Bede’s Trust Privacy Notices
The European Union General Data Protection Regulation (GDPR) May 2018, comprises rules on giving privacy information to individuals whose data is held by an organisation (data subjects). Consequently, detailed and specific privacy information has been provided.
The GDPR states that the information provided to data subjects about how their personal data is processed must be:
- concise, transparent, intelligible and easily accessible;
- written in clear and plain language, particularly if addressed to those under 18; and
- free of charge.
Subsequently, the Trust, as a data controller, has produced a comprehensive, overarching privacy notice detailing privacy responsibilities, and summary privacy notices for the following data subject groups: parents, pupils over the age of 13, staff, governors and alumni.
Each privacy notice deals with two sources of data: that obtained directly from you, the data subject and that obtained from others/elsewhere. Where applicable, for both sources, the identity of the data handler and the Data Compliance Manager are provided. Any queries should be addressed to the Trust’s Data Compliance Manager who can be contacted at email@example.com.
d. Bede's Trust Privacy Notice for Parents or Guardians of children at or applying to join the Trust
- Related Polices
- User-Supplied Information
- Usage and Web Server Logs
- Third Party Services
- Cookies Policy
- Who Has Access to Personal Information
- How is My Personal Information Protected?
- Links to other websites
- How May I Collect, Amend, or Delete My Personal Data and/or Change the Information I Receive?
- Policy Review Schedule
The Trust has made a strong commitment to ensuring that your privacy is well protected. If at any point you are asked to provide any data by which you can be identified when using this website, you can be assured that it will only be used in strict accordance with the Bede’s Trust Privacy Notice, which can be found at the top of this page.
1. Related Policies
- Trust Privacy Notice
- Security Policy and Procedures (Trust)
2. User-Supplied Information
When you register interest in the Bede’s Trust, or order uniform either online or directly with us, we ask you to provide some personal information, for example, your name, address, phone number, email address, if required, payment card or bank information, and/or certain additional categories of information resulting from use of our websites and services, such as your child’s details. We maintain this information in our Management Information Systems to administer Bede’s Trust and support our students and their families.
We may use certain information you provide to offer you information that we believe may be of interest to you or for our market research purposes to improve the educational experience of Bede’s Trust. You will be invited to participate in this research and/or subscribe to lists through a strict opt-in system which the Trust requires in order to confirm your consent. If you have any questions or concerns about the use of your data for marketing or any other purposes please do not hesitate to contact the Data Compliance Manager at firstname.lastname@example.org.
4. Usage and Web Server Logs
When you visit our websites, we may track information about your usage and/or visit, and store that information in usage or web server logs, which are records of the activities on sites. Our servers automatically capture and save the information electronically. Examples of the information we may collect include:
- Your unique Internet protocol address
- The name of your unique Internet service provider
- The city, and country from which you access our website
- The kind of browser or computer you use
- The number of links you click within the site
- The date and time of your visit
- The web page from which you arrived to our site
- The pages you viewed on the site
- Certain searches/queries that you conducted via our product(s) and/or website(s)
5. Third Party Services
Analytics tools serve cookies through our products or website and collect aggregated data on an anonymised basis about visitors’ use of the product or website. The data collected enables us to understand aggregated visitor activity and how we may improve our website. This data is collected and used on an anonymised, aggregated basis only and does not enable any visitor to be personally identified. You can chose to opt out of using Google Analytics cookies here.
5.1 What We Collect
We only collect the following information if you specifically supply it by requesting a prospectus or making an open morning booking:
- name and name(s) and age(s) of your children
- contact information including email address
- demographic information such as postcode, preferences and interests
- other information relevant to admissions
This data will only be used in strict accordance with the Bede’s Trust Privacy Notice, which can be found at the top of this page. If you have any questions or concerns about the use of your data for this purpose or any other please do not hesitate to contact the Data Compliance Manager at email@example.com.
6. Cookies Policy
You have the right to refuse or disable cookies served through our products or website although, if you choose to do so, certain functionality may subsequently become unavailable to you. As the means by which you may do this vary from browser to browser, we recommend that you visit your browser's help menu for further information or the following website: https://www.aboutcookies.org/.
7. Who Has Access to Personal Information?
We will not sell, rent, or lease mailing lists or other customer data to others, and we will not make your personal information available to any unaffiliated parties, except as follows:
- To agents and/or contractors who may use it on our behalf or in connection with their relationship with us (for example, we may use third parties to help us with promotional campaigns).
- As required by law, in a matter of public safety or policy.
The Trust will take steps to ensure that any third parties who have contracts with the Trust have equalled the Trust’s precautions and systems for dealing with data.
We share some of our administrative functions with other Bede’s Trust companies, such as Dicker Enterprises Limited (trading as the Bede’s School Shop) and Letchfield Properties. These companies form the St Bede’s School Trust Sussex, and as such, are held accountable under the same policies and procedures.
Your access to some of the website’s content may be password protected. We strongly advise that you refrain from disclosing your username(s) and password(s) to anyone. We also strongly recommend that you sign out of that website account at the end of each session. You may also wish to close your browser window on ceasing each session, especially if you share a computer with someone else or if you are using a computer in a public place.
8. How is My Personal Information Protected?
We maintain administrative, technical and physical safeguards to protect against loss, misuse or unauthorised access, disclosure, alteration or destruction of the personal information provided to us.
As a UK educational establishment, inspected by the Independent Schools Inspectorate (ISI), the safety of our students and their families is our main priority at all times. All of our staff and volunteers are engaged in using safe recruitment processes following vetting and barring scheme procedures issued by the UK Government. Access to data held by our Trust is only granted when staff and volunteers pass such vetting processes.
Bede’s Trust complies with Data Protection/Privacy regulations, laws and industry best practices in respects to security around personal information.
All of our staff are required to regularly review the Information Security policy and the Trust’s Privacy Notice and attend training.
We have implemented certain appropriate security measures to help protect your personal information from accidental loss and from unauthorized access, use, or disclosure. For example, some areas of our websites, such as our Parent Portal and Virtual Learning Environment, are protected with Secure Sockets Layer (SSL) technology. Also, we store the information about you in a data centre with restricted access and appropriate monitoring, and we use a variety of technical security measures to secure your data. In addition, we use maintained firewalls and virus protection software.
Also, please note that we may store and process your personal information in systems located outside of your home country. Currently, this is restricted to online payments for our shop website and obtaining references, however this is not a limited list and is liable to change. Regardless of where storage and processing may occur, we take appropriate steps to ensure that your information is protected, consistent with the principles set forth under this policy, and as required under Data Protection/Privacy laws such as the Data Protection Act, 2018. We also regularly audit our suppliers to ensure compliance with this policy. By giving your information you consent to these transfers.
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities. We will do this within the 72 hours of the breach taking place if it is apparent that personal data stored in an identifiable manner has been stolen.
9. Links to other websites
The Bede’s Trust website may contain links to other websites which are of interest to you. It should be noted that once you have used these links to leave our site, we do not have any control over those other websites. Consequently, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites as these sites are not governed by this policy.
10. How May I Correct, Amend, or Delete My Personal Data and/or Change the Information I Receive?
You can view, amend, update or delete your personal data by contacting the Bede’s Trust Data Compliance Manager at firstname.lastname@example.org.
11. Policy Review Schedule
The Trust may change this policy from time to time by updating this page. You should thus check this page from time to time to ensure that you are happy with any changes. This policy is effective from 31 August 2018.
Owned by: Data Compliance Manager
Authorised by: SMT
Date: August 2018
Review Date: August 2019