 |
|
St Olave’s & St Saviour’s Schools Foundation privacy
statement
At the Foundation, we take your privacy and personal data
seriously and we are committed to letting you know how we use
your personal information and to do so responsibly.
References to “we”, “us” and “our” in this Privacy Policy are
references to the St Olave’s & St Saviour’s Schools
Foundation, a charity registered in England and Wales, No.
1181857.
We aim to ensure that all personal data collected, stored and
processed is managed in accordance with the General Data
Protection Regulations (GDPR). The Foundation seeks to hold the
minimum amount of information required to enable it to perform
its functions.
Personal data refers to any information relating to an
identified or identifiable natural living person. This includes
information such as name or other identifier, location
information or another online identifier (including email
address). In addition, there are additional special categories
of personal data which we may collect, including racial or
ethnic origin and age.
We will only hold and process data in accordance with the
information provided below. Data may be held in both paper and
electronic formats. We collect information directly from
yourself or from a grant application.
The GDPR requires that personal data be dealt with according to
six principles, which the Foundation follows:
- Information is processed lawfully, fairly and in a
transparent manner;
- Information is collected and processed for specific,
explicit and legitimate purposes;
- Information is adequate, relevant and limited to what is
necessary;
- Information is accurate and kept up to date;
- Information is kept for no longer than is necessary; and
- Information is processed in a manner that ensures it is
appropriately secured.
We will only process personal data where:
- You have provided explicit consent;
- The data is required to enter into or fulfil a contract;
- We have a legal obligation to hold the data;
- The data is necessary to ensure your vital interests;
- If the data is necessary to perform tasks in the public
interest; or
- If we have a legitimate interest in processing the data to
achieve our charitable aims and objectives.
No automated decision making processes are operated by the
Foundation.
In the event that a third party has access to your personal
data through their operational role with the Foundation (for
example, the providers of IT support), we will obtain assurances
that their systems and processes are maintained in accordance
with the GDPR requirements.
1. Information about you
| 1.1. |
We will collect personal information from you when you
apply for a grant. This may include your name, title,
physical and email addresses, telephone numbers, bank
details, age and any further information which we require
or you divulge to us in relation to your grant
application. |
| 1.2. |
We will collect personal information from our trustees
and the governors at two schools, St Olave’s & St
Saviour’s Grammar School in Orpington and St Saviour’s
& St Olave’s School in Southwark. This may include
your name, title, physical and email addresses, telephone
numbers, date of birth, nationality and country of birth
and any further information which we require you to
divulge to us in order that we and the two schools may
satisfy legal and regulatory requirements. We will collect
personal information from our staff sufficient to deliver
our regulatory and other responsibilities to those
individuals. |
| 1.3. |
We will collect limited personal information from other
individuals who contact the Foundation regarding our work
or where we are made aware of individuals who might assist
with the dissemination of our work or encourage grant
applications. This will include those who make appeals to
the two schools regarding admissions or where the
Foundation acts to administrate meetings or hearings on
behalf of the two schools. |
| 1.4. |
We will not sell or pass on to any organisation personal
information other than as identified in this policy,
without explicit consent. |
2. Our use of your information
| Grants |
| 2.1. |
We will use your personal information to process your
grant request, communicate with you and if successful,
make payments to you. Your grant application confirms your
explicit consent for us to process your data for these
purposes. We maintain an electronic grants recording
system on which your data will be held. |
| 2.2. |
We may share the information provided in your grant
application or that you subsequently provide to us, with
other grant funders who might be more suited to your
particular application or where we are unable to fund you
for some other reason. We will only do this where we
believe there is a reasonable chance that another
organisation might be in a position to provide you with a
grant. |
| 2.3. |
We may share your name, addresses and telephone numbers
together with basic information regarding your grant
application with the London Borough of Southwark or
organisations working in the area to monitor the overall
coverage and effectiveness of grant funding in the
Borough. We will not share your bank details for these
purposes. |
| Trustees |
| 2.4. |
If you are a trustee of the Foundation, we will share
your name, addresses and telephone numbers with the
governors of St Olave’s & St Saviour’s Grammar School
in Orpington and St Saviour’s & St Olave’s School in
Southwark. We will also provide to the Charity Commission,
information they require for the maintenance of our
charitable status. Any further information you provide to
us for any other purpose, will be used for that purpose
only. For specific actions or projects, we reserve the
right to share contact details with trusted professional
advisors so that direct communication can be made if
necessary. We will not do this as a matter of course. Your
name will remain on minutes from meetings you have
attended and to record your time as a trustee,
indefinitely, as part of our historic records. |
| School Governors |
| 2.5. |
If you are a governor of St Olave’s & St Saviour’s
Grammar School in Orpington or St Saviour’s & St
Olave’s School in Southwark or are a member of the senior
team or other member of staff or where we have been
provided with personal information for any purpose, we
will share your name, addresses and telephone numbers with
our trustees (other than senior staff or other staff at
each school where only email addresses will be shared) and
with the governors of the two schools and with the senior
staff of the school of which you are a governor. We will
also share such information with the relevant Local
Authority and Diocesan Board of Education as requested by
them. Your information will also be used to complete
statutory and other requirements for disclosure to the DfE
or its successors, other regulatory bodies and as required
by the school to include on the school website. We will
not share your personal information with others without
your consent. Your name will remain on minutes from
meetings you have attended and to record your time as a
governor, indefinitely, as part of the historic records of
the Foundation and records required to be maintained by
the schools. |
| Foundation Staff |
| 2.6. |
Appropriate staff information will be shared with other
organisations to ensure that the Foundation office can
operate in accordance with its regulatory requirements,
statutory requirements and with third party organisations
which provide services to the Foundation on its behalf.
These latter include but are not limited to organisations
providing payroll and pension services and life assurance
or other insurance services. Other organisations involved
in assisting the Foundation manage its operations may have
access to information (for example, IT providers). |
| 2.7. |
We will not sell or pass on to any organisation not
explicitly involved in the management of the Foundation or
any necessary statutory body, any information we hold
about you. |
| 2.8. |
Your name will remain on minutes from meetings you have
attended and to record your time as a member of staff,
indefinitely, as part of the historic records of the
Foundation. |
| School Admissions
Appeals |
| 2.9. |
We provide each of the two Foundation schools with a
service to assist in their admissions appeals. We will
hold the appeal documentation and applications (including
all personal data included) for up to one year after the
appeal is heard. We will share your data with the
independent clerk to the admissions appeal panel and with
the panel members, to enable the hearing to take place. We
will share your personal data with the Local Authority,
the DfE or anyone undertaking any role in investigating
the admissions appeals process or for any other formal
hearing. We will not use your information for any other
purpose than to expedite the admissions appeal hearing and
any relevant follow up. |
| Other School Hearings |
| 2.10. |
The Foundation provides a service to the two Foundation
schools to administer hearings and other meetings on
behalf of the governors. In the event that a hearing is
required, the Foundation will hold the minimum personal
data of anyone involved commensurate with their attendance
and engagement with the hearing. |
| Other School Staff
Matters |
| 2.11. |
In the event that we provide any other services or
actions for or on behalf of a member of staff, we will
collect the minimum data required to undertake the
relevant service or action. This data may be shared with
external organisations in order to complete the service or
action. |
| Audit |
| 2.12. |
In order to undertake their work, we will share
documents and other records with our auditors. This may
include personal information in respect of anyone with
whom we engage. This data will be incidental to the
completion of the audit and will not be shared any
further. |
| Legal |
| 2.13. |
In the event that a circumstance arises where we are
required to share personal data with lawyers, we reserve
the right to provide that data to them in accordance with
legal obligations. |
3. Security
| 3.1. |
We will take reasonable precautions to prevent the loss,
misuse or alteration of information you give to us. We may
communicate with you by email and such communications will
not be encrypted. |
| 3.2. |
Whilst we will endeavour to keep our systems and
communications protected against viruses and other harmful
impacts, we cannot bear responsibility for all
communications being virus free. |
| 3.3. |
In the unlikely event of a suspected data breach, we
will investigate the circumstances and if a breach appears
likely, inform the Warden (Chair) of the Foundation and if
necessary, the Information Commissioners Office (ICO)
within 72 hours of the suspected breach being identified.
If we believe there is a risk of a potential impact on
you, eg the risk of a financial loss, we will contact you
directly to inform you of the breach. We will record all
suspected breaches in our internal breach log. In the
event that a breach has been suspected, we will take
actions to mitigate the risks to you. |
| 3.4. |
All staff are provided with training on our data
protection policies as part of their induction process. |
4. Retention
| 4.1. |
We will keep your personal data for the period that your
grant is active and for a further six financial years. We
will keep financial records in accordance with government
requirements (currently six financial years after the year
in which the final payment is made) and a summary of
grants given and to whom, indefinitely. |
| 4.2. |
Where a grant application is not successful, we will
keep your personal data for one financial year after the
year in which you apply. We will however keep a record of
your name, a short description of what you applied for and
that you did not receive a grant, indefinitely. |
| 4.3. |
We will keep governor and trustee data for the period
that you are a governor or trustee and for a further six
years. We will keep a record of who has acted as a trustee
or governor and the dates of their appointments,
indefinitely. |
| 4.4. |
We will keep staff data for the period that you are
employed and for a further six financial years after the
year in which you leave. |
| 4.5. |
We will keep data provided on application for a job with
us for six months after the start date of the person in
the post advertised. |
| 4.6. |
We will keep admissions appeal data for up to one year
after the appeal is heard. |
| 4.7. |
We will keep information arising from other school
hearings for up to six years after the date of the
hearing. |
| 4.8. |
We will keep information provided by school staff for
any service or action by the Foundation for up to six
years after the date of the completion of the service or
action. |
5. Cookies
| 5.1. |
If cookies are used, they will only be used to assist
the purposes set out in this policy. |
6. Subject Access Requests
| 6.1. |
You have the right to make a “subject access request” to
gain access to the personal information that the
Foundation holds about you. This must be made in writing
to the Foundation office and proof of identity will be
required before the request can be processed. We will
process your request within one month of receiving both
your request and your proof of identity. The right to make
a request is extended to individuals who hold Power of
Attorney for an individual, who can make requests on
behalf of that individual providing they provide proof of
identity and the original Power of Attorney document. |
| 6.2. |
You can request the information we hold about you and
the purposes that we are using it for. You can ask us to
stop or restrict our processing of your information,
require us to correct information we hold about you that
is wrong or to erase all the information we hold about
you. If you want us to do any of these, then please email
us at grants@stolavesfoundation.co.uk. |
| 6.3. |
If we consider a request to be unfounded or excessive,
we may refuse to act or charge a reasonable fee to take
into account the cost of processing the request. If we
refuse a request, we will tell you why and that you have
the right to complain to the ICO. |
7. Other information
| 7.1. |
The Data Controller for the Foundation is the Chief
Executive who can be contacted at grants@stolavesfoundation.co.uk
or by mail at our offices or by another means of
communication agreed with staff or the Chief Executive. |
| 7.2. |
If you are dissatisfied with the way we have processed
your personal data, you should raise your concerns with us
as soon as possible. If you are dissatisfied with the way
we have handled your concern, you may ask the Information
Commissioner to look into the matter. Details of how to do
this can be found at www.ico.org.uk/concerns. |
|
The Magic Lantern
|
|
Privacy
statement