EnquireRegister

THE GLOBAL BRITISH SCHOOL

Academy Privacy and GDPR Policy

Effective Date: 01.07.2024

Last Updated: 01.07.2024

The Global British School (“TGBS,” “we,” “our,” or “us”) is committed to ensuring that all personal data
collected from staff, pupils, parents, visitors, and other individuals is handled in compliance with UK data protection laws. This Privacy Policy applies to all personal data, regardless of whether it is in digital or paper format.

1. Aims

This policy aims to:
1.1 Ensure that all personal data collected and processed by The Global British School is managed in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1.2 Maintain transparency regarding the collection, usage, storage, and sharing of personal data.
1.3 Uphold individuals’ rights regarding their personal information.

2. Legislation and Guidance

This policy aligns with the following legal requirements:
2.1 UK General Data Protection Regulation (UK GDPR)
2.2 Data Protection Act 2018
2.3 Protection of Freedoms Act 2012 (for biometric data use)
2.4 Education (Pupil Information) (England) Regulations 2005

3. Definitions

Personal Data: Any information that can be used to identify an individual.
Special Categories of Personal Data: Sensitive information such as racial or ethnic origin, political opinions, religious beliefs, trade union membership, health data, genetics, and sexual orientation.
Processing: Any action performed on personal data, whether automated or manual.
Data Subject: The individual whose personal data is being processed.
Data Controller: The entity that determines the purpose and means of processing personal data.
Data Processor: A party that processes data on behalf of the Data Controller.
Personal Data Breach: A breach of security leading to accidental or unlawful loss, disclosure, alteration, or destruction of personal data.

4. The Data Controller

The Global British School acts as the Data Controller and is registered with the UK Information Commissioner’s Office (ICO). The school is responsible for ensuring compliance with data protection laws and has appointed a Data Protection Officer (DPO) to oversee compliance.

5. Roles and Responsibilities

This policy applies to all staff and external parties working on our behalf. Non-compliance may
result in disciplinary action.

5.1 Governing Board: Ensures compliance with data protection obligations.
5.2 Data Protection Unit (DPU): Oversees data protection strategies and implementation, ensuring that the school remains compliant with UK GDPR regulations. The DPO monitors data processing activities, advises on data protection obligations, manages data breaches, and acts as a point of contact for individuals and regulatory authorities. The DPU also ensures staff are trained in data protection practices. Contact: [email protected]
5.3 Headteacher: Represents the Data Controller in daily operations.
5.4 All Staff: Must collect, store, and process data in line with this policy and report any data breaches to the DPO.

6. Data Protection Principles

All personal data must adhere to the following principles:

6.1 Lawfulness, Fairness, and Transparency: Data must be processed legally, fairly, and in a transparent manner.

6.2 Purpose Limitation: Data should only be collected for specific, explicit, and legitimate purposes.

6.3 Data Minimization: Only the necessary amount of personal data should be collected and processed.

6.4 Accuracy: Data must be kept accurate and up to date, with necessary measures to correct or delete inaccuracies.

6.5 Storage Limitation: Personal data should not be retained longer than required for its intended purpose.

6.6 Integrity and Confidentiality: Appropriate security measures should be in place to protect personal data from unauthorized or unlawful processing, accidental loss, destruction, or damage.

7. Collecting Personal Data

7.1 Types of Information Collected: We collect personal information about pupils, parents, staff, and other stakeholders during admissions and throughout service delivery. This may also include data from previous schools, local authorities, and regulatory bodies.

7.2 Categories of Personal Data: We obtain and process the following categories of personal information:

  • Contact details (name, email address, postal address, telephone number)
  • Date of birth
  • Characteristics (ethnic background, additional educational needs)
  • Identification proof
  • Financial information (bank details)
  • Academic records (test and examination results)
  • Support details (plans and support providers)
  • Behavioural records
  • Attendance records
  • Safeguarding information
  • Health information
  • References from previous schools or education providers
  • References given to future schools or education providers
  • Correspondence between the school and pupils/parents

7.3 Lawfulness, Fairness, and Transparency: We process personal data in accordance with the following legal bases:

  • To pursue legitimate interests of the school or a third party, provided these interests do not override the rights and freedoms of the individual.
  • To comply with a legal obligation.
  • To safeguard the vital interests of the individual or another person.
  • To fulfill a contract with the individual or to take steps at their request prior to entering into a contract.
  • To carry out a task in the public interest or in the exercise of official authority.
  • With the explicit consent of the individual.

8. Sharing Personal Data

We share personal data only when necessary and with appropriate safeguards in place to ensure compliance with UK data protection laws. Personal data may be shared in the following circumstances:

  • With staff and teachers for the effective administration of education and related school activities.
  • With regulatory bodies such as OFSTED and ISI, as required for compliance and school evaluation.
  • With government authorities, including the Department for Education (DfE) and HM Revenue & Customs (HMRC), where legally mandated.
  • With third-party service providers, such as IT service providers, who support the school’s operations under strict data protection agreements.
  • With other educational institutions, including examination boards, where necessary for academic purposes.
  • In emergency situations, with relevant emergency services to protect the safety and welfare of individuals.

We do not disclose personal data about pupils or parents to advertisers, nor do we sell personal information to any organisation for marketing purposes.

We require all third parties to adhere to UK data protection laws.

9. Subject Access Requests and Other Rights

Individuals have the right to:

  • Access their personal data.
  • Restrict the processing of their data where applicable.
  • Request the deletion of their data in certain circumstances.
  • Request the correction of inaccurate or incomplete data.
  • Object to the processing of their personal data.
  • Request the transfer of their data to another organisation (data portability).
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with the Information Commissioner’s Office (ICO) if they believe their data rights have been violated.

All requests must be submitted to the Data Protection Unit (DPU). Staff members must promptly forward any received requests to the DPU for appropriate handling.

10. Parental Requests for Access to the Educational Record

Parents have the right to request access to their child’s educational record. All requests must be submitted in writing and will be processed within two working weeks.

11. Data Security and Record Storage

Personal data is safeguarded through encryption and password-protected systems. Data is retained in accordance with the school’s retention schedule and securely disposed of once it is no longer required.

12. Personal Data Breaches

The Data Protection Officer (DPO) is responsible for documenting and managing data breaches. If required, the DPO will report the breach to the Information Commissioner’s Office (ICO) within 72 hours.

ICO Contact Details:

Website: ICO Website

Telephone: 0303 123 1113 or +44 1625 545 700

Email: [email protected]

Postal Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom.

13. Photographs and Videos

We obtain written consent before using photos or videos for promotional purposes. Consent can be withdrawn at any time.

14. Data Protection by Design and Default

We ensure compliance by:

Conducting data protection impact assessments.

Training staff on data protection responsibilities.

Keeping detailed records of processing activities.

15. Training

All staff and governors receive mandatory data protection training during induction and ongoing professional development.

16. Monitoring and Review

This policy is reviewed annually by the DPO to ensure compliance with legal and regulatory changes.

17. Contact Us

For any data protection concerns, contact:

The Global British School

Email: [email protected]

Address: 78-80 Burley’s Way, Leicester, England, LE1 3BD

By using our services, you agree to this Privacy Policy.

Get Started Today

Reach out to us for more information and discover how we can support your learning journey.