purposes, for improving our product and service, marketing activities, and resolving client queries and disputes.
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you OR by contacting us at any time.
Retention Periods
We will retain your data for the length of our relationship plus 7 years in case of any dispute. If you opt out of marketing, then we will move you to a suppression list so that can respect your preference in the future.
Potential Zen Organisational user: School
Data that we hold and how we use it
If you are not yet using Zen to find staff for your School, we hold the following data about you in order to send you information we believe will be of interest to you and to nurture the relationship: name, email, phone number, school address, job title, organisation you work for, whether you have attended our in-person or webinar events, records from our interactions with you and contents of messages exchanged.
Your contact details may have been sourced directly from you e.g. via a website form, meeting you at an event, or it may have come from a publicly available list or a purchased list of relevant contacts. If your data came to us from a public source or a third party then, when we contact you, we will let you know where the data came from, and you will be able to opt out of marketing.
We hold correspondence that is generated in the course of our business development with you. When we record telephone calls for training purposes, we also hold the information you supplied during the call.
We use your data to deliver and analyse our marketing activities such as online advertising and telephone marketing, and to provide webinars. We track your interactions with our marketing.
Lawful basis for processing
Our lawful basis for processing your data is our Legitimate Interest for business development.
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you OR by contacting us at any time.
We abide by the Privacy and Electronic Communications Regulations (PECR). That means that as your email address belongs to a corporate entity, we are able to email you without your consent. However, we give you the chance to opt out of all marketing on anything that we send you. We only share details of our own goods and services in our marketing. If your data was not sourced directly from you, then we contact you once we have the data to let you know that we have your data and give you the chance to opt out. Our legitimate interest balancing test indicates that this is a legitimate purpose: you would not be surprised to hear from us based on the nature of your job role, and our processing does not cause any harm or risk to you as a data subject.
Retention Periods
We retain your data for the length of time we think you may be interested in our services.
Recordings are held for 12 months unless we need to hold them longer in case of any dispute.
If you opt out of marketing, then we will move you to a suppression list so that can respect your preference in the future.
Teacher registering with us
Data that we hold and how we use it
If you are a Teacher looking for work, then we hold the following data about you.
Type of Personal Data
Purpose
Lawful basis
Source of data
Your agreement to the T&Cs.
Name, Role type, Level of experience, Email, Post code, Mobile number, Password.
To set up your account
Performance of a Contract
Directly from you
Your address, Jobs and schools geographically nearby.
Working preferences (e.g. locations, shift patterns).
Jobs / roles / specialisms you’ve indicated you’re interested in.
Zen profile information you provide, and your CV. Pronouns. Emergency contact details.
Internally created scores to help us understand how suitable you would be for a role.
To show you relevant opportunities and to further populate your profile.
Performance of a Contract
Directly from you
A record of the work you’ve accepted and requested through Zen.
Summary of interactions with schools via the app.
Your call / SMS interactions with us in the last 48 hours.
To help you manage your opportunities
Performance of a Contract
Directly from you
If you work in schools, compliance documentation includes: DBS check results, references, identify check, right to work (RTW) check evidence, Interview notes and scores, qualifications.
If you work in pharmacies/opticians, compliance information includes: your registration number (for applicable roles) and may include DBS check results, references, identify check, right to work (RTW) check evidence, Interview notes and scores, qualifications.
To meet client or regulatory requirements for ensuring candidates have the right approvals for the role.
Legal Obligation
Directly from you
Your notification and marketing preferences.
There may be feedback from organisations you have completed bookings with or from Zen.
SMS history including contents of the messages sent / received (e.g. highlighting job opportunities).
Records of your Zen system user activity.
Records of our interactions with you and contents of messages exchanged.
To manage our relationship with you / your account with us.
Legitimate interest
Directly from you
When we record telephone calls for training purposes, we also hold the information you supplied during the call.
Provide staff training
Enable performance management that ensures better customer service
Investigate customer queries and resolve disputes related to payments, AWR, Safeguarding or other issues related to the delivery of our service
Legitimate interest
Directly from you
NI number, pay rates, pay method, address, Zen system record information.
To enable you to be paid
Performance of a contract
Directly from you
Data sharing
After you’ve registered: We use an Employer of Record to manage your payments, so we securely share some information with them to ensure you are paid for your work.
When we use third party providers to complete right-to-work checks, identity checks and DBS checks, either you will provide your information to them directly or we may securely provide some information to enable those checks.
Retention Periods
We will keep your details in line with our regulatory requirements to in line with Keeping Children Safe in Education statutory guidance and other laws.
If you opt out of marketing, then we will move you to a suppression list so that can respect your preference in the future.
Suppliers to Zen
Data that we hold and how we use it
As a supplier or contractor to Zen we hold the following data on you:
Contact details (name, email, phone, address, organisation)
Billing / bank details
Contracts / agreements between us
Details of work agreed and undertaken, dates of work
Correspondence generated in the course of our interactions with you.
When we record telephone calls for training purposes, we also hold the information you supplied during the call.
We use this data:
To manage our relationship and account with you
To ensure your invoices are paid.
We use recorded calls to:
Provide staff training
Enable performance management that ensures better customer service
Investigate customer queries and resolve disputes related to payments, AWR, Safeguarding or other issues related to the delivery of our service
We will have received this information from you directly.
Lawful basis for processing
Our lawful basis for processing your data is for the performance of a Contract.
Retention Periods
We will keep your details for the length of our relationship plus 7 years.
Job applicant at Zen
Data that we hold and how we use it
If you apply to work at Zen we will hold the following data on you:
Your name, contact details, CV information, interview screening answers, interview notes and test results, role details, and correspondence relating to a potential contract with us.
Information in a draft contract, including proposed role, location and salary details.
Information about your visa sponsorship requirements, if applicable.
We use this data to help us identify and recruit the best suitable candidates for our roles, and to draft a contract for successful candidates.
We will have received this information directly from you or generated it in the course of the recruitment process. If you have been referred as a potential job candidate by a member of our staff, we will have received your CV and contact details with your agreement.
If you are successful in gaining employment with Zen Educate then you will fall under the employee privacy notice going forward; please refer to the employee handbook.
Lawful basis for processing
Our lawful basis for processing your data is Contract; we use the data to recruit appropriate candidates for roles, with a view to entering into an employment contract.
Retention Periods
If you are not successful in securing a role, then we will keep your details on our database for a period of 12 months unless you consent to us holding it longer.
Employee at Zen
If you are an employee of Zen then please refer to the employee privacy notice in the employee handbook.
National Tutoring Program
Data that we hold and how we use it
If your child was part of the National Tutoring Program during covid, we hold the following information about them:
Pupil data such as a pupil’s name, age or date of birth and year group
Special Educational Needs status
Pupil’s eligibility for Pupil Premium
Pupil’s attendance record and pupil progress and attainment
We receive this data from your child’s school. We use it so that the Tutor can record who attended the sessions, and pseudonymised data is used to assess the effectiveness of the program.
