This Privacy Statement tells you how the National Adult Literacy Agency (NALA) processes your data on the website, Learn with NALA.
‘Data’ means any information about people that is collected by another person or organisation. ‘Data processing’ is a phrase used to describe the different ways data is used and stored.
NALA respects your right to privacy. We comply with how the law says we must handle your data.
This document tells you why we collect data from you, or about you from other people or organisations
We take great care with any data we hold and take steps to keep your data secure. We make sure we use your data only for the specified, and legitimate reasons set out in this Privacy Statement.
In this statement, we outline:
We control data and this means we are a ‘data controller’. NALA is the data controller of the types of data about people described in this statement
We are a charity and we are a membership organisation. NALA membership is open to all organisations and everyone interested and involved in adult literacy.
We exist to support people with unmet literacy, numeracy and digital literacy needs. We do this so that they can play their full part in society and have access to the learning opportunities they need. We are committed to making access to literacy a human right.
Throughout the document references to ‘NALA’, ‘us’, ‘our’ and ‘we’ refer to the National Adult Literacy Agency.
We will process all data in line with the relevant data protection laws and principles. These include the:
‘Data’ is personal information that identifies or is related to a living person. When we talk about ‘you’ or ‘your’ in this Privacy Statement we mean any living person whose data we collect.
We collect data to provide services to support our work in NALA. This includes when you:
The next table outlines the categories and types of data we collect. The types of data we collect may change over time. The table shows you the typical types of data we collect.
There are various circumstances where we may share data with other people or organisations (often called ‘third parties’). We may share your data with third parties when we need to, and the law says we can. NALA may share relevant data with the following categories of third parties:
We only share your data when we are confident any third party we give your data to:
We only give them the data they need to provide the service that they are undertaking on our behalf. Sometimes we transfer data outside of the European Economic Area to people handling data for us. When we do this, we will make sure that they have the appropriate safeguards in place to protect your data.
We will keep your data only for as long as we need it to provide the relevant service to you. To decide how long to keep your data we consider:
You have the following rights in relation to your data. You can send us a request about any of the rights outlined below. We will do our best to handle your request as soon as possible and within one month. However, restrictions may apply in certain situations
(Right of access by the data subject, GDPR, Article 15)
You have the right to know:
When sending us a request, please give us as much information as you can. This will help us to identify the data you wish to access. For example, give specific dates.
Please see NALA’s Subject Access Request Policy for more details.
(Right to rectification, GDPR, Article 16)
You have a right to ask us to keep data that we hold about you up to date and accurate.
Where data is inaccurate or incomplete, we encourage you to contact us to have this data corrected. When we receive your request, we will make sure that the data is corrected and as up to date as soon as is reasonably possible.
(Right to erasure [‘right to be forgotten’], GDPR, Article 17)
You have the right to ask us to remove your data from our records in the following circumstances.
No longer needed
You have the right to ask us to remove your data when we no longer need it.
If we are only allowed use your data with your consent and you withdraw your consent you have the right to ask us to remove it. As long as there are no other legal reasons we should keep the data, we will remove it.
We will remove your data if its use is illegal.
If you object to us using your data and there are no good reasons why we should keep using it, we will remove your data.
If the law requires us to remove your data, we will do so.
We cannot remove your data if we need it for any of the following reasons, to:
(Right to opt out of automated individual decision-making, GDPR, Article 22)
Sometimes when organisations hold data about you, they use an automated decision system to decide things about you. However, if this type of decision would have a legal or significant effect on you, you can tell the organisation not to do so.
Currently we do not use automated decision making. If we ever decide to use your data in this type of system in the future, we will tell you in advance and give you the right to object.
(Right to object, GDPR, Article 21)
In certain circumstances, you have the right to object to the further use of your data. In addition, we will only use your data in a way that you would expect us to do, so we can perform our work and activities.
But we may still use it if we:
However, we will stop using your data if you tell us you object to us doing so for:
If we need to use your data in the public interest for scientific or historical research or statistical analysis we will make sure that you cannot be identified. This is known as anonymisation.
You can object to us using your data for direct marketing or profiling you related to direct marketing.
If you object to us using your data, we may still use it if we:
(Right to restriction of processing, GDPR, Article 18)
If you ask us to limit how we use your data, we will do so if the following circumstances apply. You tell us:
You may also argue that processing your data is unlawful.
You may be against us wiping out your data but ask us to restrict its use instead.
If using your data has been restricted, we will use your data only:
If we agree to restrict your data, we will contact you to confirm that we have carried out your request.
We will only lift the restriction after we have informed you that we are doing so.
(Right to data portability, GDPR, Article 20)
You have the right to get from us all data we have about you. For example, if you wanted to get a list of your educational reports from us when applying to a third-level institution.
You have the right to get this data in a structured, commonly used and machinereadable format if:
You are also entitled to this data if the way we use your data is fully automated. For example, our Learn with NALA (LWN) platform is fully automated.
We will refuse this type of request if the data you are asking for would adversely affect the rights and freedoms of others.
If we are storing or using your data and you have given your legal consent for us to do so, you can withdraw your consent at any time.
If you are unhappy with how we use your data or by our response to any requests by you to exercise your rights, then you have the right to complain to the Data Protection Commission.
Please email all your requests to firstname.lastname@example.org giving us as much detail as possible about the data you require. This will allow us to deal with your request efficiently. To answer your request, we may ask you to prove your identity.
Once we receive your request, we have 30 days to respond. We may extend this by two further months if needed. If we do need more time to deal with your request, we will contact you about the delay, within one month of receiving your request.
If we refuse your request, we will let you know within one month of receiving your request and tell you why. You are entitled to contact the Data Protection Commission if we refuse your request.
We only charge a fee for requests if we think they are unjustified or excessive. If that is the case, we may charge a reasonable fee or refuse the request.
We may also charge if you submit multiple requests or ask for multiple copies.
In the unlikely event that someone illegally accesses data that we store, we will contact you in line with our legal obligations.
We will use all reasonable efforts to put in place security measures to prevent your data from being:
We will also limit access to your data by other people and organisations. We will only give them access when they need the data to do business with us.
They may only process your data if we instruct them to do so. They are subject to a duty of confidentiality.
Unfortunately, transmitting data over the internet is not completely secure. Although we will do our best to protect your data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk.
Once we have received your data, we will use reasonable procedures to try to prevent unauthorised access. We will notify you and the Data Protection Commission where we are legally required to do so.
A ‘cookie’ is a small piece of data (text file) that a website gathers about people when they visit it. It’s a way for a website to remember data about you like:
Some of the cookies we use on our website are called ‘first-party cookies’. Firstparty cookies are stored on our website.
We also use ‘third-party cookies’. Third-party cookies are from other websites. We use these for advertising and marketing purposes.
We need to use some cookies so our website can function. They are usually set to respond to what you do on the website. For example, you may click a button asking for services like:
You can set your browser to block or alert you about these cookies, but if you do so some parts of the site will not work for you. These cookies do not store any data that will identify you.
These cookies allow us to count visits and traffic sources (how you found our website). In this way, we can measure and improve the performance of our site.
They help us to know which pages are the most and least popular and see how visitors move around our website. All data these cookies collect is grouped together and anonymous. If you do not allow these cookies, we will not know when you have visited our site and will not be able to monitor its performance.
These cookies allow the website to work better and provide particular functions. They may be put on our website by third party providers whose services we have added to our website. If you do not allow these cookies then some services may not function properly.
These cookies may be put on our website by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other websites. They do not directly store data about you, but they identify your internet browser, provider and device.
If you do not allow these cookies, you will experience less targeted advertising. In addition, you may not be able to see some content like videos on our website.
These cookies are set by a range of social media services that we have added to the site to allow you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.