Dean Park Early Years Training and Development
This privacy notice relates to Dean Park Early Years Training and Development, 43 Queens Park South Drive, (Company no 11587393) and is applicable to all members of the DPT community, past and present.
WHAT THIS PRIVACY NOTICE IS FOR
This policy is intended to provide information about how the company will use (or “process”) personal data about individuals including staff and current, past and prospective delegates.
This information is provided because Data Protection Law gives individuals rights to understand how their data is used. Staff and delegates are all encouraged to read this Privacy Notice and understand the company’s obligations.
This Privacy Notice applies alongside any other information we may provide about a particular use of personal data, for example when collecting data via an online or paper form.
This Privacy Notice also applies in addition to our other relevant terms and conditions and policies, including:
- any contract between the company and its staff or delegates;
- CCTV policy;
- IT policies, including Acceptable Use and data retention policies (embedded here).
Anyone who works for, or acts on behalf of, the company (including staff, volunteers, governors and service providers) should also be aware of and comply with this Privacy Notice.
RESPONSIBILITY FOR DATA PROTECTION
Dean Park Training has appointed Kelly Yates as the Privacy and Compliance Officer. The Officer will deal with all your requests and enquiries concerning the company’s use of your personal data (see section on Your Rights below) and endeavour to ensure that all personal data is processed in compliance with this policy and Data Protection Law.
The Officer can be contacted on 01202 297275 or at email@example.com
WHY WE NEED TO PROCESS PERSONAL DATA
In order to carry out its ordinary duties to staff and delegates, the school needs to process a range of personal data about individuals as part of its daily operation.
Some of this activity will need to be carried out in order to fulfil the company’s legal rights, duties or obligations – including those under a contract with its staff or delegates.
Other uses of personal data will be made in accordance with the company’s legitimate interests, provided that these are not outweighed by the impact on individuals and provided it does not involve special or sensitive types of data.
CCTV is in use on the site for security purposes; primarily to protect the people, buildings and equipment on site. Having fully considered the privacy rights of individuals, the company believes these purposes are all in its legitimate interests. Data captured is not used for any commercial purpose (see CCTV Policy for full details).
TYPES OF PERSONAL DATA PROCESSED BY THE COMPANY
This may include:
- names, addresses, telephone numbers, e-mail addresses and other contact details;
- bank details and other financial information
- where appropriate, information about individuals’ health and welfare, and contact details for their next of kin;
- images captured by the CCTV system
HOW THE COMPANY COLLECTS DATA
Generally, the company receives personal data from the individual directly. This may be via a form, or simply in the ordinary course of interaction or communication. However, in some cases personal data may be supplied by third parties or collected from publicly available resources.
The company may also collect data when you use our online website form to submit emails to us. This data will be treated in the same way as an email to us.
WHO HAS ACCESS TO PERSONAL DATA AND WHO THE COMPANY SHARES IT WITH
Occasionally, the company will need to share personal information relating to its staff or delegates with third parties, such as:
- professional advisers (e.g. lawyers, insurers, PR advisers and accountants);
- government authorities (e.g. HMRC, DfE, police or the local authority); and
- appropriate regulatory bodies
For the most part, personal data collected by the company will remain within the company and will be processed by appropriate individuals only in accordance with access protocols (i.e. on a ‘need to know’ basis). Particularly strict rules of access apply in the context of:
- medical records,
- pastoral or safeguarding files.
Staff and delegates are reminded that the company is under duties imposed by law and statutory guidance (including Keeping Children Safe in Education 2018) to record or report incidents and concerns that arise or are reported to it.
Finally, in accordance with Data Protection Law, some of the company’s processing activity is carried out on its behalf by third parties, such as IT systems, web developers or cloud storage providers. This is always subject to contractual assurances that personal data will be kept securely and only in accordance with our specific directions.
PERSONAL DATA RETENTION POLICY
The company will retain personal data securely and only as long as necessary to keep for a legitimate and lawful reason.
We will keep data to inform delegates about courses they are attending, and to notify subscribers periodically about upcoming events and courses. Subscribers will have opportunity to update their information or opt out and subsequently have their data erased from our system. The data we hold will be reviewed at least annually.
If you have any specific queries about how our retention policy is applied or wish to request that personal data that you no longer believe to be relevant is considered for erasure, please contact the Officer. However, please bear in mind that the company may have lawful and necessary reasons to retain some personal data even following such a request.
KEEPING IN TOUCH
The company will use the contact details of delegates to keep them updated about upcoming events. This includes by sending updates and newsletters by email.
Rights of access
Individuals have various rights under Data Protection Law to access and understand personal data about them held by the company and in some cases ask for it to be erased or amended or have it transferred to others, or for the company to stop processing it – but subject to certain exemptions and limitations.
Any individual wishing to access or amend their personal data, or who has some other objection to how their personal data is used, should put their request in writing to Kelly Yates.
The company will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event within statutory time-limits (which is one month in the case of requests for access to information).
Requests that cannot be fulfilled
You should be aware that the right of access is limited to your own personal data, and certain data is exempt from the right of access. This will include information which identifies other individuals or information which is subject to legal privilege.
DATA ACCURACY AND SECURITY
The company will endeavour to ensure that all personal data held in relation to an individual is as up to date and accurate as possible.
An individual has the right to request that any out-of-date, irrelevant or inaccurate information about them is erased or corrected (subject to certain exemptions and limitations under Data Protection Law).
We will update this Privacy Notice from time to time.
- QUERIES AND COMPLAINTS
Any comments or queries on this policy should be directed to the Privacy and Compliance Officer.