SBC Logo in White
Home Privacy Policy

Summer Boarding Courses

Privacy Policy

Summer Boarding Courses is part of the Dukes Education Group.

Summer Boarding Courses respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your personal data when you visit our website or interact with us, and outlines your rights under applicable data protection laws.

Summary of how we use your personal data

Summer Boarding Courses uses your personal data where:

  • it is necessary to perform a contract with you;
  • it is necessary for our legitimate interests (provided your rights do not override those interests);
  • we are required to comply with legal obligations;
  • you have given your consent.

We may share your personal data within the Dukes Education Group and with selected third parties who support our operations, including education partners, service providers, and marketing platforms.

Where we rely on consent (particularly for marketing), you may withdraw this at any time. Our privacy policy sets out more details of this processing, including details of your data protection rights, and your right to object to certain processing.

What does this policy cover?

This policy applies to all personal data processed by Summer Boarding Courses and other companies within the Dukes Education Group when you:

  • submit an enquiry;
  • register interest in a course;
  • make a booking;
  • interact with our website or communications.

References to “we”, “us”, or “our” relate to the relevant Dukes Education Group entity acting as the data controller.

What information do we collect?

We collect and process the following personal data:

  • Parent/guardian name and contact details;
  • Student name, age/date of birth, and gender;
  • Relevant medical information (where required);
  • Address, email, and telephone number;
  • Payment and billing details (where applicable);
  • Marketing preferences and consent records;
  • Communications sent to us;
  • Technical data (IP address, browser, device type, cookies);
  • Location data derived from IP address.

We may also collect information about your engagement with our communications, including whether messages are opened, clicked, or responded to, including via platforms such as email, SMS, and WhatsApp.

How do we use your personal data?

1. To fulfil a contract

We use your data to:

  • process bookings and payments;
  • verify identity;
  • provide course-related services;
  • communicate essential information;
  • deliver customer support.

2. For legitimate business interests

We may use your data to:

  • respond to enquiries;
  • improve our website, services, and user experience;
  • personalise content;
  • prevent fraud and ensure security;
  • manage complaints and legal matters;
  • conduct market research.

3. Marketing communications and automation

We may use your personal data to provide relevant information about our courses, services, events, and offers through:

  • email;
  • telephone;
  • SMS;
  • messaging platforms such as WhatsApp.

We use CRM and marketing automation systems to manage and personalise communications based on your interactions with us. This may include:

  • follow-up messages after enquiries;
  • course recommendations;
  • reminders and updates;
  • promotional offers where you have consented.

Where required by law, we will only send electronic marketing (including WhatsApp and SMS) where you have provided your consent.

4. Where you provide consent

We rely on your consent to:

  • send marketing communications;
  • place cookies and tracking technologies;
  • contact you via social media;
  • use your data for specific purposes explained at the time.

5. Legal obligations

We may process your data:

  • to comply with safeguarding or regulatory requirements;
  • in response to legal requests or law enforcement;
  • where parental consent is required for children.

We have carried out balancing tests for all data processing we carry out on the basis of our legitimate interests. You can obtain information on any of our balancing tests by contacting us using the details set out later in this notice.

Withdrawing consent and marketing preferences

You may opt out of marketing at any time by:

  • clicking “unsubscribe” in emails;
  • replying “STOP” to SMS or WhatsApp messages;
  • contacting us directly.

You have an absolute right to opt-out of direct marketing at any time.

Who do we share your personal data with?

We may share your data with:

Within Dukes Education Group

For safeguarding, administration, reporting, quality control, and educational services, including potential referral to our consultancy division in respect of university applications.

Education and partner organisations

Including:

  • JK Educate
  • Earlscliffe
  • Rochester Independent College
  • Cardiff Sixth Form College
  • The Medic Portal
  • The Lawyer Portal
  • Ultimate Activity
  • A-list Education
  • Oxbridge Applications
  • InvestIN
  • Dukes Plus and associated organisations
  • Oxbridge Summer Courses Guide (https://oxfordsummerschools.com)

Service providers and processors

Including:

  • Salesforce – CRM System
  • HubSpot – CRM System
  • Microsoft – communications and storage
  • Mailchimp – email marketing
  • SurveyMonkey – surveys and communication
  • Google (Analytics, Ads, Tag Manager, Search Console, and others)
  • WPEngine – hosting provider
  • Lucky Orange – marketing and analytics tool
  • Zapier – process automation and integrations between systems
  • NinjaForms / 123FormBuilder – plugin/form tools
  • Kaseya – data backup services
  • GoHighLevel – CRM and marketing automation
  • WhatsApp Business (Meta Platforms Ireland Ltd) – messaging platform

Other third parties

  • insurance providers;
  • accreditation bodies (e.g. British Council, British Accreditation Council);
  • background check providers;
  • referral partners;
  • government authorities and/or law enforcement officials if required by law;
  • advisers and prospective purchasers in the event the business is sold or integrated with another business.
  • host schools and colleges providing accommodation, campuses, cleaning and catering – to ensure e.g. dietary requirements are met.

International data transfers

Some providers (such as WhatsApp Business) may process data outside the UK or EEA. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or equivalent protections.

Cookies and how we use them

Cookies are small text files placed on your computer by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

We use cookies to improve website functionality and user experience. Please refer to our Cookie Policy for full details. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

What rights do I have?

You have the right to:

  • access your personal data;
  • correct inaccurate data;
  • request deletion of your personal data;
  • restrict or stop active processing of your personal data;
  • object to processing (especially for direct marketing);
  • request data portability – obtaining data you have provided in a structured, machine-readable format.

These rights may be limited in certain circumstances, for example if fulfilling your request would reveal personal data about another person, infringe the rights of a third party, or where we are required by law to retain the information. Relevant exemptions are included in both the UK GDPR and the Data Protection Act 2018. We will inform you of any exemptions we rely upon when responding to your request.

You may also lodge a complaint with the UK Information Commissioner’s Office (ICO) if you have unresolved concerns about how we handle your personal data.

How long will you retain my personal data?

We retain personal data only for as long as is required by law, or as long as is necessary for the purposes for which we process it. Further details are available in our Data Retention Policy, available on request.

Automated decision-making

We do not carry out automated decision-making that produces legal or similarly significant effects. However, we may use limited profiling to tailor communications and improve relevance.

How do I get in touch with you?

We hope that we can satisfy any queries you may have about the way we process your personal data. If you have any concerns, or would like to opt out of direct marketing, please contact our Data Protection Champion:

Summer Boarding Courses

Dukes House, 58 Buckingham Gate, Greater, London SW1E 6AJ

Email: marketing@summerboardingcourses.co.uk

Which Controller entity is my data controller?

The Controller for your information is the entity with which you have a relationship, or which manages the website you have visited. A full list of Controllers in the current Dukes Education Group is set out below:

Dukes Education Group Ltd; CSFC Ltd; RIC Trading Ltd; Fine Arts College Ltd; Sussex Summer Schools Ltd; Summer Boarding Courses Ltd; Dukes Education Ltd; Miss Daisy’s Schools Ltd; Little Owls School Limited; Knightsbridge School Limited; Minerva Education Holdco Ltd; Minerva Education Finance Ltd; Eaton Square Schools Limited; Eaton Square Kensington Limited; Sancton Wood School Ltd and The Hannay-Rowe Education Company Ltd.

Our commitment to you

At Summer Boarding Courses, we are dedicated to maintaining the highest standards of care, transparency, and trust. Safeguarding your personal data is an essential part of delivering a safe, supportive, and high-quality experience for every student and family.