SchoolsDPO (DPO Solutions for Schools Ltd, company registration number 11931373) is committed to protecting the privacy and security of your personal information. This notice sets out how we use your information and how you can exercise your rights under UK data protection law.
SchoolsDPO is a “data controller” under the UK’s General Data Protection Regulation (UK GDPR). This means that we are responsible for deciding how we hold and use personal information. We are required to abide by the data protection principles below and to notify you of the information contained in this privacy notice.
Data Protection Principles
We will comply with data protection law. This says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
- Just the minimum we need for our purposes and no more
- Accurate and kept up to date
- Kept only as long as necessary for our purposes and then securely destroyed or deleted
- Kept securely.
What information do we hold about you and how do we use it?
We collect and hold personal information (such as name, contact details, email addresses) for the following purposes, to:
- Communicate with subscribing school and trust staff to provide advice and guidance, news and updates via email and through membership of our online Data Protection Lead support network
- Analyse training questionnaires to produce summary reports for subscribing schools and trusts
- Act as a point of contact between individuals and a school or trust and provide advice/guidance, when required
- Undertake necessary business functions to provide our services, such as financial transactions
- Provide information about our services when you express an interest in knowing more about them.
The personal data we process is provided directly by you, or indirectly by a school or trust when seeking advice in relation to a data protection or freedom of information query.
Our lawful basis
We only collect and use your personal information when we have a lawful basis for doing so.
- Contractual obligation
- Legitimate interest
- Consent. If we are relying on consent, you can withdraw this at any time. Please see contact details below.
Where do we store your personal information?
Your data is stored on secure GDPR compliant servers and we take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy statement.
Who do we share your data with?
If you are a member of staff at a subscribing school or trust, we may share your name and contact details with data processors who are supporting us in delivering our services. This will depend on your role. For example, giving Data Protection Leads access to our online support network on GovernorHub, or using finance colleagues’ details to generate invoices on our finance system.
We do not sell or trade your personal information with third parties for the purposes of sales, marketing or advertising.
We will disclose your personal information where we are required to do so by law.
How long will we use your information for?
We will not retain your information for longer than is necessary for the purposes set out in this notice; as detailed in our retention schedule.
You have the right to:
- Request access to your information (subject access request). This enables you to receive a copy of the information we hold about you and to check we are lawfully processing it
- Request correction of the personal information we hold about you. This enables you to have incomplete or inaccurate information we hold about you corrected
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it
- Object to processing where we are relying on legitimate interest as our lawful basis and
- Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information, for example, if you want to establish its accuracy or the reason for processing it
- Request transfer of your information to another party, if applicable
- Lodge a complaint with the Information Commissioner’s Office (ICO) in the UK (see contact details below).
If you have any questions about our Privacy Notice, or you would like to exercise any of your rights, please get in touch using our contact form. Please note, we may ask for proof of identity before providing or updating any personal information we hold about you. If we have a legitimate reason as to why we are unable to fulfil any requests, we will explain the reasons why.
The Information Commissioner’s Office contact details can be found here.