Data Privacy Notice in compliance with GDPR
Walhampton is fully compliant with EU General Data Protection Regulations (GDPR) and is committed to EU data protection requirements (applicable to us as a data controller). We recognise the need for appropriate protection and management of any personally identifiable information (personal information) you share with us. Meaning, we don't collect and process users' personal information beyond what is legally required for the functioning of our products and services.
Personal information means any information that may be used to identify an individual, including, but not limited to, a first and last name, a home or other physical address, an email address or other contact information; whether at work or at home. In general, you can visit our web pages without telling us who you are or revealing any personal information about yourself.
There are many people involved with the Walhampton School Community; pupils, parents/guardians, suppliers, contractors and service providers, prospect employees, prospect parents/pupils and alumni.
This Privacy Notice provides details of the personal data we collect from each of these groups of people, what we do with it, how it can be accessed and who it might be shared with.
Our Contact Information (Data Controller)
Company Email: firstname.lastname@example.org
What we do with your personal data?
We process personal data only for the purposes for which it is collected. These purposes include the provision of the education services necessary to sustain the relationship between our school, and pupils, parents/guardians, as well as the running and maintenance of the school and support of pupils through service providers, contractors and suppliers.
How do we look after personal data?
We limit the amount of personal data collected only to what is fit for the purpose, as described above. We restrict, secure and control all of our information assets against unauthorised access, damage, loss or destruction; whether physical or electronic. We retain personal data only for as long as is described below to respond to your requests, or longer if required by law. If we retain your personal data for historical or statistical purposes we ensure that the personal data cannot be used further. Some personal data, including names and photographs, may be kept in our secure school archives (physical and digital). Digital archives are password protected. While in our possession, together with your assistance, we try to maintain the accuracy of your personal data.
What personal data do we collect?
While the majority of information provided to us is mandatory, some of it is given on a voluntary basis. We will inform you whether you are required to provide certain information to us or if you have a choice in this.
Personal data that we collect includes:
·?????? Date of Birth/Birth Certificate?
·?????? Car registration number
·?????? Confidential correspondence
·?????? Digital images with identifiers
·?????? Education history
·?????? Employment history
·?????? Location data
·?????? Name and surname
·?????? National insurance number
·?????? Online identifiers
·?????? Postal address
·?????? Social Media
·?????? Telephone contact details
For some groups we are also required to collect sensitive personal data, for example: photo ID, disclosures and types of disability. In these instances, we are either required under law to do so, or gain consent from the data subject.
Should we intend to use the information for any?further?purpose, we will always inform you beforehand.
Who are our Data Subjects?
GDPR compliance requires data subjects (individuals) to be granted certain rights. What follows is not an exhaustive list, but those rights that are relevant to the collection, processing, and storage of personal data.
·?????? For our?Parents/Legal Guardians?we process and retain personal data for the purpose of general administration, communication, email and financial information. This information is held with the consent of the data subject and archived on the last child leaving Walhampton and kept until the last child reaches 25 years, upon which it is securely destroyed.
·?????? For our?Pupils?we process and retain personal data for the purpose of general administration, accommodation, assessments, attainments and exam administration, IT security, communication, pastoral care, health and well-being information. This information is held with the consent of the parent/legal guardian of the pupil and archived on the pupil leaving Walhampton and kept until the last child reaches 25 years, upon which it is securely destroyed.
·?????? For our?Site Visitors?we process and retain personal data for the purpose of controlling physical access to the school, which is in our legitimate interest. This data is held for 1 year and securely destroyed thereafter.
·?????? For our?Suppliers, Service Providers and Contractors?we process and retain personal and business data in our legitimate business interest for as long as their service is required.
·?????? For our?Alumni?we process and retain personal data for communication, social, visiting and fundraising purposes, for which we have their consent, and for archiving purposes which is in our legitimate interest.?
·?????? For our?Prospect Employees?we process and retain personal data for the purpose of recruitment, with their consent, and kept for a period of 1 year.
·?????? For our Prospect Parents/Pupils we process and retain personal data for the purpose of responding to enquiries and providing information, with the data subjects consent, for a period of up to 2 years.
Who might we share your personal data with?
We do not share information with anyone without consent, unless the law and our policies allow us to do so.
Some personal data is held on secure digital systems by our data processors, we also share personal data with other organisations, including the government department for education, our local authority and other schools as is required for the effective running of the school and welfare of our pupils.
If you would like more information on who we share personal data with, for specific data subjects, please contact email@example.com
What other policies might affect me?
Please read our policies on the use of Photography and Video images and other policies relating to this subject. If you have any questions, please contact firstname.lastname@example.org
How can you access your personal data?
You reserve the right to request and obtain confirmation that data is or is not being collected on them and if so, exactly what data is being collected, how, where, and for what purposes. This data can be manually requested email@example.com?and provided in an electronic format free of charge.
To make a request for your personal data, or to be given access to your child's educational record, please email firstname.lastname@example.org
You also have the right to:
·?????? object to the processing of personal data that is likely to cause, or is causing damage or distress
·?????? prevent processing for the purposes of direct marketing
·?????? object to decisions taken by automated means
·?????? in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed
·?????? claim compensation for damages caused by a breach of data protection regulations
Right to Be Forgotten
Should data subjects at anytime wish to withdraw their consent and no longer allow Walhampton to store their personal data, this request can be manually made email@example.com. Please be sure to include the full name (including any prefixes) and email address of whom the data is in reference to.?
Similar to the Right to Access, Data Portability requires that data subjects are able to request, obtain, and/or transfer possession of collected data at any time. As mentioned above, this data can be manually requested firstname.lastname@example.org, and provided in an electronic format free of charge. Please be sure to also include the full name (including any prefixes) and the relevant contact information relating to the individual or organisation whom you wish the data to be transferred to.
Should Walhampton encounter a breach/unauthorised access of personal data that is likely to "result in a risk for the rights and freedoms of individuals", Walhampton will ensure that a notification is made within 72 hours of becoming aware of the breach. To report breach of data protection please email email@example.com.
We strive to comply with all applicable laws that are designed to protect your privacy. It is our goal is to provide protection for your personal information no matter where that personal information is collected, transferred or retained. Walhampton does aim to keep your data secure in line with all our policies and procedures.
We may need to disclose your data to appropriate persons where required by law.
Walhampton reserves the right to change this statement at any time.
Our Data Protection Officer
Please direct any queries, data subject requests or breach notifications for the attention of our Data Protection Officer, Rebecca Williams, Operations Director.
Telephone: 01590 613300
Address: Walhampton School, Lymington SO41 5ZG
Our Supervisory Authority
You have the right to lodge a complaint with any Supervisory Authority.
Cookies and Other Tracking Technologies
Some of our web pages utilise "cookies" and other tracking technologies. Cookies are small pieces of data, stored in text files that are stored on your computer or other device when websites are loaded in a browser. They are widely used to 'remember' you and your preferences, either for a single visit (through a 'session cookie') or for multiple repeat visits (using a 'persistent cookie'). They ensure a consistent and efficient experience for visitors, and perform essential functions such as allowing users to register and remain logged in. Cookies may be set by the site that you are visiting (known as 'first party cookies'), or by other websites who serve up content on that site ('third party cookies').
To protect your privacy, we have adopted the following principles:
Where Walhampton collects personal information on the web, we intend to post a purpose statement that explains why personal information will be collected and whether we plan to share such personal information outside of Walhampton or those working on our behalf. Walhampton does not intend to transfer personal information without your consent to third parties who are not bound to act on our behalf, unless such a transfer is legally required.
You may choose whether or not to provide personal information to Walhampton. The notice we intend to provide where we collect personal information on the web should help you to make this choice.
If you choose to have a relationship with Walhampton, such as a contractual or other business relationship or partnership, we will naturally continue to contact you in connection with that business relationship.
Wherever your personal information may be held within Walhampton or on its behalf, we intend to take reasonable and appropriate steps to protect the personal information that you share with us from unauthorised access or disclosure.
We are committed to privacy and through our membership in the Online Privacy Alliance, are actively involved in and support current industry initiatives to preserve individual privacy rights on the Internet. Protecting your privacy online is an evolving area, and our websites are constantly evolving to meet these demands.
·????? Your Consent
We are committed to protecting your right to privacy. Walhampton respects your privacy and we will use our best efforts to ensure that the information you provide remains private. Information provided will only be stored on computers based in the UK.
For control of our business, our website logs IP addresses, which is the automatic number assigned to your computer when you surf the web. The IP address allows us to anonymously track visitors’ usage on our website. Your IP address is not connected to any personally identifiable or online contact information, like a name and address, so you remain anonymous at all times.
Walhampton does not use any other cookies on its website.
Cookies set by Google Analytics (analytics.js)
Cookie Name: _ga
Description: Used to distinguish users.
Expiration Time: 2 years.
Cookie Name: _gid
Description: Used to distinguish users.
Expiration Time: 24 hours.
Cookie Name: _gat
Description: Used to throttle request rate.
Expiration Time: 1 minute.
Cookie Name: AMP_TOKEN
Description: Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.
Expiration Time: 30 seconds to 1 year.
Cookie Name: _gac_
Description: Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out.
Expiration Time: 90 days.
Cookies set by Google Analytics (ga.js)
Cookie Name: __utma
Default Expiration Time: 2 years from set/update.
Cookie Name: __utmt
Description: Used to throttle request rate.
Default Expiration Time: 10 minutes.
Cookie Name: __utmb
Default Expiration Time: 30 mins from set/update.
Cookie Name: __utmc
Description: Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.
Default Expiration Time: End of browser session.
Cookie Name: __utmz
Default Expiration Time: 6 months from set/update.
Cookie Name: __utmv
Description: Used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics.
Default Expiration Time: 2 years from set/update.
If you wish for your visit to our site NOT be tracked, send a "Do Not Track" request with your browsing traffic.