Out of School at All Saints Ltd
Company No. 6556160
Statement GDPR stands for General Data Protection Regulation and replaces the previous Data Protection Directives that were in place. It was approved by the EU Parliament in 2016 and comes into effect on 25th May 2018. GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individuals' data is not processed without their knowledge and is only processed with their explicit consent. GDPR covers personal data relating to individuals.
Out of School at All Saints Ltd are committed to protecting the rights and freedoms of individuals with respect to the processing of children's, parents', visitors', and staff personal data. The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly. Out of School at All Saints is registered with the ICO (Information Commissioners Office) under registration reference: Z2528030 and has been registered since 11th February 2011.
This policy is operational from 25th May 2018.
The purpose of this policy is to enable Out of School at All Saints Ltd to:
This policy applies to information relating to identifiable individuals e.g. staff, applicants, former staff, clients, suppliers and other third-party contacts.
Out of School at All Saints Ltd will:
Out of School at All Saints Ltd recognises that its first priority under the GDPR is to avoid causing harm to individuals. In the main this means:
Secondly, GDPR aims to ensure that the legitimate concerns of individuals about the ways in which their data may be used are taken into account. In addition to being open and transparent, Out of School at All Saints Ltd will seek to give individuals as much choice as is possible and reasonable over what data is held and how it is used. This includes the right to erasure where data is no longer necessary and the right to rectification where the data is incorrect. Full details are available in the Privacy Notice issued at the point of gathering the data.
Out of School at All Saints Ltd has identified the following potential key risks, which this policy is designed to address:
In order to address these concerns, to accompany this policy, we have an accompanying Information Security policy and we will issue Privacy Notices to explain what data we have, why we have it and what we will do with it. The Privacy Notice will also explain the data subject’s rights. We will offer training to staff where this is necessary and appropriate in the circumstances to ensure compliance with GDPR. Such training will vary according to the role, responsibilities and seniority of those being trained.
We aim to keep data only for so long as is necessary which will vary according to the circumstances.
We have no intention to transfer data internationally.
The person responsible for Data Protection is currently Louise Morley with the following responsibilities:
Significant breaches of this policy will be handled under Out of School at All Saints Ltd disciplinary procedures which may amount to gross misconduct.
Subject Access Request
Any subject access requests will be handled by Louise Morley.
Subject access requests must be in writing. All staff are required to pass on anything, which might be a subject access request to Gillian Isherwood without delay. The applicant will be given their data within 1 month unless there are complexities in the case which justify extending this to 2 months. You will be notified of any extensions to the deadline for response and the reasons as soon as possible.
We have the right to refuse a subject access request where data is requested at unreasonable intervals, manifestly unfounded or excessive. You will be notified of the reasons as soon as possible.
Where the individual making a subject access request is not personally known to Gillian Isherwood their identity will be verified before handing over any information.
The required information will be provided in a permanent and portable form unless the applicant makes a specific request to be given supervised access in person.
You have the right to request the information we hold is rectified if it is inaccurate or incomplete. You should contact Gillian Isherwood and provide the details of any inaccurate or incomplete data. We will then ensure that this is amended within one month. We may, in complex cases, extend this period to two months.
You have the right to erasure in the form of deletion or removal of personal data where there is no compelling reason for its continued processing. We have the right to refuse to erase data where this is necessary in the right of freedom of expression and information, to comply with a legal obligation for the performance of a public interest task, exercise of official authority, for public health purposes in the public interest, for archiving purposes in the public interest, scientific research, historical research, statistical purposes or the exercise or defence of legal claims. You will be advised of the grounds of our refusal should any such request be refused.