Privacy Notice

Introduction

On 25th May 2018, the new General Data Protection Regulations (GDPR) take effect in the UK and across the EU. GDPR will entirely replace our current Data Protection Act 1998. Basically, the same structure of Data Protection Law will stay the same; but, the compliance burden will increase significantly. One of the major requirements of GDPR is to provide information to individuals (data subjects) whose data is held by an organisation by what is known as a 'Privacy Notice'. The Privacy Notice is more detailed and specific than that required under the old the Data Protection Act and places an emphasis being understandable and accessible.

This is the School's Privacy Notice.

Glossary of Terms

"Data controllers" means organisations, including independent schools, that determine how people's personal data is processed and for what purpose. Strictly – and in liability terms – this will be the Board of Governors. However, in practice, each individual school is likely to make its own decisions about use of data and therefore needs its own policies and Privacy Notice.

"Data Subjects" means any living individuals whose data the Data Controller processes.

"Processing" means any action in relation to that personal data, including filing and communication.

"Personal Data" includes everything from which a Data Subject can be identified. It ranges from simple contact details via personnel or pupil files to safeguarding information, and encompasses opinions, file notes or minutes, a record of anyone's intentions towards that person, and communications (such as emails) with or about them.

"Special Category Data" some categories of Personal Data are "special category data" under the GDPR (broadly equivalent to "sensitive" personal data under the old law, but with criminal data treated separately). These comprise data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; data concerning health or data concerning a natural person's sex life or sexual orientation; and (new to GDPR) biometric data. Extra safeguards are provided by law for processing of such data.

Legal and Regulatory Framework

Various laws underpin this Privacy Notice and are relevant to independent schools:

Please note that independent schools are not subject to the specific information provisions (including the parental right to see the pupil record, and Freedom of Information) that will be applicable to maintained schools under separate legislation.

Section 1 - Who We Are

1. This Privacy Notice covers the data processed by West Buckland School which comprises the Prep School and the Senior School (Charity No.1167545). In addition, this Privacy Notice refers to the data processes undertaken by the West Buckland Foundation, a separate charity, that oversees Fundraising Activities and manages OWBA (Charity No. 1096487).

Section 2 - What This Policy Is For

2. This policy is intended to provide information about how the school will use (or "process") personal data about individuals including: its staff; its current, past and prospective pupils; and their parents, carers or guardians (referred to in this policy as "parents"), additional to wider school community.

2.1. This information is provided in accordance with the rights of individuals under Data Protection Law to understand how their data is used. Staff, parents and pupils are all encouraged to read this Privacy Notice and understand the school's obligations to its entire community.

2.3. This Privacy Notice applies alongside any other information the school may provide about a particular use of personal data, for example when collecting data via an online or paper form.

2.4. This Privacy Notice also applies in addition to the School's other relevant terms and conditions and policies, including:

  1. Any contract between the School and its staff or the parents of pupils.
  2. The School's policy on taking, storing and using images of children.
  3. The School's CCTV policy.
  4. The School's retention of records policy.
  5. The School's safeguarding, pastoral, and health and safety policies, including as to how concerns or incidents are recorded.
  6. The School's IT policies, including its Acceptable Use, e-Safety, Wi-Fi, Remote Working and other related policies will all be updated in due course.

2.5. Anyone who works for, or acts on behalf of, the school (including staff, volunteers, governors and service providers) should also be aware of and comply with this Privacy Notice, which also provides further information about how personal data about those individuals will be used.

Section 3 - Responsibility For Data Protection

3. West Buckland School has appointed the Director of Finance and Operations as the GDPR Privacy and Compliance Officer (GDPR P&CO) , who will deal with all any enquiries concerning the school's uses of your personal data (see section on Your Rights below) and endeavour to ensure that all personal data is processed in compliance with this policy and Data Protection Law.

3.1. The GDPR P&CO contact details are as follows:

  1. Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
  2. Telephone: 01598 760000
  3. Address: West Buckland School, Barnstaple, Devon, EX32 0SX

3.2. Additionally, West Buckland School has appointed the Assistant Bursar as the Data Protection Officer (DPO) who will deal with any data access requests.

3.3. The DPO contact details are as follows:

  1. Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
  2. Telephone: 01598 760000
  3. Address: West Buckland School, Barnstaple, Devon, EX32 0SX

Section 4 - Why The School Needs To Process Personal Data

4. In order to carry out its ordinary duties to staff, pupils and parents, the school may process a wide range of personal data about individuals (including current, past and prospective staff, pupils or parents) as part of its daily operation. Some of this activity the school will need to carry out in order to fulfil its legal rights, duties or obligations – including those under a contract with its staff, or parents of its pupils.

4.1. Other uses of personal data will be made in accordance with the school's legitimate interests, or the legitimate interests of another, provided that these are not outweighed by the impact on individuals, and provided it does not involve special or sensitive types of data.

4.2. The school expects that the following uses may fall within that category of its (or its community's) "legitimate interests":

  1. For the purposes of pupil selection (and to confirm the identity of prospective pupils and their parents).
  2. To provide education services, including musical education, physical training or spiritual development, career services, and extra-curricular activities to pupils, and monitoring pupils' progress and educational needs.
  3. To Maintain relationships with alumni and the school community, including direct marketing or fundraising activity, and social activities.
  4. For the purposes of donor due diligence, and to confirm the identity of prospective donors and their background and relevant interests.
  5. For the purposes of management planning and forecasting, research and statistical analysis, including that imposed or provided for by law (such as diversity or gender pay gap analysis and taxation records).
  6. To enable relevant authorities to monitor the School's performance and to intervene or assist with incidents as appropriate.
  7. To give and receive information and references about past, current and prospective pupils, including relating to outstanding fees or payment history, to/from any educational institution that the pupil attended or where it is proposed they attend; and to provide references to potential employers of past pupils.
  8. To enable pupils to take part in national or other assessments, and to publish the results of public examinations or other achievements of pupils of the School.
  9. To safeguard pupils' welfare and provide appropriate pastoral care.
  10. To monitor (as appropriate) use of the school's IT and communications systems in accordance with the School's IT: acceptable use policy.
  11. To make use of photographic images of pupils in school publications, on the School website and (where appropriate) on the school's social media channels in accordance with the School's policy on taking, storing and using images of children.
  12. For security purposes, including CCTV in accordance with the School's CCTV policy.
  13. Where otherwise reasonably necessary for the School's purposes, including to obtain appropriate professional advice and insurance for the School.

4.3. In addition, the School may need to process special category personal data (concerning health, ethnicity, religion or sexual life) or criminal records information (such as when carrying out DBS checks) in accordance with rights or duties imposed on it by law, including as regards safeguarding and employment, or from time to time, by explicit consent where required. These reasons may include:

  1. To safeguard pupils' welfare and provide appropriate pastoral (and where necessary, medical) care, and to take appropriate action in the event of an emergency, incident or accident, including by disclosing details of an individual's medical condition where it is in the individual's interests to do so: for example for medical advice, social services, insurance purposes or to organisers of school trips.
  2. To provide educational services in the context of any special educational needs of a pupil.
  3. To provide spiritual education in the context of any religious beliefs.
  4. In connection with employment of its staff, for example DBS checks, welfare or pension plans.
  5. To run any of its systems that operate on biometric data, such as for security and other forms of pupil identification (lockers, lunch etc.).
  6. For legal and regulatory purposes (for example child protection, diversity monitoring and health and safety) and to comply with its legal obligations and duties of care.

Section 5 - Types Of Personal Data Processed By The School

5. This will include by way of example:

  1. Names, addresses, telephone numbers, e-mail addresses and other contact details.
  2. Car details (about those who use our car parking facilities).
  3. Past, present and prospective pupils' academic, disciplinary, admissions and attendance records (including information about any special needs), and examination scripts and marks.
  4. Where appropriate, information about individuals' health, and contact details for their next of kin.
  5. References given or received by the school about pupils, and information provided by previous educational establishments and/or other professionals or organisations working with pupils.
  6. Images of pupils (and occasionally other individuals) engaging in school activities, and images captured by the School's CCTV system (in accordance with the school's policy on taking, storing and using images of children).

Section 6 - How The School Collects Data

6. Generally, the School receives personal data from the individual directly (including, in the case of pupils, from their parents). This may be via a form, or simply in the ordinary course of interaction or communication (such as email or written assessments).
6.1. However, in some cases personal data may be supplied by third parties (for example another school, or other professionals or authorities working with that individual); or collected from publicly available resources.

Section 7 - Who Has Access To Personal Data And Who The School Shares It With

7. Occasionally, the school will need to share personal information relating to its community with third parties, such as professional advisers (lawyers and accountants) or relevant authorities (HMRC, police or the local authority) and Toucan Text.

7.1. For the most part, personal data collected by the school will remain within the school, and will be processed by appropriate individuals only in accordance with access protocols (i.e. on a ‘need to know' basis). Particularly strict rules of access apply in the context of:

  1. Medical records held and accessed only by the school doctor and appropriate medical staff under his/her supervision, or otherwise in accordance with express consent.
  2. Pastoral or safeguarding files.

7.2. However, a certain amount of any SEN pupil's relevant information will need to be provided to staff more widely in the context of providing the necessary care and education that the pupil requires.

7.3. Staff, pupils and parents are reminded that the school is under duties imposed by law and statutory guidance (including Keeping Children Safe in Education) to record or report incidents and concerns that arise or are reported to it, in some cases regardless of whether they are proven, if they meet a certain threshold of seriousness in their nature or regularity. This may include file notes on personnel or safeguarding files, and in some cases referrals to relevant authorities such as the LADO or police. For further information about this, please view the school's Safeguarding Policy.

7.4. Finally, in accordance with Data Protection Law, some of the school's processing activity is carried out on its behalf by third parties, such as IT systems, web developers or cloud storage providers. This is always subject to contractual assurances that personal data will be kept securely and only in accordance with the school's specific directions.

Section 8 - How Long We Keep Personal Data

8. The school will retain personal data securely and only in line with how long it is necessary to keep for a legitimate and lawful reason. Typically, the legal recommendation for how long to keep ordinary staff and pupil personnel files is up to 7-years following departure from the school. However, incident reports and safeguarding files will need to be kept much longer, in accordance with specific legal requirements. In particular, the ongoing national Independent Inquiry into Child Sexual Abuse (IICSA) has directed that schools should not routinely destroy any pupil data until the wide-ranging investigation has concluded its enquiry or given more guidance on the matter. If you have any specific queries about how this policy is applied, or wish to request that personal data that you no longer believe to be relevant is considered for erasure, please contact the DPO (See Section 3). However, please bear in mind that the school may have lawful and necessary reasons to hold on to some data.

8.1. For further specific details please see the School's Retention of Records Policy.

Section 9 - Keeping In Touch And Supporting The School

9. The School and Foundation will use the contact details of parents, alumni and other members of the school community to keep them updated about the activities of the school, or alumni and parent events of interest, including by sending updates and newsletters, by email and by post. Unless the relevant individual objects, the school may also:

  1. Share personal data about parents and/or alumni, as appropriate, with organisations set up to help establish and maintain relationships with the school community, such as the Foundation, OWBA or Parents' Association.
  2. Contact parents and/or alumni (including via the organisations above) by post and email in order to promote and raise funds for the school [and, where appropriate, other worthy causes.
  3. Collect information from publicly available sources about parents' and former pupils' occupation and activities, in order to maximise the school's fundraising potential.
  4. Should you wish to limit or object to any such use, or would like further information about them, please contact the Foundation Manager in writing. You always have the right to withdraw consent, where given, or otherwise object to direct marketing or fundraising. However, the school may need nonetheless to retain some of your details (not least to ensure that no more communications are sent to that particular address, email or telephone number).
  5. Please see the forthcoming ISBA fundraising toolkit for more details.

Section 10 - Your Rights

10. Individuals have various rights under Data Protection Law to access and understand personal data about them held by the School, and in some cases ask for it to be erased or amended or for the School to stop processing it, but subject to certain exemptions and limitations.

10.1. Any individual wishing to access or amend their personal data, or wishing it to be transferred to another person or organisation, or who has some other objection to how their personal data is used, should put their request in writing to the GDPR P&CO (See Section 3).

10.2. The School will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event within statutory time-limits, which is one month in the case of requests for access to information. The School will be better able to respond quickly to smaller, targeted requests for information. If the request is manifestly excessive or similar to previous requests, the School may ask you to reconsider or charge a proportionate fee; but, only where Data Protection Law allows it.

10.3. You should be aware that certain data is exempt from the right of access. This may include information which identifies other individuals, or information which is subject to legal professional privilege. The school is also not required to disclose any pupil examination scripts (though examiners' comments may fall to be disclosed), nor any confidential reference given by the school for the purposes of the education, training or employment of any individual.

10.4. Specific guidance on GDPR, relating to certain communities within the School, is offered at Annexes A-E to this Privacy Notice as follows:

  1. Guidance for Parents (Guardians) of children at, or applying to join, the School.
  2. Guidance for Children at the School over the age of 13.
  3. Guidance for Governors of the School.
  4. Guidance for Alumni.
  5. Guidance for Employees of, or applying to join, the School.

Section 11 - Pupil Requests

11. Pupils can make subject access requests for their own personal data, provided that, in the reasonable opinion of the school, they have sufficient maturity to understand the request they are making (see section Whose Rights below). Indeed, while a person with parental responsibility will generally be entitled to make a subject access request on behalf of younger pupils, the information in question is always considered to be the child's at law.

11.1. A pupil of any age may ask a parent or other representative to make a subject access request on his/her behalf. Moreover (if of sufficient age) their consent or authority may need to be sought by the parent making such a request. Pupils at Senior School (aged 13 and above) are generally assumed to have this level of maturity, although this will depend on both the child and the personal data requested, including any relevant circumstances at home. [may however be sufficiently mature to have a say in this decision.

11.2. All information requests from, or on behalf of, pupils – whether made under subject access or simply as an incidental request – will therefore be considered on a case by case basis.

Section 12 - Consent

12. Where the school is relying on consent as a means to process personal data, any person may withdraw this consent at any time (subject to similar age considerations as above). Please be aware however that the school may have another lawful reason to process the personal data in question even without your consent.

12.1. That reason will usually have been asserted under this Privacy Notice, or may otherwise exist under some form of contract or agreement with the individual (e.g. an employment or parent contract, or because a purchase of goods, services or membership of an organisation such as an alumni or parents' association has been requested).

Section 13 - Whose Rights

13. The rights under Data Protection Law belong to the individual to whom the data relates. However, the school will often rely on parental consent to process personal data relating to pupils (if consent is required) unless, given the nature of the processing in question, and the pupil's age and understanding, it is more appropriate to rely on the pupil's consent.

13.1. Parents should be aware that in such situations they may not be consulted, depending on the interests of the child, the parents' rights at law or under their contract, and all the circumstances.

13.2. In general, the school will assume that pupils' consent is not required for ordinary disclosure of their personal data to their parents, e.g. for the purposes of keeping parents informed about the pupil's activities, progress and behaviour, and in the interests of the pupil's welfare, unless, in the school's opinion, there is a good reason to do otherwise.

13.3. However, where a pupil seeks to raise concerns confidentially with a member of staff and expressly withholds their agreement to their personal data being disclosed to their parents, the school may be under an obligation to maintain confidentiality unless, in the school's opinion, there is a good reason to do otherwise; for example where the school believes disclosure will be in the best interests of the pupil or other pupils, or if required by law.

13.4. Governors, Staff & Pupils are required to respect the personal data and privacy of others, and to comply with the School's IT Acceptable Use policy and other applicable policies.

Section 14 - Data Accuracy And Security

14. The School will endeavour to ensure that all personal data held in relation to an individual is as up to date and accurate as possible. Individuals must please notify the relevant member of staff (e.g. school office, registrar, fees secretary) of any significant changes to important information, such as contact details, held about them.

14.1. An individual has the right to request that any out-of-date, irrelevant or inaccurate or information about them is erased or corrected (subject to certain exemptions and limitations under Data Protection Law): please see above for details of why the School may need to process your data, of who you may contact if you disagree.

14.2. The School will take appropriate technical and organisational steps to ensure the security of personal data about individuals, including policies around use of technology and devices, and access to school systems. All staff and governors will be made aware of this policy and their duties under Data Protection Law and receive relevant training.

Section 15 - This Policy

15. The school will update this Privacy Notice from time to time. Any substantial changes that affect your rights will be provided to you directly as far as is reasonably practicable.

Section 16 - Queries And Complaints

16. Any comments or queries on this policy should be directed to the GDPR P&CO or DPO (see Section 3 above for contact details).

16.1. If an individual believes that the school has not complied with this policy or acted otherwise than in accordance with Data Protection Law, they should utilise the school Complaints Procedure (a copy of the School's Complaints Policy is available on the School Website) and should also notify the DPO. The School can also make a referral to or lodge a complaint with the Information Commissioner's Office (ICO), although the ICO recommends that steps are taken to resolve the matter with the school before involving the regulator.

Annexes:

  1. GDPR Guidance for Parents (Guardians) of children at, or applying to join, the School.
  2. GDPR Guidance for Children at the School over the age of 13.
  3. GDPR Guidance for Governors of the School.
  4. GDPR Guidance for Alumni.
  5. GDPR Guidance for Employees of, or applying to join, the School.

Annex A

GDPR Guidance For Parents (Guardians) Of Children At, Or Applying To Join, The School

A.1. This Annex should be read in conjunction with the introductory paragraphs in the covering document.

A.2. The existence of West Buckland School's Privacy Notice will be notified to you at earliest opportunity; for existing parents/guardians via regular reminders that the Notice is available on the School Website. For new parents/guardians, its existence will be pointed out during the admissions process.

A.3. Data will be processed for the purposes of responding to requests for information about joining the school and the school will therefore have a "legitimate interest" for processing basic personal data and sensitive personal data. The data the school holds will be the minimum it requires to form and maintain the contract between you and the school.

A.4. The School will share your data with the following companies who have contracts with the School and who have equalled the School's precautions and systems for dealing with data, these are:

  1. Catering Contractor.
  2. School Photographer.
  3. Health care service providers.
  4. Our IT software providers.

A.5. It is not necessary for data to be shared with other countries. The exception to this will be international trips that the school organises, should this be envisaged for your child, you will be contacted for your consent, the consent will be limited in time and content if it be required.

A.6. The retention period for pupil data will be until the pupil reaches the age of 25 and/or be modified by any other legal obligation the school finds itself under; such as the IICSA Enquiry mentioned in Section 8.

A.7. You have the right to withdraw your consent to data processing at any time, however this will only apply to certain groups of data for which you have given particular consent.

A.8. You can complain at any time about how the school has handled your data, the Information Commissioner is available as follows:

A.9. ICO helpline is 0303 123 1113. A template letter, should you need it is at Appendix 1 to this notice.  

A.10. We will obtain the data the school requires from you, should we need data from other sources we will contact you within a month. We see the provision of personal data as necessary to properly admit you child to the school and to administer, and for the school to fulfil its obligations under the contract once your child is a pupil here. There is no automated decision making or profiling involved in this data stream into and through the school.

Appendix:

1. A Template Letter for Complaining to the School about Data Protection.

Appendix 1 To Annex A

A Template Letter For Complaining To The School About Data Protection

[Your full address]
[Phone number]
[The date]

The Data Protection Officer
West Buckland School
Barnstaple
Devon
EX32 0SX

[Reference number (if provided within the initial response)]

Dear [Sir or Madam / name of the person you have been in contact with]

Information Rights Concern

[Your full name and address and any other details such as account number to help identify you]

I am concerned that you have not handled my personal information properly.

[Give details of your concern, explaining clearly and simply what has happened and, where appropriate, the effect it has had on you.]

I understand that before reporting my concern to the Information Commissioner's Office (ICO) I should give you the chance to deal with it.

If, when I receive your response, I would still like to report my concern to the ICO, I will give them a copy of it to consider.

You can find guidance on your obligations under information rights legislation on the ICO's website (www.ico.org.uk) as well as information on their regulatory powers and the action they can take.

Please send a full response within 28 calendar days. If you cannot respond within that timescale, please tell me when you will be able to respond.

If there is anything you would like to discuss, please contact me on the following number [telephone number].

Yours faithfully
[Signature]

Annex B

GDPR Guidance To Children At The School Over The Age Of 13

B.1. This Annex should be read with the introductory paragraphs in the covering document.

B.2. The paragraphs in red refer to guidance from the Information Commissioner's Office (ICO) on the compilation of privacy notices.

B.3. This privacy notice will be provided to you at the time your data is being obtained, if it is being obtained directly. This means you get this when the school gets your data from your parents, or within a month.

B.4. Data will be processed for the purposes of allowing you to make the best of your time at West Buckland School. The School will therefore have what is called a "legitimate interest" for processing basic personal data and sensitive personal data. The data the school holds will be the minimum it requires to allow you to thrive in your years here.

B.5. The School will share your data with the following companies who have contracts with the school and who have equalled the school's precautions, systems and procedures for dealing with data, these are:

  1. Catering Contractor.
  2. Photographer
  3. Health care service provider
  4. IT software providers.

B.6. It is not necessary for data to be shared with other countries. The exception to this will be international trips that the school organises, should this be envisaged for you, you will be contacted for your consent, the consent will be limited in time and content if it is required.

B.7. The retention period for pupil data will be until you reach the age of 25.

B.8. You have the right to withdraw your consent to data processing at any time, however this will only apply to certain groups of data for which you have given particular consent.

B.9. You can complain at any time about how the school has handled your data, the Information Commissioner is available as follows:

  1. ICO helpline is 0303 123 1113.
  2. A template letter, should you need it is at Appendix 1 to Annex A.

B.10. We will obtain the data the school requires from you, should we need data from other sources we will contact you. We see the provision of personal data as necessary to properly manage your time at West Buckland School and for the school to fulfil its obligations to you. There is no automated decision making or profiling involved handling this data.

Annex C

GDPR Guidance For Governors Of The School

C.1. This Annex should be read in conjunction with the introductory paragraphs in the covering document.

C.2. This privacy notice will be provided to you at the time your data is being obtained, if it is being obtained directly.

C.3. Data will be processed for the purposes of responding to requests for information about joining the Board of the school and the school will therefore have a "legitimate interest" for processing basic personal data and, if necessary, sensitive personal data. The data the school holds will be the minimum it requires.

C.4. The School will share your data with the following companies who have contracts with the school and who have equalled the school's precautions, systems and procedures for dealing with data, these are:

  • IT Contractor
  • IT software providers.

C.4. It is not necessary for data to be shared with other countries. The exception to this will be international trips that the school organises, should this be envisaged for you, you will be contacted for your consent, the consent will be limited in time and content if it is required.

C.5. The retention period for data on Governors to be held will be 25 years, or as detailed in the school's retention policy.

C.6. You have the right to withdraw your consent to data processing at any time, however this will only apply to certain groups of data for which you have given particular consent.

C.7. You can complain at any time about how the school has handled your data, the Information Commissioner is available as follows:

  1. ICO helpline is 0303 123 1113.
  2. A template letter, should you need it is at Appendix 1 to Annex A.

C.8. We will obtain the data the school requires from you, should we need data from other sources we will contact you first.

C.9. We see the provision of personal data as necessary to safeguard you and the school as it will allow the necessary checks to be made. There is no automated decision making or profiling involved in this data stream into and through the school.

Annex D

GDPR Guidance For Alumni

D.1. This Annex should be read in conjunction with the introductory paragraphs in the covering document.

D.2. Routine contact with alumni will be by surface mail, telephone, email will only be used as a method of contact if the individual alumnus gives consent to be contacted in this way.

D.3. This privacy notice will be provided to you at the time your data is being obtained. Should you give consent, data will be processed for the purposes of maintaining an accurate record of those who were educated at West Buckland School. The School will process only the minimum personal data to achieve this purpose.

D.4. The school will not share your data with any companies associated with the school.
It is not necessary for data to be shared with other countries.

D.5. The retention period for alumni data will be unlimited as long as the school believes it has a relationship to serve with the alumnus.

D.6. You have the right to withdraw your consent to data processing at any time, however this will only apply to certain groups of data for which you have given particular consent.

D.7. You can complain at any time about how the school has handled your data, the Information Commissioner is available as follows:

  1. ICO helpline is 0303 123 1113.
  2. A template letter, should you need it is at Appendix 1 to Annex A.
  3. Fundraising regulator – 0300 999 3407/This email address is being protected from spambots. You need JavaScript enabled to view it.

D.8. We will obtain the data the school requires from you, should we need data from other sources we will contact you first.

Annex E

GDPR Guidance For Employees Of, Or Applying To Join, The School

E.1. This Annex should be read in conjunction with the introductory paragraphs in the covering document.

E.2. This privacy notice will be provided to you at the time your data is being obtained, if it is being obtained directly.

E.3. Data will be processed for the purposes of responding to requests for information about joining the school and the School will therefore have a "legitimate interest" for processing basic personal data and sensitive personal data. The data the school holds will be the minimum it requires to form and maintain the contract between you and the school.

E.4. The school will share your data with the following companies who have contracts with the school and who have equalled the school's precautions and systems for dealing with data, these are:

  • Health care service provider.
  • School's IT software providers.
  • DBS Clearance provider.

E.5. It is not necessary for data to be shared with other countries. The exception to this will be international trips that the school organises, should this be envisaged for you, you will be contacted for your consent, the consent will be limited in time and content if it be required.

E.6. The retention period for employee data will be until you leave the School and/or be modified by any other legal obligation the school finds itself under.

E.7. You have the right to withdraw your consent to data processing at any time, however this will only apply to certain groups of data for which you have given particular consent.

E.8. You can complain at any time about how the school has handled your data, the Information Commissioner is available as follows:

  1. ICO helpline is 0303 123 1113.
  2. A template letter, should you need it is at Appendix 1 to Annex A.

E.9. We will obtain the data the school requires from you, should we need data from other sources we will contact you within a month.

E.10. We see the provision of personal data as necessary to properly employ you at the school and to administer, and for the school to fulfil its obligations under the contract once you are an employee here.

E.11. There is no automated decision making or profiling involved in this data stream into and through the school.