Privacy Policy

Flourish Education Privacy Policy

Your privacy is important to us and we take it very seriously. We want to help everyone who uses Flourish Education Ltd’s services to get the most out of them. This privacy policy describes how Flourish Education protects and makes use of the information you give the company when you use this website. If you are asked to provide information when using this website, it will only be used in the ways described in this privacy policy.This policy is updated from time to time. The latest version is published on this page.

This website privacy policy was updated on: 22/03/2018
Company Name: Flourish Education Ltd

Who we are

Flourish Education is a recruitment business which provides work-finding services to its clients and work-seekers. We specialise in the educator sector, working with schools, colleges and nurseries to supply teachers and non- teaching staff. The Company must process personal data (including sensitive personal data) so that it can provide these services – in doing so, the Company acts as a data controller.

The data controller of this website is Flourish Education Ltd. The registered office and operating office address is Seven House, 18 High Street, Longbridge, Birmingham, B31 2UQ

Data Protection Officer
The Data Protection Officer is:
Emma Vincent
Tel: +44 121 423 3557
Email: emmav@flourisheducation.co.uk

Where we got your information
You may give your personal details to us directly, such as on application or registration forms or via our website (we collect information from our users at several different points on our website.) or we may have sourced your personal data/sensitive personal data by the following means:

  • Initial face to face contact from candidates to the company including phone calls or applications on our website
  • Initial face to face contact with clients including enquiries via our website
  • When you speak to one of our consultants by telephone
  • Via our refer a 'friend scheme'
  • Applying for jobs on third party websites and job boards
  • Resourcing suitable CVs from third party websites
  • Candidate 'Watchdogs' alerts from third party websites

This information came from a publicly accessible source. We only retain data from relevant applicants; irrelevant data is erased. If The Company is the sole owner of the information collected on this site. We will not sell or rent personal data to others - your details will not be passed onto third party companies for marketing purposes.

What we need and why we need it

The Company must have a legal basis for processing your personal data. We have relied on a legitimate interest to process your personal data our legitimate interest is for the purposes of providing work-finding services to candidates (temporary, long-term, permanent and day-to-day) and recruitment services to clients and/or information relating to relevant roles or suitable candidates. We require consent to process sensitive personal data. We will only use your personal data in accordance with the terms of the following statement:

We request information from you either face to face, telephone or via our online registration and contact forms. As a candidate you must provide personal data, contact details and information regarding the type of work you are seeking; your skills, qualifications and experience. As a client you must provide personal data, contact details and information regarding role descriptions and candidate specifications. This information is used to communicate ( via telephone, email, text and/or post) with you as part of our business and enable us to provide you with work-finding or recruitment services. If we have trouble processing your application or enquiry, this contact information is used to get in touch with you. The Company does not use this information for any other purpose.

1. Collection and use of personal data

a. Purpose of processing and legal basis 

The Company has collected your personal data (which may include sensitive personal data) and will process your personal data for the purposes of providing you with work-finding or recruitment services. The legal bases we rely upon to offer these services to you are:

  • Consent - for example, we rely on consent when we send promotional material
  • Legitimate interest - process your data when it is in our legitimate interests to do this
  • Legal obligation - process your data to comply with our legal and regulatory obligations eg preventing, investigating and detecting crime, fraud or anti-social behaviour
  • Contractual obligation - processing your data when we need to fulfil a contract with you, such as sending your CV to an employer
b. Categories of data

The Company has collected the following personal data on you:

Personal data:
  • Name/contact details
  • National Insurance number
  • Salary
  • Marital Status
Sensitive personal data:
  • Disability/Health
  • Criminal conviction
  • Ethnic Origin
  • Race
  • Mental Health
  • Religion

We may use personal data to do some or all of the following:

  • Communicate with you as part of our business
  • Send you important information regarding changes to our policies, other terms and conditions and the Website 
  • Provide improved quality, training and security and manage other commercial risks
  • Carry out market research and analysis, including satisfaction surveys
  • Share education news, articles and teaching tips
  • Allow you to participate in contests, prize draws and similar promotions, and to administer these activities
  • Resolve complaints, and handle requests for data access or correction

Who we share your data with and why

Flourish Education may make personal data available to our service providers and data processors.This includes external third-party service providers, such as accountancy and payroll software, IT systems and support - Technical Drive. Personal data is securely stored both on our CMS (content management system) which has web support and hosting  provided by - ScorchSoft; and within our document and recruitment management system (securely stored on our internal servers) - MatchMaker.

Candidate personal data is shared (with your consent) with potential employers in order to arrange interviews and secure a placement. Your personal data is required by law and/or a contractual requirement (e.g. our client may require this personal data), and/or a requirement necessary to enter into an employment contract. You are obliged to provide the personal data and if you do not the consequences of failure to provide the data may/can lead to a termination of contract.

Social Media Platforms

Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.

Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.

International Data transfers and security
The Company does not transfer information you provide to us to countries outside the European Economic Area (“EEA”) for the purposes of providing you with work-finding services. We will take steps to ensure protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein.

Retention Policy: How long we hold your data?  
Your personal data is stored securely and protected on our secure internal servers and private third party hosting provider.The Company will retain your personal data only for as long as is necessary. Different laws require us to keep different data for different periods of time.

The Conduct of Employment Agencies and Employment Businesses Regulations 2003, require us to keep work-seeker records for at least 2 years from (a) the date of their creation or (b) after the date on which we last provide you with work-finding services.

We must also keep your payroll records, holiday pay, sick pay and pension’s auto-enrolment records for as long as is legally required by HMRC (this is 6 years) and associated national minimum wage, social security and tax legislation. 

Where Flourish Education has obtained your consent to process your personal and sensitive personal data such as name, email, contact number, address, DBS, ethnicity, medical history, we will keep for 5 years. Upon expiry of that period the company will seek further consent from you. Where consent is not granted the company will cease to process your personal data and sensitive personal data. 

Online Accounts

When candidates register online; create an account and log-in to their 'Candidate Login' area, it is protected by their password and may only be accessed by them. They can manage the content and information in the Account at any time, by logging in to the 'Candidate Login'.

When clients are provided with an online account and log-in to their 'School Login' area, it is protected by their password and may only be accessed by them. They can manage the content and information in the Account at any time, by logging in to the 'School Login'.

Your Rights 
Please be aware that you have the following data protection rights:

The right to be informed – of how and why your personal data is being used - typically through a privacy notice

The right of access to your personal data. If a person asks for this, they cannot be charged for it

The right to rectification - if your personal data is inaccurate or incomplete

The right to erasure – i.e. to request the deletion or removal of personal data in certain circumstances

The right to restrict processing – e.g. to prevent the data from being processed if it is inaccurate and in certain other circumstances

The right to data portability – which allows an individual to move, copy or transfer personal data easily from one IT environment to another

The right to object –e.g. an individual can stop the processing of their personal data for direct marketing purposes

Related to automated decision making and profiling – this right provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention

Withdrawing Consent

Where you have consented to the Company processing your personal data and sensitive personal data you have the right to withdraw that consent at any time by contacting the company. We have data withdrawal forms that we ask you complete so we can keep accurate records of this. All records must go through the Data Protection officer (DPO) to ensure that the record keeping is accurate.

You can update us with your preferred communication preferences by emailing us at office@flourisheducation.co.uk and telling us if you wish to be contacted by any of the following methods  - Email | Post | Telephone | Text

You may also withdraw consent and opt-out from any employment information (job alerts and training opportunities) or marketing information (newsletters,offers and competitions) that we may send to you by using the unsubscribe function(s) at the bottom of an email or contacting us on the Contact Page of our website. Any further queries should be directed through our contact form. We don’t penalise individuals who withdraw consent.   

Concerns or Complaints 

If you wish to complain about this privacy notice or any of the procedures set out in it please contact: Emma Vincent, Compliance Administrator  E:emmav@flourisheducation.co.uk T:01214243557

You also have the right to raise concerns with Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.


Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site - view our Cookies Policy.

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org. Please note that in a few cases some of our website features may not function if you remove cookies from your browser.

Log Files

We use IP addresses to analyse trends, administer the site, track users’ movements, and to gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


We may share aggregated demographic information with our clients. This is not linked to any personal information that can identify any individual person.

Outgoing External Links

This website contains links to other external websites. Please be aware that the Company is not responsible for the privacy practices of such other sites. We encourage you to be aware of this when you leave our site and to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by the Company’s website.

Flourish Education takes every precaution to protect our users’ information. The Company has achieved Cyber Essentials certification.

Office Firewalls and Internet Gateways

We have firewalls at the boundary between our internal networks and the internet. There is a firewall device on the network that is in place. All passwords on all our internet routers or hardware firewall devices are at least 8 characters in length and difficult to guess.

Secure Configuration

We have disabled all the software that we do not use on our laptops, computers, servers, tablets and mobile phones. All laptops, computers, servers, tablets and mobile devices only contain necessary user accounts that are regularly used in the course of our business. Administrators use passwords of at least 8 characters - typically is a mixture of numbers and symbols, the longer the better."auto-run" or "auto-play" disabled on all of our systems.

Software Patching

All operating systems and firmware on our devices is supported by a supplier that produces regular fixes for any security problems. All software licensed in accordance with the publisher’s recommendations. High risk or critical security updates for operating systems and firmware installed within 14 days of release. Any applications on our devices that are no longer supported and no longer receive regular fixes for security problems are removed.
User Accounts

Users only provided with user accounts after a process has been followed to approve their creation. Users can only access laptops, computers and servers in our organisation (and the applications they contain) by entering a unique user name and password.

We ensure that staff members only have the privileges that they need to do their current job. When a staff member changes job role we also change their access privileges. When an individual staff member leaves our organisation, we stop them accessing any of our systems by changing or removing their passwords.

Administrative Accounts

We have a formal process for giving someone access to systems at an “administrator” level. We ensure that administrator accounts are not used for accessing email or web browsing. We review who should have administrative access on a regular basis. 

Malware protection

All of our computers, laptops, tablets and mobile phones protected from malware by having anti-malware software installed. It is installed on the server and updates daily. Anti-malware software is it set to scan visited web pages and warn about accessing malicious websites.

Data Breach 

We will report any unlawful data breach of any information we hold, or if any of our third party data processors inform us of issues, we will also report this to any and all relevant persons and authorities within 72 hours of the breach, if it is apparent that personal data stored in an identifiable manner has been stolen.

The Company uses all reasonable efforts to safeguard your personal information. However, you should be aware that the use of the Internet is not entirely secure and for this reason the Company cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the Internet. If you have any questions about the security at our website, you can send an email to: Grant@flourisheducation.co.uk

Notifications of change
If we decide to change our privacy policy, we will email those changes to our users so they are always aware of what information we collect, how we use it, and under circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

Speak to a friendly consultant on 0300 303 3227 Call Today