The Barking and Dagenham School Improvement Partnership (hereafter referred to as ‘BDSIP’) takes the security of the data we hold very seriously. You have a legal right to be informed about how BDSIP uses any personal information that we hold about you. To comply with this, we have provided a ‘privacy notice’.
This privacy notice explains how we collect, store and use personal data. We, BDSIP, are the ‘data controller’ for the purposes of Data Protection Law. Our Data Protection Officer is Grace Camp (see ‘contact us’ below).
If you have any questions about this notice, please contact the BDSIP Data Protection Officer who will be happy to direct you.
From 25 May 2018, we shall process your personal data in accordance with the General Data Protection Regulation (or GDPR for short).
The personal data we hold
Personal data that we may collect, use, store and share (when appropriate) about you may include, but is not restricted to:
- Personal information (such as name, address and DBS information)
- Characteristics (such as ethnicity, language, nationality, country of birth and SEN)
- Attendance information (such as sessions attended, number of absences and absence reasons)
- Relevant medical records (such as the ‘Fitness to Teach & Disability Disclosure’)
- Referee statements Exam/assessment data (such as academic results)
- CCTV footage
We may also hold data that we have received from other organisations, including other educational providers, the London Borough of Barking and Dagenham, the Department for Education (DfE) and the National College for Teaching and Leadership.
Why we use this data
We use this data to help run BDSIP, including:
- to keep you informed about the course/programme/service you have signed-up for
- to keep you informed about future courses/programmes
- to check eligibility for entry onto courses/programmes
- to be able to run courses/events
- to be able to carry out school-to-school support
- for safeguarding reasons
- to track how well BDSIP’s courses and services are performing
- to carry out research
- to comply with the law regarding data sharing
Our legal basis for using this data
We only collect and use your personal data as permitted by law. Mostly, we process it where:
- we need to comply with a legal obligation
- we need it to perform an official task in the public interest
- we have obtained consent to use it in a certain way
Sometimes, we may also process your personal data in situations where:
- we need to protect the individual’s vital interests (or someone else’s interests)
Where we have obtained consent to use your personal data, this consent can be withdrawn at any time. We will make this clear when we ask for consent. If you wish to withdraw your consent, then please email the Data Protection Officer at firstname.lastname@example.org. Some of the reasons listed above for collecting and using your personal data overlap, and there may be several grounds which justify our use of this data.
Collecting this information
While most of the information we collect about you is mandatory, there is some information that we request you provide voluntarily. Whenever we seek to collect information from you, we will make it clear whether providing it is mandatory or optional. We will always tell you if it is optional.
How we store this data
We keep personal information about you for a maximum of six years after the completion/commissioning of the course/programme/services. We will only keep it for longer if this is necessary in order to comply with our legal obligations. We have a records management policy which sets out how long we must keep information for. The policy can be requested by emailing email@example.com.
We do not share information about you with any third party without consent unless the law and our policies allow us to do so. Where it is legally required or necessary (and it complies with Data Protection Law) we may share personal information with:
- the London Borough of Barking and Dagenham
- The Department for Education (a government department)
- Educators and examining bodies
- Appropriate Bodies for registering NQTs
- Regulator e.g. Ofsted
- Suppliers and service providers – so that they can provide the services we have contracted them for
- Financial organisations – for course/service fees
- Central government
- Professional advisers and consultants – to support with the development and management of BDSIP
- Police forces, courts, tribunals, etc
Transferring data internationally
Where we transfer personal data to a country or territory outside the European Economic Area, we will do so in accordance with GDPR.
Your rights regarding personal data
Individuals have a right to make a ‘subject access request’ to gain access to personal information that BDSIP holds about them. If you make a subject access request, and if we do hold information about you, we will:
- give you a description of it
- tell you why we are holding and processing it, and how long we will keep it for
- explain where we got it from, if not from you
- tell you who it has been, or will be, shared with
- let you know whether any automated decision-making is being applied to the data, and any consequences of this
- give you a copy of the information in an intelligible form
Individuals also have the right for their personal information to be transmitted electronically to another organisation in certain circumstances. If you would like to make a request, please contact our Data Protection Officer by emailing firstname.lastname@example.org.
Under GDPR, individuals have certain rights regarding how their personal data is used and kept safe, including the right to:
- object to the use of personal data if it would cause, or is causing, damage or distress
- prevent it being used to send direct marketing
- object to decisions being taken by automated means (by a computer or machine, rather than by a person)
- have inaccurate personal data corrected and, in certain circumstances, deleted or destroyed, or restrict processing
- claim compensation for damages caused by a breach of the Data Protection Regulations
To exercise any of these rights, please contact our Data Protection Officer.
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance by contacting the Data Protection Officer. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
If you have any questions, concerns or would like more information about anything mentioned in this privacy notice, our Data Protection Officer is Jess Gosling who can be contacted by email at email@example.com.
This notice is based on the Department for Education’s model privacy notice.