Data Privacy Notice in compliance with GDPR

?

Walhampton is fully compliant with EU General Data Protection Regulations (GDPR) and is committed to EU data protection requirements (applicable to us as a data controller). We recognise the need for appropriate protection and management of any personally identifiable information (personal information) you share with us. Meaning, we don't collect and process users' personal information beyond what is legally required for the functioning of our products and services.

?

Personal information means any information that may be used to identify an individual, including, but not limited to, a first and last name, a home or other physical address, an email address or other contact information; whether at work or at home. In general, you can visit our web pages without telling us who you are or revealing any personal information about yourself.

?

There are many people involved with the Walhampton School Community; pupils, parents/guardians, suppliers, contractors and service providers, prospect employees, prospect parents/pupils and alumni.

This Privacy Notice provides details of the personal data we collect from each of these groups of people, what we do with it, how it can be accessed and who it might be shared with.

?

Our Contact Information (Data Controller)

Walhampton School
Lymington
SO41 5ZG
United Kingdom
Telephone: +441590613330

Company Email: gdpr@walhampton.com

What we do with your personal data?

We process personal data only for the purposes for which it is collected. These purposes include the provision of the education services necessary to sustain the relationship between our school, and pupils, parents/guardians, as well as the running and maintenance of the school and support of pupils through service providers, contractors and suppliers.

How do we look after personal data?

We limit the amount of personal data collected only to what is fit for the purpose, as described above. We restrict, secure and control all of our information assets against unauthorised access, damage, loss or destruction; whether physical or electronic. We retain personal data only for as long as is described below to respond to your requests, or longer if required by law. If we retain your personal data for historical or statistical purposes we ensure that the personal data cannot be used further. Some personal data, including names and photographs, may be kept in our secure school archives (physical and digital). Digital archives are password protected. While in our possession, together with your assistance, we try to maintain the accuracy of your personal data.

What personal data do we collect?

While the majority of information provided to us is mandatory, some of it is given on a voluntary basis. We will inform you whether you are required to provide certain information to us or if you have a choice in this.

Personal data that we collect includes:

·?????? Date of Birth/Birth Certificate?

·?????? Car registration number

·?????? Confidential correspondence

·?????? Digital images with identifiers

·?????? Education history

·?????? Email

·?????? Employment history

·?????? Location data

·?????? Name and surname

·?????? National insurance number

·?????? Online identifiers

·?????? Passport

·?????? Postal address

·?????? Social Media

·?????? Telephone contact details

For some groups we are also required to collect sensitive personal data, for example: photo ID, disclosures and types of disability. In these instances, we are either required under law to do so, or gain consent from the data subject.

Should we intend to use the information for any?further?purpose, we will always inform you beforehand.

Who are our Data Subjects?

GDPR compliance requires data subjects (individuals) to be granted certain rights. What follows is not an exhaustive list, but those rights that are relevant to the collection, processing, and storage of personal data.

·?????? For our?Parents/Legal Guardians?we process and retain personal data for the purpose of general administration, communication, email and financial information. This information is held with the consent of the data subject and archived on the last child leaving Walhampton and kept until the last child reaches 25 years, upon which it is securely destroyed.

·?????? For our?Pupils?we process and retain personal data for the purpose of general administration, accommodation, assessments, attainments and exam administration, IT security, communication, pastoral care, health and well-being information. This information is held with the consent of the parent/legal guardian of the pupil and archived on the pupil leaving Walhampton and kept until the last child reaches 25 years, upon which it is securely destroyed.

·?????? For our?Site Visitors?we process and retain personal data for the purpose of controlling physical access to the school, which is in our legitimate interest. This data is held for 1 year and securely destroyed thereafter.

·?????? For our?Suppliers, Service Providers and Contractors?we process and retain personal and business data in our legitimate business interest for as long as their service is required.

·?????? For our?Alumni?we process and retain personal data for communication, social, visiting and fundraising purposes, for which we have their consent, and for archiving purposes which is in our legitimate interest.?

·?????? For our?Prospect Employees?we process and retain personal data for the purpose of recruitment, with their consent, and kept for a period of 1 year.

·?????? For our Prospect Parents/Pupils we process and retain personal data for the purpose of responding to enquiries and providing information, with the data subjects consent, for a period of up to 2 years.

?

Who might we share your personal data with?

We do not share information with anyone without consent, unless the law and our policies allow us to do so.

Some personal data is held on secure digital systems by our data processors, we also share personal data with other organisations, including the government department for education, our local authority and other schools as is required for the effective running of the school and welfare of our pupils.

If you would like more information on who we share personal data with, for specific data subjects, please contact gdpr@walhampton.com

?

What other policies might affect me?

Please read our policies on the use of Photography and Video images and other policies relating to this subject. If you have any questions, please contact gdpr@walhampton.com

?

How can you access your personal data?

You reserve the right to request and obtain confirmation that data is or is not being collected on them and if so, exactly what data is being collected, how, where, and for what purposes. This data can be manually requested via?gdpr@walhampton.com?and provided in an electronic format free of charge.

?

To make a request for your personal data, or to be given access to your child's educational record, please email gdpr@walhampton.com

You also have the right to:

·?????? object to the processing of personal data that is likely to cause, or is causing damage or distress

·?????? prevent processing for the purposes of direct marketing

·?????? object to decisions taken by automated means

·?????? in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed

·?????? claim compensation for damages caused by a breach of data protection regulations

?

Right to Be Forgotten

Should data subjects at anytime wish to withdraw their consent and no longer allow Walhampton to store their personal data, this request can be manually made via?gdpr@walhampton.com. Please be sure to include the full name (including any prefixes) and email address of whom the data is in reference to.?

?

Data Portability

Similar to the Right to Access, Data Portability requires that data subjects are able to request, obtain, and/or transfer possession of collected data at any time. As mentioned above, this data can be manually requested via?gdpr@walhampton.com, and provided in an electronic format free of charge. Please be sure to also include the full name (including any prefixes) and the relevant contact information relating to the individual or organisation whom you wish the data to be transferred to.

?

Breach Notification

Should Walhampton encounter a breach/unauthorised access of personal data that is likely to "result in a risk for the rights and freedoms of individuals", Walhampton will ensure that a notification is made within 72 hours of becoming aware of the breach. To report breach of data protection please email gdpr@walhampton.com.

?

Data Security

We strive to comply with all applicable laws that are designed to protect your privacy. It is our goal is to provide protection for your personal information no matter where that personal information is collected, transferred or retained. Walhampton does aim to keep your data secure in line with all our policies and procedures.

We may need to disclose your data to appropriate persons where required by law.

This website contains links to other sites. Please be aware Walhampton is not responsible for the privacy policy of other websites. This privacy statement applies solely to information collected by walhampton.com.

If we decide to change our privacy policy we will post any changes to this web site.

Walhampton reserves the right to change this statement at any time.

?

Our Data Protection Officer

Please direct any queries, data subject requests or breach notifications for the attention of our Data Protection Officer, Rebecca Williams, Operations Director.

Email: gdpr@walhampton.com
Telephone: 01590 613300

Address: Walhampton School, Lymington SO41 5ZG

?

Our Supervisory Authority

You have the right to lodge a complaint with any Supervisory Authority.

The Information Commissioner’s Office?
United Kingdom
Water Lane, Wycliffe House?
Wilmslow - Cheshire SK9 5AF?
international.team@ico.org.uk
+44 1625 545 745?
www.ico.org.uk

?

Cookies and Other Tracking Technologies

Some of our web pages utilise "cookies" and other tracking technologies. Cookies are small pieces of data, stored in text files that are stored on your computer or other device when websites are loaded in a browser. They are widely used to 'remember' you and your preferences, either for a single visit (through a 'session cookie') or for multiple repeat visits (using a 'persistent cookie'). They ensure a consistent and efficient experience for visitors, and perform essential functions such as allowing users to register and remain logged in. Cookies may be set by the site that you are visiting (known as 'first party cookies'), or by other websites who serve up content on that site ('third party cookies').

Tracking technologies may record information such as Internet domain and host names; Internet protocol (IP) addresses; browser software and operating system types; clickstream patterns; and dates and times that our site is accessed. Our use of cookies and other tracking technologies allows us to improve our web site and your web experience. We may also analyse information that does not contain personal information for trends and statistics.

To protect your privacy, we have adopted the following principles:

·????? Notice

Where Walhampton collects personal information on the web, we intend to post a purpose statement that explains why personal information will be collected and whether we plan to share such personal information outside of Walhampton or those working on our behalf. Walhampton does not intend to transfer personal information without your consent to third parties who are not bound to act on our behalf, unless such a transfer is legally required.

·????? Choice

You may choose whether or not to provide personal information to Walhampton. The notice we intend to provide where we collect personal information on the web should help you to make this choice.

If you choose to have a relationship with Walhampton, such as a contractual or other business relationship or partnership, we will naturally continue to contact you in connection with that business relationship.

·????? Security

Wherever your personal information may be held within Walhampton or on its behalf, we intend to take reasonable and appropriate steps to protect the personal information that you share with us from unauthorised access or disclosure.

·????? Commitment

We are committed to privacy and through our membership in the Online Privacy Alliance, are actively involved in and support current industry initiatives to preserve individual privacy rights on the Internet. Protecting your privacy online is an evolving area, and our websites are constantly evolving to meet these demands.

If you have any comments or questions regarding our Online Privacy Policy, please contact us at?gdpr@walhampton.com. While we cannot guarantee privacy perfection, we will address any issue to the best of our abilities as soon as possible.

·????? Your Consent

By using this website, you consent to the terms of our Online Privacy Policy and to Walhampton processing personal information for the purposes given above, as well as those explained where we collect personal information on the web. Should the Online Privacy Policy change, we intend to take every reasonable step to ensure that these changes are brought to your attention by posting all changes prominently on our website for a reasonable period of time.

We are committed to protecting your right to privacy. Walhampton respects your privacy and we will use our best efforts to ensure that the information you provide remains private. Information provided will only be stored on computers based in the UK.

For control of our business, our website logs IP addresses, which is the automatic number assigned to your computer when you surf the web. The IP address allows us to anonymously track visitors’ usage on our website. Your IP address is not connected to any personally identifiable or online contact information, like a name and address, so you remain anonymous at all times.

Walhampton does not use any other cookies on its website.

?

Use of Cookies

This site only uses Google Analytics cookies. These are small files that a website inserts on your hard-drive when you visit a website. The Google Analytics cookies are used to track visits to our site and your journey through it. You may delete and block all cookies from this site, but parts of the site may not work if you do so. By using and/or registering on our site, you agree to the use of cookies by us.

Cookies set by Google Analytics (analytics.js)

Cookie Name: _ga
Description: Used to distinguish users.
Expiration Time: 2 years.

Cookie Name: _gid
Description: Used to distinguish users.
Expiration Time: 24 hours.

Cookie Name: _gat
Description: Used to throttle request rate.
Expiration Time: 1 minute.

Cookie Name: AMP_TOKEN
Description: Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.
Expiration Time: 30 seconds to 1 year.

Cookie Name: _gac_
Description: Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out.
Expiration Time: 90 days.

Cookies set by Google Analytics (ga.js)

Cookie Name: __utma
Description: Used to distinguish users and sessions. The cookie is created when the JavaScript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics.
Default Expiration Time: 2 years from set/update.

Cookie Name: __utmt
Description: Used to throttle request rate.
Default Expiration Time: 10 minutes.

Cookie Name: __utmb
Description: Used to determine new sessions/visits. The cookie is created when the JavaScript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics.
Default Expiration Time: 30 mins from set/update.

Cookie Name: __utmc
Description: Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.
Default Expiration Time: End of browser session.

Cookie Name: __utmz
Description: Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the JavaScript library executes and is updated every time data is sent to Google Analytics.
Default Expiration Time: 6 months from set/update.

Cookie Name: __utmv
Description: Used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics.
Default Expiration Time: 2 years from set/update.

If you wish for your visit to our site NOT be tracked, send a "Do Not Track" request with your browsing traffic.