The Fashion Retail Academy (“FRA”, “we”, “us”) is a training provider specialising in careers in fashion retail offering one year diploma courses and two year fast track Degree courses across a range of head office roles including Buying, Visual Merchandising, Marketing, Design, Digital, Merchandising and Retail Management.
The Fashion Retail Academy is a registered charity (no. 1119540) and company limited by guarantee (no. 5507547). The registered address is 15 Gresse street London W1T 1QL
This Policy contains important information about your personal rights to privacy. Please read it carefully to understand how we use your personal information.
The provision of your personal information to us is voluntary. However, without providing us with your personal information, your use of our services or your interaction with us may be impaired. For example, you would be unable to receive a prospectus or attend one of our open days.
How do we collect your personal information?
We collect your personal information:
For example, personal information that you give to us through our website by ordering a prospectus or signing up to attend an open day, or personal information that you give to us when you communicate with us by email, phone or letter.
Your personal information may be shared with us by third parties including, for example, our sub-contractors in technical services, analytics providers or search information providers. To the extent we have not done so already, we will notify you when we receive personal information about you from them and tell you how and why we intend to use that personal information.
Your personal information may be available to us from external publicly available sources. For example, depending on your privacy settings for social media services, we may access information from those accounts or services (for example when you choose to interact with us through platforms such as Facebook, Instagram or Twitter).
When you visit our website, we automatically collect the following types of personal information:
What personal information do we use?
We may collect, store and otherwise use the following kinds of personal information:
Do we process special categories of personal information?
The EU General Data Protection Regulation (“GDPR”) recognises certain categories of personal information as sensitive and therefore requiring more protection, for example information about your health, ethnicity and political opinions.
In certain situations, FRA may collect and/or use these special categories of personal information (for example, in case we need to know about any medical or access requirements so that you can attend an interview, one of our events or so accommodations can be made for you when you start studying with us). We will only use these special categories of personal information if we have both a lawful basis under Article 6 GDPR and can satisfy an exception under Article 9 GDPR (please see section 4 below).
How and why will we use your personal information?
Your personal information will be used for the purposes specified in this Policy. In particular, we may use your personal information:
The GDPR requires us to rely on one or more lawful bases to use your personal information. We consider the bases in Article 6 GDPR listed below to be relevant:
The GDPR allows us to collect and process your personal information if it is reasonably necessary to achieve our or others’ legitimate interests (as long as that processing is fair, balanced and does not unduly impact your rights).
In broad terms, our “legitimate interests” mean the interests of running FRA as a training provider specialising in careers in fashion retail and pursuing our charitable aims and ideals; for example administering training courses or connecting you with the right college for you.
When we process your personal information to achieve such legitimate interests, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
Where we process special categories of your personal information (please see section 2 above), in addition to relying on a lawful basis under Article 6 GDPR we also need to be able to satisfy one of the exceptions to the general prohibition on processing special categories of personal information under Article 9 GDPR. Usually, this will be where you have provided us your explicit consent or where the processing is necessary for reasons of “substantial public interest” (for example to ensure equality of opportunity, promote diversity, or prevent or detect unlawful acts).
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use your personal information to detect and reduce fraud and credit risk.
Communicating for marketing/promotion
We may use your contact details to provide you with information about our work, events, services and/or products which we consider may be of interest to you (for example, about courses you previously attended or expressed interest in).
Where we do this via email, SMS or telephone (where you are registered with the Telephone Preference Service), we will not do so without your prior consent (unless allowed to do so via applicable law).
When you have provided us with your consent previously, we will store your data in the system for 12 months and use it to contact you about our work. If you do not wish to be contacted by us about our work, events, services and/or products anymore, please let us know by email at firstname.lastname@example.org. You can also opt out of receiving emails from FRA at any time by clicking the “unsubscribe” link at the bottom of our emails. Your data may also be held and processed Blue Sparks Digital, NXT and Evorio all hosting is provided by Microsoft Azure within the GB/EU. If you are an applicant, we may share your data with Menzis Mailing to contact you about your application/interview.
Occasionally we share limited applicant data (first part of postcode only) with Experian to analyse which areas our applicants live in for the purpose of targeting our advertising campaigns.
Children’s personal information
When we process children’s personal information, where required we will not do so without their consent or, where required, the consent of a parent/guardian. We will always have in place appropriate safeguards to ensure that children’s personal information is handled with due care.
We are concerned to protect the privacy of children age 13 or under. If you are aged under 13, you must get your parent/guardian's permission beforehand whenever you provide us with personal information.
How long do we keep your personal information?
If you have applied to the FRA, in general, unless still required in connection with the purpose(s) for which it was collected and/or used or for legal or regulatory purposes, we remove your personal information from our records seven years after the date on which it was collected. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of erasure (please see section 11 below) we will remove it from our records at the relevant time.
Will we share your personal information?
We do not share, sell or rent your personal information to third parties
We will not share your information with third parties for marketing purposes.
However, we may disclose your personal information to selected third parties in order to achieve the purposes set out in this Policy. Those parties may include (but are not limited to):
In particular, we reserve the right to disclose your personal information to third parties:
Security/storage of and access to your personal information
FRA is committed to keeping your personal information safe and secure and we have appropriate and proportionate security policies and organisational and technical measures in place to help protect your information.
Your personal information is only accessible by appropriately trained staff, volunteers and contractors, and stored on secure servers with features enacted to prevent unauthorised access.
International transfers of your personal information
Given that we are a UK-based organisation, we will normally only transfer your personal information within the UK or European Economic Area (“EEA”), where all countries have the same level of data protection law under the GDPR.
However, because we sometimes use agencies and/or suppliers to process your personal information on our behalf, while we take reasonable due diligence measures or put such third parties under contractual obligations, we cannot always control where they store their personal information. It is therefore possible that personal information we collect from you will be transferred to and stored outside a location in the UK or EEA.
By opting in to marketing you are consenting to your data being transferred to Active Campaign or Survey Monkey depending on collection method, third party providers based in the US. Active Campaign and Survey Monkey both adheres to the EU-U.S. Privacy Shield Framework Principles to comply with GDPR.
Please note that some countries outside the UK or EEA have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals. Where your personal information is transferred, stored and/or otherwise processed outside the UK or EEA in a country that does not offer an equivalent standard of protection to the UK or EEA, we will take all reasonable steps necessary to ensure that the recipient implements appropriate safeguards. For example we may enter into the European Commission approved standard contractual clauses with such providers to protect your personal information and to ensure that your personal information is treated securely and in accordance with this Policy. If you have any questions about the transfer of your personal information, please contact us using the details in section 16 below.
Unfortunately, no transmission of your personal information over the internet can be guaranteed to be 100% secure – however, once we have received your personal information, we will use strict procedures and security features to try and prevent unauthorised access.
Your rights and how to exercise them
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for marketing or fundraising purposes, or to unsubscribe from our email list at any time. You also have the following rights:
Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you contact us using the details in section 16 below.
We encourage you to raise any concerns or complaints you have about the way we use your personal information by contacting us using the details in section 16 below.
You may further make a complaint to the Information Commissioner’s Office – www.ico.org.uk. For further information on how to exercise this right, please contact us using the details in section 16 below.
Changes to this Policy
We may update this Policy from time to time. We will notify you of significant changes by contacting you directly where reasonably possible for us to do so and by placing a notice of update on our website. This Policy was last updated on the 03rd of May 2018.
Data Protection Officer
Our Data Protection Officer (“DPO”) can be contacted directly at email@example.com. Alternately, please use the contact details in section 16 below and mark the email/letter for the attention of the DPO or ask to speak to the DPO.
Links and third parties
Our website may contain links to other websites run by other organisations. This Policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.
How to contact us
If you have any questions about how we use your personal information, please contact us using the following details:
Telephone: 0300 247 4000
Post: Fashion Retail Academy Customer Service, 15 Gresse Street, London W1T 1QL