It’s important that you know who “we” are. “IBSCA Ltd”, “IBSCA” is a company registered in England (no. 05964097). We are a membership organisation for schools that offer the International Baccalaureate programmes. IBSCA aims to support its member schools to deliver the programmes, advocate for the IB qualifications with universities and governments, and represent its members to the IB. We contract with Oxford Course Managers for administrative support for our events and other services.
Where we refer to the ‘IBSCA website’, it means any one of IBSCA’s sites. We currently have a site at ibsca.org.uk.
More information about IBSCA can be found at https://ibsca.org.uk/about.
For all questions, comments and requests regarding this Privacy Statement, or anything else, you are welcome to contact us:
In line with the General Data Protection Regulations (GDPR) we will only ask for and use personal information where there is both a purpose and a legal basis for doing so.
If you’re just taking a look at IBSCA and what we offer, then there’s no need to provide us with any information about yourself.
There are a number of valid reasons that we might request and use your personal information, such as:
The types of information that we collect depend on what relationship you have with IBSCA and how you interact with us. To fully understand the basis on which we process your data, we have assessed the different ways we do this to check that it is legitimate and fair.
If you contact us or we contact you, whether by phone, email, post, live chat or enquiry form on our website, we may keep a record of that correspondence. Where appropriate, we may take correspondence received in one form and store it in another. Likewise where you have given more than one way to reply to you we may choose the most appropriate method. For example, if you phone us then we may record details of the conversation in our contact management system and send you information you request by email.
The types of data we record include your name, who you are, contact information, and the correspondence itself. We may also keep associated notes or process the information, combining it as necessary with any information that we already legitimately hold, and store the result of any assessment or analysis or decisions made.
Browsing the IBSCA website
Providing personal information on the IBSCA website is optional. However, you should note that information is transmitted by your web browser, the web infrastructure and the web server, in order for pages to load in your browser. Some of this data is logged and could potentially be used to identify you as an individual, and because it happens behind the scenes you may not know what it is and how it is used. As this is quite technical, we have a section ‘Using our website’ to tell you more about this.
Using the IBSCA website
Certain features of the OCM website work better, or only work, when you provide information about yourself:
Subscribing to newsletters and updates
As we develop our services you have the option to subscribe to different types of information from IBSCA according to your interests. You can opt in to these communications by phone, in person (e.g. at one of our events), by email or through our website. We give you detailed choices so you only get messages about things you are actually interested in.
Any newsletters and updates that you subscribe to are generally fulfilled via email and we will use the email address you provide along with the interests you have told us about in order to do this.
Each communication you receive contains a link to manage your preferences, where you can opt out of things you no longer want to hear about, or opt in to new ones, or unsubscribe from everything. It is important to know that if you use the “unsubscribe” link in an email you receive, this will clear all your opt-in preferences, not just for the type of message you clicked the link in.
Note that we may need to communicate with you about other things, for example if you enroll on a course, and using your contact details for this purpose is treated separately.
IBSCA will send marketing information to people who have expressed an interest in knowing about specific products. This is generally sent by email therefore we will use an address that you have provided for this purpose along with the interests you have told us about. As with newsletter and update emails from IBSCA, each message contains a link for you to manage your preferences.
We also send some marketing information, primarily to schools, agents and teachers in particular roles, where we believe there is a legitimate interest in you receiving it. This may be by email or in printed form. You can contact us to request that we not do this.
Purchasing products via the IBSCA website
If you decide to purchase products from us, then we will ask you for personal information so we can
Enrolling on an event
We require you to provide information about yourself when you fill out an application form for a course so that we can process your application. While the form is ordinarily completed online, we may receive information from you by email, post, fax or telephone, all of which will be stored in our booking system and processed together.
If you start, but do not complete, an application for one of our courses then we may:
To submit a completed application we may collect and process the following data about you, the applicant:
Prior to or during your attendance on a course, we may collect and process further data, including:
After completion of your course, we will retain some information as may be necessary for business, accounting or legal purposes, such as:
Managing our suppliers and other business relationships
If you are a supplier to IBSCA or other business partner, we will collect, store and process data about the interactions we have with you and this will include relevant personal information about individuals. The types of personal information we process and the purposes include:
Information from third parties
We use third parties to collect data on our behalf to support our activities.
We also on occasion ensure our records are as up to date as possible through running address and detail verification checks through sources that are deemed acceptable by the Information Commissioners Office.
We conduct broad data analysis to gain a better understanding of how interests, demographic factors, geography and engagement trends relate to the relevance or attractiveness of our products and services. This process looks at aggregated data, and is applied to groups of people with similar characteristics.
IBSCA may use the personal data you have provided to make sure we only contact you when relevant and about things that ought to be of interest.
We do not use entirely automated profile-based decision-making which could have an adverse effect on you.
We do not sell your personal information to anyone.
We share your information with third parties when they are acting on our behalf, under a specific agreement. Much of our administrative work is done by Oxford Course Managers. They are a data processor for ISBCA and are contracted to provide the same level of data control as IBSCA itself provides. IBSCA audits the data processes of Oxford Course Managers.
We will not share your data with third parties to use for their own purposes unless we are required to do so by law, for example by a court order or for the purposes of prevention of fraud or other crime. We share your personal information with marketing companies only where they are acting contractually on our behalf. These companies are not given any rights over your data other than those necessary to fulfil the service IBSCA has requested.
When you opt in to receiving information, updates or subscriptions by email from IBSCA, MailChimp is the service used to manage your consents. When you provide your details on a sign-up form, MailChimp records your information and IBSCA has access to it. If we obtain your request for updates by a different means, such as by phone or in writing, then we will upload the information to MailChimp in order to contact you.
IBSCA may contact you on behalf of other linked organisations such as the IB Organisation if it is relevant to do so based on the interests you have specified, but unless we have gained your specific consent we will not pass your details to those third parties.
Information about the courses we support is freely available and does not require you to tell us who you are or anything else that identifies you. This is the same whether you look at our website, start a live chat with us on our website, call our office, or talk to us at a conference, school visit, or other event.
If you contact us by email, complete an enquiry form, or request a call-back, then you will obviously need to provide us with contact information so we can respond to you. Similarly, if you contact us about something specific then it may be necessary for us to ask for information to provide an answer. In these cases, it may then be necessary to store the information for later reference and we will let you know if we are going to do so; if you do not give consent then it will mean that the information cannot be referred to or relied on later.
We do have some features on our website where we will need some information about you, and if you prefer not to give any details then those features won’t be available to you. If you block cookies or analytics services in your browser, you can still use the IBSCA website but you will not be able to carry out certain actions such as purchasing revision guides, registering for updates, or applying for a course.
There can be circumstances where someone else provides us with personal information about you or you provide us with personal information about someone else. For example:
IBSCA may be given legitimate access to personal information for marketing purposes, for example by sponsoring an event we may receive an attendee list, or through membership of an association we may receive a member directory. We do not purchase general mailing lists or lists of teachers for marketing purposes.
We may work with other relevant organisations who contact you about IBSCA on our behalf but we will not be provided with your email address or other information in these cases unless you have given your consent to that organisation to share it.
IBSCA has social media accounts with Facebook, Twitter, LinkedIn and others. Signing up to use a social media service requires agreement to that provider’s terms which set out the provision of privacy and rights.
We post information and photos to our social media accounts, and this may include images of course locations including participants. If you attend one of our events, we will request your consent before posting photos of you on our social media sites, however if you are not easily identifiable you may appear in photos whether or not you give this consent. We cannot prevent other people sharing photos in which you appear or information about you on social media, whether posted or tagged to our account or someone else’s, but as far as we can we will delete, block, or report unwanted or inappropriate content about you if you request it.
Through these social media, we may receive, or have access to, information about you that you have shared publicly, to a group of people, or to us directly. We apply the same principles and controls to information that we use from such sources as we would if it was provided directly by you, including whether IBSCA should gather, store or use that information at all.
The GDPR states that individuals retain ownership of their own personal information and sets out a number of fundamental rights when organisations use it.
When you consent for us to contact you for marketing purposes, we make sure this is freely given, specific and unambiguous so you know what you are opting in to. You can withdraw this consent at any time and we will provide a means for you to do that every time we email, call or write to you.
You also have the right to:
If you are unsure and have further queries on how we might use your data, please get in touch and we will be happy to answer your questions. See the ‘How to contact us’ section.
If you would like to change your preferences or update the details we hold about you, please contact us.
We also set limits to the length of time we will keep your data. The duration varies for different types of individual and for different types of information provided by the same person.
We take into consideration what purpose IBSCA needs your information for, our legal obligations, and tax and accounting rules, when determining how long we should retain data. When we no longer need to retain it we have a process to securely delete or dispose of it.
If you feel it is no longer necessary for us to keep your personal information, you can ask us to delete some or all of it, which we will do provided there is no overriding reason for us to keep it.
If you choose to opt out of receiving communications from us, we may still need to retain and process relevant data about you for other legitimate purposes, including contacting you for those purposes. For example, you may unsubscribe from update emails, but we may need to email you about an order you have placed with us.
The data that we collect from you may be stored digitally or on paper either within our office systems within the UK or on data servers which are located in the European Economic Area (“EEA”). Where we use internet hosting or cloud providers, we select locations in the EEA.
We currently only operate within the EEA. If in future we operate outside the EEA your data may be transferred from one place to another including outside the EEA. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or affiliates. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.
These countries may not have similar data protection laws to the UK, however we take steps to make sure they provide an adequate level of protection and any transfer of your personal data outside the EEA will be carried out in compliance with applicable laws.
By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA
Whether we store your information on paper or in digital format, we take measures to protect it. The exact mechanisms for securing our systems are themselves kept confidential, however we can say that:
Some of the common risks to security are at the user level. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping that password confidential. We ask you not to share the password or use the same password for more than one website.
For card purchases we work via our administration provider with an authorised payment agent that helps us to check directly with your bank that the card is valid for purchases. The payment agent processes your card details according to the international security standard PCI DSS, which was developed by the card companies VISA, MasterCard, Diners, American Express and JCB. This means that your card details are processed with a very high level of security. When you pay by card, we reserve the right to carry out an identity check.
Unfortunately, even after following good practices, the transmission of information via the internet is not completely secure. We will do our best to protect your personal data, but we cannot guarantee the security of your data transmitted to our website or sent by email, and any transmission is at your own risk.
If you are using IBSCA’s website and register for updates or other services, you will be asked to provide personal information such as your name, e-mail address, whether you are a teacher, administrator or other, and your location (including postal address if relevant). This information is collected only with your knowledge and permission, and is help is secure databases. If you are purchasing something from us, you may be asked to provide your credit card details which are stored temporarily to process the transaction but not permanently.
Leaving comments or joining online discussions will mean that other people visiting the same pages will see personal information that you have volunteered. This information may require someone to be registered with us, or it may be public. You should therefore use discretion in what you disclose.
The information gathered during general browsing of IBSCA’s website may be used to analyse trends and usage of the site and to improve the usefulness of the site, as well as to identify or prevent improper use. It is not connected with any personal information.
Server logs may record your IP (Internet Protocol) address, domain name, browser type, operating system, and information such as the web site that referred you to us, the files you downloaded, the pages you visit, and the dates/times of those visits. IBSCA does not try to identify individuals from the server logs without the consent of the individual (for example if a website user was experiencing technical difficulties that we had to investigate).
A cookie is a small text file saved to, and, during subsequent visits, retrieved from your computer or mobile device.
Third-party cookies and analytics
We use third-party services that collect statistics in aggregate form to provide analysis tools.
IBSCA may use Google Analytics, which tracks website visitor behaviour so that we can measure performance and improve services for our audiences. This service uses tracking codes which can follow you across different websites, but IBSCA does not receive personally-identifiable information as all data reported is anonymous. For full details on how Google Analytics works, please see the Terms of Service (https://www.google.com/analytics/terms/gb.html). If you do not want Google Analytics to use your data, then a browser add-on is available (https://tools.google.com/dlpage/gaoptout/).
IBSCA email communications are handled by OCM who uses MailChimp for email communications, which uses similar tracking tools to enable us to know whether a message has been opened, whether it resulted in the reader responding to the email by visiting a link, or if it resulted in a purchase. This helps us to make sure our communications are interesting.
Our website includes links to other websites outside our domains and which do not fall under our supervision. We cannot accept any responsibility for the protection of privacy or the content of these websites. We offer these links only as a suggestion to make it easier for you to find more information about related subjects.
We take our responsibilities very seriously in ensuring the personal information we obtain is held, used, transferred and processed in accordance with the GDPR. We also adhere to all other applicable data protection laws and regulations including the Privacy and Electronic Communication Regulations.
As a UK-based organisation, IBSCA’s use of data is regulated by the Information Commissioner’s Office which is the independent authority set up to uphold information rights. The ICO’s website is an official source where you can learn more about the regulation and your rights, and can be found at https://ico.org.uk/.
IBSCA is the Data Controller for information submitted by you to IBSCA via our websites, by email or post, by phone, at events, or through any other direct interaction with IBSCA relating to IBSCA’s own courses and products. That means we determine the purpose of the storage or processing of personal information.
Where IBSCA provides services on behalf of another organisation, that organisation will be the Data Controller but IBSCA will act as Data Processor in order to undertake those services which may include event management, marketing, sales, or other activities.
This Privacy Statement was issued on 16 May 2018.
We may update this Privacy Statement from time to time. Any changes we may make to this Privacy Statement in the future will be posted on our website at https://ibsca.org.uk/privacy and, where appropriate, notified to you by e-mail.