Privacy Statement

This statement is provided with the intention to comply with your right to be informed under the General Data Protection Regulation. We have also considered your rights under the Privacy and Electronic Communications Regulations.

Who is OpenEFL?

OpenEFL is a provider of education services specialising in Teaching English as a Foreign Language (TEFL). We are a trading name of Roxinford Education Group, registered in England with the company number 06260864. Our head office is at 103 – 105 Greenford Road, London, HA1 3QF, United Kingdom. You can email our Data Protection Officer at [email protected].

How we have collected data about you?

We may collect personal data from you when you:

  • use our products or services (i.e. attending a lesson);
  • use our website;
  • use of our e-Learning platform;
  • interact with us through social media, email, post, text or phone, or use one of our cookies.

In addition, we will also collect personal data from job applicants, employees, ex-employees, associates, members, contractors and temporary employees during their recruitment screening and throughout the tenure of their employment with us.

What data we may hold about you?

We will only collect data from you when if it is necessary for us to do so and we will only collect data that is relevent for the date processing activity. Below is a list of data which we may collect from you:

  • Identity Data: such as name, date of birth, gender, nationality, passport, or ID number
  • Contact Data: such as email, address and phone numbers
  • Academic Data: qualifications and language proficiencies
  • Transaction Data: details of services purchased and payments
  • Technical Data: IP addresses, login data, etc.
  • Marketing Data: preferences for receiving communications
  • Usage Data: usage metrics for our website and services
  • Survey Data: responses to survey

Why are we able to process your data (lawful basis)?

  • Consent – you have given consent to us for the processing of your personal data for one or more specific purposes.
  • Contract – processing is necessary for the performance of a contract which you have entered with us. This could either be that we are provide a product or service to you, or to receive something from you. Examples include: employment contracts; and agreements for the provision of our products or services. We are also acting under the performance of contract if we collect or process your data for the purposes of entering into a contract, if you have expressed an interest in working with us.
  • Legal obligation – we may be legally obliged to process certain data about you, for example to maintain student data for immigration compliance. In some cases, we are obliged to share personal data with third parties, such as UKVI and HMRC.
  • Vital interests – processing is necessary to protect your vital interests. For example medical and dietary details.
  • Public task – processing is necessary to perform a task in the public interest with clear basis in law.
  • Legitimate interest – processing is necessary for our legitimate interests, or the legitimate interests of a third party, as long as it does not conflict with your interests or fundamental rights and freedoms. We will always balance our legitimate interest with yours before using legitimate interest as lawful basis of processing your data.

Why are we processing your data?

Your personal data is used by us to support a range of different purposes and activities. These are listed in the table below together with the types of data used and the lawful base(s) we rely on when processing them, including where appropriate, our legitimate interests. Please be aware that we may process your personal data using more than one lawful basis, depending on the specific activity involved. Please contact us if you need details about the specific lawful basis we are relying on to process your personal data where more than one basis is set out below.

Purpose / Activity Lawful Basis
To provide the products and services you required


Legal obligation

Vital interests

Public task

Internal administrative purposes – such as our accounting and records


Legal obligation

Public task

To send marketing communications

Legitimate interest


For statistical purposes such as analysing the performance of our product and services Legitimate interest
To respond to your queries and to resolve complaints.

Legitimate interest


To comply with applicable laws and regulations.

Legal obligation

Public task

How are we keeping your data safe?

We takes security measures in line with data protection regulations. We have security measures in place designed to prevent data loss, to preserve data integrity, and to regulate access to the data. Most data are stored with reputable specialized cloud-based third-party database and data storage providers, with state of the art security and reliable and multiple secure backups. Only authorised employees and contractors have access to your personal data. In addition, contracts are in place with such third-party service providers acting as data processors for us that have access to your personal data, to ensure that the level of security required in your jurisdiction is in place, and that your personal data is processed only as instructed by us.

How long do we keep your personal data?

We will keep your personal data for only as long as we need to or as required by law. The exact time period for which we retain your personal data will depend on the purpose of which the data was collected. If you have an account with us, then we will hold your data until you wish to cancel your account.

Who else may we share your personal data with?

We may disclose and share your personal data with the parties set out below:

  • The companies and divisions of Roxinford Education Group Ltd
  • Government agencies, their partners and other third parties to comply with our legal obligation or public interest responsibilities (such as UKVI, Ofqual, DfE, HMRC, Magistrates Courts, Employment Tribunals and Local Authorities)
  • Third-party vendors, business partners or other third parties that we use to support the operation of our business. For example, to: provide IT systems and software, examination and other services
  • Our professional advisers including auditors, lawyers, bankers and insurers who provide professional advice, accounting, banking, legal, insurance, and pension services, or to meet our audit responsibilities;
  • Where you have consented for us to do so.

We require all third parties who are processing data on our behalf to respect the security of your personal data and to treat it in accordance with the law. We do not allow our data processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International Transfers

Where data is transferred outside of the EEA, we will take steps to ensure that appropriate measures and controls are in place to protect that data in accordance with relevant data protection laws and regulations. In each case, such transfers are made in accordance with the requirements of the General Data Protection Regulations or “GDPR”.

What are your rights?

You have the right to be informed of fair processing information with a view to transparency of data. This policy notice is intended to fulfil that right.

You have the right to access the information we hold. You should make such a request in writing to our Data Protection Officer using the above contact information. We shall provide the data within 1 month. In exceptional cases we may extend this to 3 months. You will be notified within 1 month when we believe this to be an exceptional case requiring a longer period of compliance. Where a request is manifestly unfounded or excessive we may charge a reasonable fee or refuse the request. In the event of a fee or refusal, you will be advised of this and your further rights relating to the fee or refusal.

You have the right to request the information we hold is rectified if it is inaccurate or incomplete. You should contact our Data Protection Officer using the above contact information and provide him with the details of any inaccurate or incomplete data. We will then ensure that this is amended within one month. We may, in complex cases, extend this period to two months.

You have the right to erasure in the form of deletion or removal of personal data where there is no compelling reason for its continued processing. We have the right to refuse to erase data where this is necessary in the right of freedom of expression and information, to comply with a legal obligation for the performance of a public interest task, exercise of an official authority, for public health purposes in the public interest, for archiving purposes in the public interest, scientific research, historical research, statistical purposes or the exercise or defence of legal claims. You will be advised of the grounds of our refusal should any such request be refused.

You have the right to restrict our processing of your data where you contest the accuracy of the data until the accuracy is verified. You have the right to restrict our processing of your data where you object to the processing (where it was necessary for the performance of a public interest task or purpose of legitimate interests), and we are considering whether our organisation’s legitimate grounds override your interests. You have the right to restrict our processing of your data when processing is unlawful and you oppose erasure and request restriction instead. You have the right to restrict our processing of your data where we no longer need the data and you require the data to establish, exercise or defend a legal claim. You will be advised when we lift a restriction on processing.

You have the right to data portability in that you may obtain and reuse your data for your own purposes across different services, from one IT environment to another in a safe and secure way, without hindrance to usability. The exact method will change from time to time. You will be informed of the mechanism that may be in place should you choose to exercise this right.

You have the right to object to the following:

  • processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
  • direct marketing (including profiling); and
  • processing for purposes of scientific/historical research and statistics

You have the right to withdraw your consent at any time.

You have the right to lodge a complaint with a supervisory authority such as the Information Commissioner’s Office or any other of our regulators or accreditors that may regulate or provide accreditations to us from time to time. We advise that you exhaust our internal complaints procedure prior to referring the matter to any supervisory, regulatory or accrediting body. A copy of our complaints process is available from our Data Protection Officer at the contact information above.

How do we use your data on the website?

When you register for the site, you may be asked to provide certain personal data for display on your profile. The “Name” field is required as well as public, and user profiles are visible to any site visitor. Other profile information may be required or optional, as configured by the site administrator.

User information provided during account registration can be modified or removed on the Profile > Edit panel. In most cases, users also have control over who is able to view a particular piece of profile content, limiting visibility on a field-by-field basis to friends, logged-in users, or administrators only. Site administrators can read and edit all profile data for all users.

We collect information about you during the checkout process on our store.

While you visit our site, we’ll track:

  • Pages you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
  • Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
  • Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!

We’ll also use cookies to keep track of basket contents while you’re browsing our site.

Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:

  • Order information like what was purchased, when it was purchased and where it should be sent, and
  • Customer information like your name, email address, and billing and shipping information.

Our team members have access to this information to help fulfil orders, process refunds and support you.

When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:

  • Send you information about your account and order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud
  • Set up your account for our store
  • Comply with any legal obligations we have, such as calculating taxes
  • Improve our store offerings
  • Send you marketing messages, if you choose to receive them

If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.

We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 10 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.

We accept payments through Stripe and PayPal. When processing payments, some of your data will be passed to Stripe and PayPal, including information required to process or support the payment, such as the purchase total and billing information.