Privacy Notice
Changes to Data Protection Legislation
New data protection legislation came into force on 25 May 2018 and replaced the UK Data Protection Act. The new General Data Protection Regulation (GDPR) provides a modernised, accountability-based compliance framework for data protection in Europe. It is intended to strengthen privacy rights in relation to personal information. The new accountability principle in Article 5(2) of the GDPR requires data controllers to demonstrate that they comply with the good practice principles set out in the Regulation, and states explicitly that this is their responsibility. The farm is the data controller of the personal information you provide to us. This Notice sets out most of your rights under the new laws. Further information about the new law can be found on the Information Commissioners website: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR)
It is important that you read this notice when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.
Data Controller
Manor Farm is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
Data Protection Principles
We comply with data protection law. This says that personal information we hold about you must be:
-
Used lawfully, fairly and in a transparent way.
-
Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
-
Relevant to the purposes we have told you about and limited only to those purposes.
-
Accurate and kept up to date.
-
Kept only as long as necessary for the purposes we have told you about.
-
Kept securely.
The categories of student information that we collect, hold and share include:
-
Personal information (such as name, unique pupil number and address)
-
Characteristics (such as ethnicity, language, nationality)
-
Attendance information (such as sessions attended, number of absences and absence reasons)
-
Relevant medical information
-
Special Educational Needs information
-
Exclusions / behavioural information
Why we collect and use this information
We use the pupil data:
-
To support children during sessions
-
To monitor progress for tutoring students
-
To provide appropriate pastoral care
-
To assess the quality of our services
-
To comply with the law regarding data sharing
-
To assist with our administration and communication systems – for example, WhatsApp groups, Facebook group, email.
​
Collecting pupil information
The majority of the information that we collect is to allow us to support your child and to plan appropriate activities. All information requested on our contract is mandatory, for this reason. However, if there is any information that you would rather not provide, please contact us. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this.
Storing pupil data
We hold pupil data in password protected files.
Who we share pupil information with
We share pupils information upon request. This could include:
-
Pupils schools (with confirmation from parent)
Why we share pupil information
We do not share information about our pupils with anyone, without consent, unless the law allows us to do so.
Requesting access to your personal data
Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact the Headteacher / Data Protection Officer.
You also have the right to:
-
Object to processing of personal data that is likely to cause, or is causing, damage or distress
-
Prevent processing for the purpose of direct marketing
-
Object to decisions being taken by automated means
-
In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
-
Claim compensation for damages caused by a breach of the Data Protection regulations
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
Data Retention
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, audit trail or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount of time, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use and the applicable legal requirements.
In some circumstances we may anonymise your personal information so it can no longer be associated with you, in which case we may use such information without further notice to you.
Right Of Access, Correction, Erasure And Restriction
It is important that the personal information we hold about you is accurate and correct. Please keep us informed if your personal information changes during your working relationship with us.
Under certain circumstances you have the right to:
-
Request Access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you.
Information about children may be released to a person with parental responsibility. However, the best interests of the child will always be considered.
-
Request Correction of the personal information we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
We will try to ensure the data collected is accurate and if we identify any data accuracy issues, we will communicate lessons learned to staff through internal staff training.
-
Request Erasure of your personal information. This enables you to ask us to delete or remove personal information when:
-
It is no longer necessary for us to hold it
-
You withdraw your consent for us to keep it
-
It was unlawfully processed (ie. in breach of the GDPR)
-
It has to be erased in order to comply with a legal obligation
-
We may refuse to comply with a request for erasure for the following reasons:
-
To exercise the right of freedom of expression and information
-
To comply with a legal obligation
-
The defense of legal claims
-
Object to processing of your personal information for direct marketing purposes.
-
Request the restriction of processing of your personal information. This enable you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
-
Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Data Protection Officer in writing and they will respond within 28 days.
You will not have to pay a fee to access your personal information. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure you have the right to access the information. This is an appropriate security measure to ensure that personal information is not disclosed to any personal who has no right to receive it.
Your data will be kept on file while your child is attending sessions at Manor Farm. If you have given permission for use of images for marketing, these will stay online. However, you can request that they be removed at any time.
Changes To This Privacy Notice
We reserve the right to update this privacy notice at any time and without notice.
Contact
If you would like to discuss anything in this privacy notice, please contact:
Antonia Stewart – Data Protection Officer Email: manorfarmlearning@gmail.com
Date issued: September 2022
Updated: September 2023