All the staff within R.E.A.L Education / R.E.A.L Independent Schools take their UK GDPR obligations very seriously and are a priority across each of our schools and alternative provision.
Our staff are committed to protecting and respecting the privacy of sensitive information relating to staff, pupils, parents/carers and those in a governance role.
Therefore, all data will be processed in line with the requirements and protections set out in the UK General Data Protection Regulation.
Please find below all the relevant policies and helpful documents that will inform you on how your data is securely kept within our schools.
We reserve the right to change our Policies and Privacy Statements as and when required.
R.E.A.L Education and R.E.A.L Independent Schools Privacy Statement
The General Data Protection Regulation (GDPR) gives individuals the right to be informed about how organisations use their personal data.
R.E.A.L. privacy notices for our workforce and Learners & Parents can be found on a separate links above, along with our young person friendly privacy notice
If you have any enquiries about this or about the use of your personal data, you can contact our Data Protection Officer (DPO) at:
Data Protection Officer
R.E.A.L. Education Head Office
Kings Mill House
Unit 1, Kings Mill Way
telephone: 0115 9220400
R.E.A.L Education Ltd is registered as a data controller with the Information Commissioner’s Office (registration number: Z3076172).
What is the purpose of this privacy statement?
This privacy statement tells you what to expect when we collect personal data. It applies to information we collect about:
- visitors to our website
- people who register for and use our services
- people who are referred to us by other persons, agencies, organisations
- people who contact us with an enquiry or complaint
- job applicants and our current and former employees
- people who participate in publicising R.E.A.L education
- people who are recorded on CCTV within our premises.
What is personal data?
Personal data means any data which can be used to identify an individual (such as name and address) and any information that relates to that individual from which they can be identified (for instance, details of the services provided to a particular individual).
The following types of personal data may be used:
- personal contact details such as name, address, phone number, etc.
- personal identifiers such as driving licence, passport NHS etc.
- visual images, personal appearance
- personal or professional opinions about an individual
- family details
- employment and education details
- lifestyle and social circumstances
- pension or financial activity records
- offences (including alleged offences)
- criminal proceedings, outcomes and sentences
- health details
- racial or ethnic origin
- data concerning a natural person’s sex life or sexual orientation
What do we use personal data for?
We may need to use personal data for the following purposes:
- delivering services and support to clients and commissioners
- managing and monitoring those services
- dealing with and investigation of enquiries and complaints
- responding to requests for information
- complying with legal requirements or Court Orders
- legal proceedings and legal advice
- supporting and managing staff, for instance, recruitment, provision of HR, payroll, pension, staff benefits and occupational health services
- health and safety
- managing our properties
- personal emergency situations e.g.accidents,illnesses contacts
- carrying out surveys and audits
- reporting to the Government (e.g. Education Department, HMRC etc.)
- carrying out Disclosure and Barring Service checks
- equal opportunity and diversity monitoring
When can we use your personal data?
Data protection law allows us to use or share personal data in any of the following circumstances:
when we have your (or your appointed representatives) consent. e.g. you may have indicated your consent on a paper form
- where we have a contract with you or you have asked us to process your data prior to entering into a contract
- where we are under a legal obligation that requires us to process your personal data
- we are protecting your vital interests, or those of other persons. For example, sharing details from your record with a medical professional in an emergency;
- where we have a legitimate need to use information for a specific purpose that does not unjustifiably infringe on your rights or freedoms
- where it is necessary for the performance of a legal enforcement task.
If the personal data consists of data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, the use of genetic data or biometric data for the purpose of identifying someone, data concerning health or data concerning someone’s sexual preferences or sexual orientation (together known as special categories of personal data) or relates to criminal activity or convictions, data protection law permits us to use or share personal data in one or more of the following circumstances:
- where we have explicit consent
- where it is necessary for the assessment of the working capacity of an employee
- where it is necessary for medical diagnosis
- where it is necessary for the vital interests of an individual and the individual is unable to consent because they are physically or legally incapable
- the prevention or detection of crime
- fraud prevention or protecting the public against dishonesty or other improper conduct
- for insurance purposes or occupational pensions
- for obtaining legal advice or for the purposes of legal proceedings
- for equal opportunity and diversity monitoring purposes
How long do we keep personal data?
We maintain information in accordance with our “GDPR Data Retention and Deletion Policy” which specify timescales for how long we hold your information.
The policy is drawn up in line with legal requirements with regards to law and the minimum and maximum time allowances we have to retain specific information.
More information on this can be obtained from contacting our Data Protection Officer DPO at firstname.lastname@example.org or through the Information Commissioner’s Office at www.ico.org.uk
What if you have any concerns about the use of personal data or its accuracy?
If you have concerns about the methods we use your personal data , or its accuracy, you may contact the Data Protection Officer (DPO) details above.
How do we keep your information secure?
We will take appropriate steps to make sure we hold records about you in a secure way, including:
- all employees who have access to your personal data or are associated with the handling of that data are obliged to respect the confidentiality of your personal data
- putting in place procedures and technologies (e.g. Google drive) to maintain the security of all personal data from the point of collection to the point of destruction.
What rights do you have in relation to your personal data?
You have a number of rights in relation to your personal data. Please note that not all rights are automatic and some may not be available in certain circumstances where a lawful exception applies. For instance, this could be because a copy of your personal data may need to be kept or used for the purposes of complying with a legal obligation or for use in legal proceedings, for prevention or detection of crime, for a monitoring officer investigation, etc.
|Right to find out about the personal data we hold about you and access a copy of it (Subject Access Request SAR.)
|You can ask us whether we hold your personal data and you can request a copy of the information we hold
|Some of the information requested may be exempt from disclosure.
This may be because it relates to another individual, it is subject to legal professional privilege, its disclosure would result in serious harm to someone, or another lawful exception applies.
|Right to withdraw your consent
|If you have provided us with consent for use of your data, you have the right to withdraw your consent to stop further use of your data for that purpose
The right to withdraw your consent will only affect future use of your data.
|This right is not available where your data can be used without consent (see section 4 above), for instance, where we are under a legal obligation to use your information or another lawful exception applies
|Right to raise a concern or enquiry about the use of your personal data
|Please see our complaints policy
|Right to rectification of your personal data
|You may ask for your personal information to be corrected if information we hold is inaccurate or incomplete.
|This right may not be available in limited circumstances where a lawful exception applies.
|Right to erasure of your personal data (Right To Be Forgotten)
|You can request that some or all of your data be erased where:
– we have no further legitimate use for it
– you have withdrawn your consent for us to use your data (unless we can continue to use your data lawfully without consent)
– the law requires its deletion.
|This right is not available where a lawful exception applies or where the retention of the data is necessary for:
– freedom of expression and information
– lawfully required statistical returns.
|Right to restriction of use of your personal data
|You can request that your data:
– is not used in a certain way while we consider any concerns you have about its accuracy
– is retained instead of being erased after we have no further use for it
– is retained where it is required for a legal claim
|This right is not available where a lawful exception applies or in respect of data being used for:
the protection of the rights of another person
reasons of important public interest.
|Right to object to the use of your personal data
|You can object to use of your data:
– for direct marketing purposes;
– for commissioned delivery purposes, except to the extent that we have an overriding legitimate or lawful reason for use of your data or are using your data for a legal claim
|This right may not be available in limited circumstances where a lawful exception applies.
Visitors to our websites
What information do we collect when you visit our website?
The computers which host our website maintain site logs which include the IP details of all machines accessing our pages.
We only use such logs to determine website usage and not as a means of identifying or obtaining information about specific users.
Any IP information is treated as strictly confidential and is not published or divulged to any third party.
How will we use photographs that identify people?
Images of individuals are treated as personal data, images of crowds in a public area are not. When taking photographs intended for publication on our website or elsewhere, it is our policy to seek the permission of any individuals who are photographed.
We will respond promptly to any request to remove photographic images and/or personal data from the website where the person making such a request has a right to do so in accordance with their data protection rights.
Changes to privacy notices
We keep our privacy notices and GDPR Policy under regular review.
Please check back frequently to see any updates or changes to our privacy notice.
This privacy statement does not provide exhaustive details of all aspects of our collection and use of personal data. However, we are happy to provide any additional information or explanation needed.
Any request for this should be sent to the Data Protection Officer using the contact details above.
The Information Commissioner’s Office (ICO)
The ICO is an independent body set up to uphold information rights in the UK. You can seek their advice and guidance or make a complaint to them through their website: www.ico.org.uk, or their helpline on 0303 123 1113, or in writing to:
Information Commissioner’s Office