Privacy Policy - Changing Education
  • About us
  • Services


    Centralised work placement and careers platform that empowers productivity and management

    See how it works for different sectors

  • Connect software

    Connect software

    Centralised work placement and careers platform that empowers productivity and management

    See how it works for different sectors

  • Morrisby
  • For employers
  • For students
  • Media
  • Contact Us

Privacy Policy

Review Date: September 2023

Next Review Date: September 2024

Signed: Changing Education Group

1. Aims

Changing Education respects the privacy of every individual who visits our website, uses our app ConnectED – Careers Manager, contacts us and works with us. We are committed to safeguarding your privacy and have written the following privacy notice to explain what information we collect, and what we do with it. accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy applies to all personal data, regardless of whether it is in paper or electronic format related to pupils, parents, visitors, suppliers and others. For information related to former and current staff, or if you have applied for a role with Changing Education Group, then please request a copy of our Data Protection Policy which is available from the Data Officer, Stephen Hackney. Contact details are at the end of this notice. This policy is reviewed annually, or where legislation and laws change.

2. Who is the Data Controller?

If you visit our website, use our app ConnectED – Careers Manager or are a former or current member of staff, or our one of suppliers, then the Data Controller is Changing Education Limited, of The Cheshire College South & West, Dane Bank Avenue, Crewe, Cheshire, Crewe CW2 8AB (Company number 06677456).
Our registration reference with the Information Commissioner’s Office (ICO) is ZA091427.

Changing Education Limited operates in accordance with the principles of the Data Protection Act 2018 and the UK General Data Protection Regulations.

If you are an app user, then we are a Data Processor. If you have a concern or a query on how your data is managed, we would ask that in the first instance, you contact the educational provider that engaged us.

If you are a student, then we are a Data Processor. If you have a concern or a query on how your data is managed, we would ask that in the first instance, you contact the educational provider that engaged us.

3. Definitions

Term Definition
Personal data Any information relating to an identified, or identifiable individual.

This may include the individual’s:

●      Name (including initials)
●      Identification number
●      Location data
●      Online identifier, such as a username

It may also include factors specific to the individual’s physical, physiological, genetic, mental, economic, cultural or social identity.

Special categories of personal data Personal data which is more sensitive and so needs more protection, including information about an individual’s:

●      Racial or ethnic origin
●      Political opinions
●      Religious or philosophical beliefs
●      Trade union membership
●      Genetics
●      Biometrics (such as fingerprints, retina and iris patterns), where used for identification purposes
●      Health – physical or mental
●      Sex life or sexual orientation

Processing Anything done to personal data, such as collecting, recording, organising, structuring, storing, adapting, altering, retrieving, using, disseminating, erasing or destroying.

Processing can be automated or manual.

Data subject The identified or identifiable individual whose personal data is held or processed.
Data controller A person or organisation that determines the purposes and the means of processing of personal data.
Data processor A person or other body, other than an employee of the data controller, who processes personal data on behalf of the data controller.
Personal data breach A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.


4. How do we obtain your personal data?

We may obtain your personal data in a variety of ways, including:

• From inbound enquiries to or, and other email inboxes such as individual email accounts of Changing Education employees
• From inbound phone calls where we see the incoming phone number and you pass us information verbally
• From data you supply while we are working together during commissioned projects, or during new business activities and the act of commissioning new work
• From networking activities and events, for example exchanging business cards or connecting on LinkedIn.
• From recommendations or references about you from others
• From recruitment activities, including inbound CV submissions and employee onboarding
• From your registration onto our software systems
• From website analytics
• From you signing up to our mailing list via our website or social media pages
• From contact from and conversations with our suppliers
• From data you enter into our app platform

Any information you give us should be accurate, and if you are supplying anyone else’s data, you must ensure that you have the authority and legal basis to do so.

5. What personal data is processed?

5.1 Student

If you are a student then we will process the following information:

• Contact details (name, address, email address and phone number),
• academic performance data,
• and in a small number of instances, some medical information to ensure that you receive the right support in your placement environment.

If you have any queries, then please contact your education provider.

5.2 General:

Depending on your relationship and activity with Changing Education, we may process different types of information about you, including but not limited too:

• Name
• Email address
• Phone number
• Job title
• Business name and address
• IP addresses
• Social media usernames/handles
• Browser information
• Bank account information

6. Who is my information shared with?

Your personal data will not be sold or disclosed to anyone outside of Changing Education or Changing Education’s appointed suppliers, without obtaining your prior consent – unless we are required to do so by law.

For our general day to day data processing activities, we use third party organisations (also called sub processors) to help us administer and monitor the services we provide:

• for the provision of software services to enable the management of our customers, staff and office administration
• for payroll and financial accounting
• to share newsletters, promotional detail, industry news or other information that maybe of interest to you
• to help us improve our services
• for the administration of our website and customer interactions
• for any legal guidance in the provision of our services

For full details of the third party suppliers we use, please contact us at the address below.

7. How is your personal information used?

The personal data you give us may be used in a variety of ways:
• Communicating with you as a customer, about new or currently commissioned projects
• Responding to recruitment enquiries and progressing the recruitment process, storing your details for future reference if new positions become available
• Performing accounts tasks, such as raising and sending invoices
• Storing in databases for reference by appropriate Changing Education employees and our suppliers
• Retention of your personal information for as long as this is required to meet our legal obligations.
• Interacting with our app to enhance your user experience.
We will only keep your personal data for as long as it is relevant to the purpose for which it was collected or for as long as we are required to keep it by law. We have a retention policy and process in place. If you would like a copy of this, then please contact our Data Officer at the address below.

8. What is our legal basis for processing your data?

Depending on your relationship and activity with Changing Education, our legal basis for processing your personal data may be different.
In the case of signing up to our mailing list, we rely on your consent given at the time of sign- up, and you should consult the privacy notices and messages on those forms.
In the case of employees or customers of Changing Education, the processing is necessary for the performance of a contract between yourself and Changing Education.

For other activities, such as storing CV’s sent to us as part of recruitment, processing is necessary for the purposes of legitimate interests of Changing Education.

We have a comprehensive retention process for each type of data that we store and how long we store this information. Please get in contact if you require further information.

9. Sharing Personal Data

We will not normally share personal data with anyone else, but may do so where:
● There is an issue with a pupil or parent/carer that puts the safety of our staff at risk
● We need to liaise with other agencies – we will seek consent as necessary before doing this
● Our suppliers or contractors need data to enable us to provide services to our staff and pupils – for example, IT companies. When doing this, we will:
o Only appoint suppliers or contractors which can provide sufficient guarantees that they comply with data protection law
o Establish a data sharing agreement with the supplier or contractor, either in the contract or as a standalone agreement, to ensure the fair and lawful processing of any personal data we share
o Only share data that the supplier or contractor needs to carry out their service, and information necessary to keep them safe while working with us

We will also share personal data with law enforcement and government bodies where we are legally required to do so, including for:
● The prevention or detection of crime and/or fraud
● The apprehension or prosecution of offenders
● The assessment or collection of tax owed to HMRC
● In connection with legal proceedings
● Where the disclosure is required to satisfy our safeguarding obligations
● Research and statistical purposes, as long as personal data is sufficiently anonymised or consent has been provided

We may also share personal data with emergency services and local authorities to help them to respond to an emergency situation that affects any of our pupils or staff. Where we transfer personal data to a country or territory outside the European Economic Area, we will do so in accordance with data protection law.

10. Children and subject access requests

Personal data about a child belongs to that child, and not the child’s parents or carers. For a parent or carer to make a subject access request with respect to their child, the child must either be unable to understand their rights and the implications of a subject access request or have given their consent.

Children aged 13 and above are generally regarded to be mature enough to understand their rights and the implications of a subject access request. Therefore, most subject access requests from parents or carers of pupils from our service may not be granted without the express permission of the pupil. This is not a rule and a pupil’s ability to understand their rights will always be judged on a case-by-case basis.

Please note, Changing Education are a Data Processor of this information. The education provider is the Data Controller. If you have any concerns or queries on the data that is passed to Changing Education in order that we can provide a service, please contact the education provider. We are unable to respond to any requests from a child, their parent or carer.

For more information on the role of Data Controllers and Data Processors, then please see the additional guidance on the Information Commissioners website here.

11. Your rights

You have the right to request access to the personal data that we hold about you – this is known as a Subject Access Request (SAR). If you wish to make a SAR about the personal data we hold about you, please email We will normally respond within 30 days to provide you with the data we hold about you in a commonly-used electronic format. There is no charge for this service, however, if requests become manifestly unfounded, excessive or repetitive, we may charge a fee appropriate to the administrative work required. This time can be extended by two months if the request is complex.

You have the right to request rectification of your personal data. To do so, please email We will respond within 30 days, although can be extended by two months if the request for rectification is complex. If Changing Education decides not to act in response to a request for rectification, we will explain to you our reasons.

You have the right to the deletion or removal of your personal data where there is no compelling reason for its continued processing. To request deletion of your personal data, please email We may refuse to comply with a request for erasure in some circumstances, for example in the case of requiring the information as part of a legal obligation, such as our statutory accounts and records.
You have the right to suppress or restrict the processing of your personal data. To request this, please email .

You have the right to data portability, which allows you to obtain and reuse your personal data for your own purposes across different services. To request this, please email We will respond within 30 days to provide you with the data we hold about you in a commonly-used electronic format. This time can be extended by two months if the request is complex.
You have the right to object to:

• processing based on legitimate interests
• direct marketing
• processing for purposes of scientific/historical research and statistics.

To make an objection to processing, please email

12. How we protect your information

We take a range of organisational and technical measures to protect your information. We maintain strict physical, electronic and administrative safeguards to protect your personal data from unauthorised or inappropriate access. We also will conduct refresher training and have robust policies and procedures in place to ensure that we meet our legal obligations.

Where appropriate we use industry-standard encryption techniques, including encrypting web traffic using HTTPS. Regular security reviews are held by Changing Education and in consultation with our software developers to ensure that our systems and processes remain safe and secure for the protection of your personal data. We have invested in the use of world leading technologies who themselves have invested in ensuring that their systems and the protection of Client data is a top priority.
Where you have registered onto our software systems with a self-chosen password, we ask you not to use that same password on any other systems. You are responsible for the security of your own passwords. We recommend following the guidance on passwords from the National Cyber Security Centre which can be found here.

13. Is any of my data sent outside of the EU?

Yes. Wherever possible we select data centres in the EU, however some data is stored in the US, and we have listed these suppliers below.
We select suppliers carefully and in many cases Model Contracts exist between Changing Education and those suppliers in order to ensure the suppliers meet the standards required to protect your personal data.


Third Country (non EU / non EEA

/ International


Purpose of processing Safeguards in place and further information
Google Connect

Business Processing

Information is transferred to the US using standard contractual clauses : Privacy Notice (Business)
Postmark Student -> workplace -> college / school emails Information is potentially transferred to the US using Standard Contractual clauses :

Data Processing Agreement

Sage Accountancy, invoicing etc Information is transferred to the US using model clause agreements :

Sage Privacy Notice

DocuSign Contract Signature tools Information is potentially transferred to the US using Binding Corporate Rules.: Docusign Privacy details


14. How We Use Cookies

A cookie is a small amount of data, which often includes a unique identifier that is sent to your computer or mobile phone browser from a website’s server and is stored on your device. Each website can send its own cookie to your browser if your browser’s preferences allow it, but (to protect your privacy) your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other websites. Many websites do this whenever a user visits their website to track online traffic flows.
As a visitor, you can edit your browser settings to accept all cookies, to notify them when a cookie is issued, or not to receive cookies at any time. The last of these means that the website might not work properly. Each browser is different, so check the Help menu of your browser to find out how to change your cookie preferences.

When you visit this website, the pages you see, along with a cookie, are downloaded to your device. Many websites do this, because cookies enable website publishers to do useful things like identify whether the device (and probably its user) has visited the website before. This is done on a repeat visit by checking to see, and finding, the cookie left there on the last visit.

14.1 Third Party Cookies

During your visit, you may notice some cookies that are not related to this site. When you visit a page with content embedded from, for example, YouTube or Flickr, you may be presented with cookies from these websites. We do not control the dissemination of these cookies. You should check the third-party websites for more information about these.

14.2 How to control and delete cookies

We will not use cookies to collect personally identifiable information about you. However, if you wish to restrict or block the cookies which are set by this website, or indeed any other website, you can do this through your browser settings. The Help function within your browser should tell you how.
Alternatively, you may wish to visit which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about cookies. For information on how to do this in the browser of your mobile phone you will need to refer to your handset manual.
Please be aware that restricting cookies may impact on the functionality of this website.
The cookies we use

• _ga, _gid
• Google Analytics

This is a service used to monitor traffic on the site and its pages. Google stores the information collected by the cookie on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google

Find out how to manage cookies on popular browsers:
• Google Chrome
• Mozilla Firefox
• Microsoft Internet Explorer
• Opera
• Apple Safari

To find information relating to other browsers, visit the browser developer’s website.

To opt out of being tracked by Google Analytics across all websites, visit

15. Links to Other Websites

Our website and other communications may contain links to other third-party websites. You should be aware that we do not have any control over other these third-party websites, and therefore we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites. Such sites are not governed by this privacy notice.
You should exercise caution and look at the privacy notice applicable to the website in question.

16. Marketing

From time to time we may perform limited marketing for which we have a legitimate interest to do so. We source email details from Sprint Education who are the Data Controller.
If you wish to unsubscribe from any of our newsletters then please either click the button at the bottom of any newsletters that are issued, or drop us a line at the details provided below. If you wish to ensure that you no longer receive any emails from us or other companies then please contact Sprint Education at https://sprint-

17. Contact

We have appointed a Data Officer. Our Data Officer is Stephen Hackney and is contactable via 01625 827309 or at the details below.

For any questions about this Privacy Notice, or Changing Education’s approach to data protection, please contact us:

Address: The Cheshire College, Dane Bank Avenue, Crewe, Cheshire, Crewe CW2 8AB

If we are unable to satisfy any complaint or query that you may have, or if you are still concerned, you can contact the Information Commissioners Office at

Changes to our Privacy Policy:
We keep our privacy policy under regular review, and we will place any updates on this web page.

We have received your contact details and request.
We are now reviewing it and will get
back to you within 48 hours.

Contact us

Contact us

What are you interested in?

Do you have any preferences?

Contact details

Name *
Organisation name *
Email *
Telephone *
Brief description of enquiry

Podcast #10
Reflecting on the Past Year
Date and Time
Tue, January 11, 2022 5:30 PM – 6:30 PM EET
Location Online event