GDPR
Data Protection and Privacy Policy Friends of Radstock School Contents Overview of our Privacy Policy - updated 09/11/2022
Data Protection and Privacy Policy Friends of Radstock School Contents Overview of our Privacy Policy...................................................................................................................................
Who are we? .....................................................................................................................
Roles and responsibilities ..................................................................................................
How do we collect information from you?..........................................................................
What type of information is collected from you?................................................................
Pupils and Parents.........................................................................................................
Members, Volunteers and Visitors .................................................................................
How and why is your information used?.............................................................................
Storage of records .........................................................................................................
Disposal of records ........................................................................................................
Who has access to your information? ................................................................................
Third Party Product Providers working on our behalf: ....................................................
Transferring your information outside of Europe.............................................................
Your choices......................................................................................................................
Security precautions in place to protect the loss, misuse or alteration of your information .
Use of our webpage...........................................................................................................
Links to other websites...................................................................................................
Your Rights........................................................................................................................ Complaints.........................................................................................................................
Review of this Policy.......................................................................................................... Definitions..........................................................................................................................
Overview of our Privacy Policy
At Friends of Radstock, we are committed to protecting and respecting your privacy.
This Policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and how we keep it secure. This Policy applies to all data, regardless of whether it is in paper or electronic format.
This Policy aims to meet the requirements of the Data Protection Act 1998 and takes into account the provisions of the General Data Protection Regulation, which came into force in May 2018.
Any questions regarding this Policy and our privacy practices should be sent by email to FoRDPO@radstock.wokingham.sch.uk or in writing to Radstock Primary School, Radstock Lane, Earley, Reading RG6 5UZ.
Who are we?
Friends of Radstock (FOR) is the Parent Teacher Association for Radstock Primary School. FOR is a registered charity (no. 1091812 ) with registered address: Radstock Primary School, Radstock Lane, Earley, Reading RG6 5UZ
FOR processes personal information relating to pupils, members and visitors, and therefore requires a Data Controller. FOR delegates the responsibility of Data Controller jointly between FOR's charity trustees.
Roles and responsibilities
The FOR trustees have overall responsibility for ensuring that the PTA complies with its obligations under the Data Protection Act 1998. Day-to-day responsibilities rest with the trustees. The trustees will ensure that all volunteers are aware of their data protection obligations, and will oversee any queries related to the storing or processing of personal data.
Volunteer Members are responsible for ensuring that they collect and store any personal data in accordance with this policy. Trustees must also inform FOR of any changes to their personal data, such as a change of address.
How do we collect information from you?
We obtain information about you when you register to join one of our email distribution lists; general distribution list for updates on all events, meetings, financial reports, or specific event distribution lists for volunteers for a particular event. We also collect information from you when you register to help at an event, register to attend an event, fill in one of our Microsoft Forms or order goods from us.
What type of information is collected from you?
The personal information we collect might include your name, email address, phone number, child’s name and class. If you volunteer at an event then we may collect additional details if applicable.
Pupils and Parents
We hold personal data about pupils for running pupil attended events, and for providing personalised products e.g. Christmas cards. We may also receive data about pupils from Radstock Primary School.
This data may include, but is not restricted to:
· Parent contact details
· Child's name
· Class name
· Details of medical conditions declared
We will only retain the data we collect for as long as is necessary to satisfy the purpose for which it has been collected as defined in our Information Register.
Members, Volunteers and Visitors
We process data relating to those who help FOR events. The purpose of processing this data is to assist in the running of the PTA, for instance producing event rotas and sending event information. Personal data may include, but is not limited to:
· Contact details
· First-Aid Qualifications
· DBS Check
We will only retain the data we collect for as long as is necessary to satisfy the purpose for which it has been collected as defined in our Information Register.
The accuracy of your information is important to us. If you change email address, or think that any of the other information we hold is inaccurate or out of date, please email us at: FoRDPO@radstock.wokingham.sch.uk.
How and why is your information used?
FOR has a legal obligation to hold personal information on trustees, and on individuals in some circumstances, e.g. first aid incidents.
· FOR has a “legitimate interest” in using the personal data that is provided by an individual for some of FOR’s activites, including:managing attendance at an event
FOR may use the personal data you provide, if consent has been granted, for the following purposes:
· notifying stall holders of events
· seeking your views or comments on the services we provide
· managing volunteer rotas and external stalls at an event
· managing entries into a competition, raffle, auction or similar
· notifying you of changes to our services
· asking for your help at events
· providing information about events, and other fundraising activities. FOR may need to hold personal data to fulfil a contractual obligation, for example to:
· process orders that you have submitted
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations (for example: accident reports). We will hold your personal information on our systems for as long as is necessary for the relevant activity as defined in our Information Register, or as long as is set out in any relevant contract you hold with us.
Storage of records
FOR will ensure that its volunteers and members are provided with specific guidance, which will include for example:
· Paper-based records and portable electronic devices, such as laptops and hard drives, that contain personal information should be kept secure when not in use.
· Passwords should be used to access computers, laptops and other electronic devices that contain personal information.
· Personal data may be stored on laptops with encrypted passwords access.
· Files containing personal data should be stored in GDPR compliant, password protected, cloud storage with access controlled to allow use by only those that need the information to manage an event or service for FOR.
Disposal of records
Personal information that is no longer needed, or has become inaccurate or out of date, is disposed of securely. Data will be destroyed after the agreed retention periods as defined in FOR's Information Register.
For example, we will shred paper-based records, and ensure electronic files do not reside in a computer's Recycle Bin.
Who has access to your information?
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
We may transfer your personal information to a third party if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our supporters and customers. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
We regularly share our data with Radstock Primary School, as part of event organisation and also to verify requests to join our groups. We also use secure storage on the school site to store paper documents. The School’s privacy policy is available on their website.
http://www.radstockprimary.org.uk/policies/gdpr-and-privacy-notices
Third Party Product Providers working on our behalf:
We may pass your information to our third party product providers for the purposes of completing tasks and providing services to you on our behalf (for example to process personalised gifts such as Christmas cards). However, when we use third party product providers, we disclose only the personal information that is necessary to deliver the product and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
Transferring your information outside of Europe
As part of the services offered to you, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen when data is stored on Cloud servers, which may be located in a country outside of the EU. These countries may not have similar data protection laws to the UK. We will only use Cloud services that have subscribed to GDPR compliance.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
Your choices
You have a choice about whether or not you wish to receive information from us. You will only receive direct communications from us if you have signed-up at one of our events or via email. This information will be about the work we do which benefits the children of Radstock Primary School, and our events, products and services.
You can change your communication preferences at any time by contacting us by email at FoRDPO@radstock.wokingham.sch.uk.
You may receive information via Radstock Primary School’s ParentMail, if consent for these communications was given to Radstock Primary School.
Security precautions in place to protect the loss, misuse or alteration of your information
When you give us personal information, we take steps to ensure that it’s treated securely. Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security.
Use of our webpage
We will not publish any pictures or personal information on our webpage without permission from the individuals concerned.
Links to other websites
Our website contains links to websites run by other organisations. Radstock Primary School’s privacy policy applies only to our webpage‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access those using links from our webpage.
In addition, if you linked to our webpage from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
Your Rights
You have rights under data protection laws in relation to your personal data. These include the right to:
· Request access to your personal data (known as a subject access request)
· Request correction of your personal data
· Request deletion of your personal data
· Object to processing of your personal data
· Request restriction of processing your personal data
· Right to withdraw consent
You can see more about these rights at: https://ico.org.uk/for-organisations/guide-to-the[1]general-data-protection-regulation-gdpr/individual-rights/
Subject access requests must be submitted in writing, either by letter or email to FoRDPO@radstock.wokingham.sch.uk. Requests should include:
· The individual’s name
· A correspondence address
· A contact number and email address
· Details about the information requested
Subject access request responses will be provided within 30 days of receipt of the request.
Complaints
Any complaints or queries on this policy should be emailed to
FoRDPO@radstock.wokingham.sch.uk.
If an individual believes that FOR has not complied with this policy or acted otherwise than in accordance with Data Protection Law, they can lodge a complaint with FOR trustees by emailing FoRDPO@radstock.wokingham.sch.uk. They may also lodge a complaint with the Information Cmissioner's Office (ICO), although the ICO recommends that steps are taken to resolve the matter with the organisation before involving the ICO.
Review of this Policy
This Policy will be reviewed every 2 years, or whenever legislation changes if sooner. The latest review date can be found at the start of this Policy information.
Definitions
Personal data - Data from which a person can be identified, including data that, when combined with other readily available information, leads to a person being identified
Sensitive personal data - Data such as:
· Contact details
· Racial or ethnic origin
· Political opinions
· Religious beliefs, or beliefs of a similar nature
· Where a person is a member of a trade union
· Physical and mental health
· Sexual orientation
· Whether a person has committed, or is alleged to have committed, an offence
· Criminal convictions
Processing - Obtaining, recording or holding data
Data subject - The person whose personal data is held or processed
Data controller - A person or organisation that determines the purposes for which, and the manner in which, personal data is processed
Data processor - A person, other than an employee of the data controller, who processes the data on behalf of the data controller
Member - Any parent or carer of pupils currently attending Radstock Primary School, or a member of school staff
Volunteer - Any person helping with an FOR event or service