This policy is intended to provide information about how the business will use (or “process”) personal data about individuals including: its current and former employees; its current, past and prospective clients, referred to in this policy as “clients”).
This information is provided because Data Protection Law gives individuals rights to understand how their data is used. Employees and clients are all encouraged to read this Privacy Notice and understand the business’ obligations to its entire community.
This Privacy Notice applies alongside any other information the business may provide about a particular use of personal data, for example when collecting data via an online or paper form.
This Privacy Notice also applies in addition to the business’ other relevant terms and conditions and policies.
Anyone who works for, or acts on behalf of, the business should also be aware of and comply with this Privacy Notice, which also provides further information about how personal data about those individuals will be used.
WHY THE BUSINESS NEEDS TO PROCESS PERSONAL DATA
In order to carry out its ordinary duties the business needs to process a wide range of personal data about as part of its daily operation.
Some of this activity the business will need to carry out in order to fulfil its legal rights, duties or obligations – including those under a contract with its clients or staff or third parties.
Other uses of personal data will be made in accordance with legitimate interests, or the legitimate interests of another, provided that these are not outweighed by the impact on individuals, and provided it does not involve special or sensitive types of data.
TYPES OF PERSONAL DATA PROCESSED BY THE BUSINESS
This will include by way of example:
HOW LONG WE KEEP PERSONAL DATA
The business will retain personal data securely and only in line with how long it is necessary to keep for a legitimate and lawful reason. Typically, the legal recommendation for how long to keep ordinary staff and pupil files is up to 7 years following the event.
Individuals have various rights under Data Protection Law to access and understand personal data about them held by the school, and in some cases ask for it to be erased or amended or have it transferred to others, or for the business to stop processing it – but subject to certain exemptions and limitations.
Any individual wishing to access or amend their personal data, or wishing it to be transferred to another person or organisation, or who has some other objection to how their personal data is used, should put their request in writing to the business.
The business will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event within statutory time-limits (which is one month in the case of requests for access to information).
The business will be better able to respond quickly to smaller, targeted requests for information. If the request for information is manifestly excessive or similar to previous requests, the business may ask you to reconsider, or require a proportionate fee (but only where Data Protection Law allows it).
The rights under Data Protection Law belong to the individual to whom the data relates.
DATA ACCURACY AND SECURITY
The busines will endeavour to ensure that all personal data held in relation to an individual is as up to date and accurate as possible.
An individual has the right to request that any out-of-date, irrelevant or inaccurate or information about them is erased or corrected (subject to certain exemptions and limitations under Data Protection Law):
The business will update this Privacy Notice from time to time. Any substantial changes that affect your rights will be provided to you directly as far as is reasonably practicable.