The King’s School, Worcester – Privacy Notice
This Notice sets out when and how we use your Personal Data that you or others provide to us. We are committed to managing and safeguarding your personal information in accordance with current legislation and best practice, your privacy is of the utmost importance to us. Whenever you provide personal information, we will treat that information in accordance with the Privacy Notice. We want to make sure you fully understand the terms and conditions surrounding the capture and use of Personal Data, this notice describes what information we collect about you, how we use it, and the rights you have in relation to that collection and usage.
By ‘Personal Data’, we refer to information collected or held by the foundation that identifies and relates to you as an individual including ‘Special Category Personal Data’.
Who we are
The King’s School, Worcester (‘the foundation’) is a private company limited by guarantee registered in England, No 4776324, and is registered with the Charity Commission under Charity No. 10983236. The Charity Commissioners for England and Wales have issued a uniting direction in respect of the foundation and the unincorporated precursor charity that went by the same name (having the registered name of Worcester Cathedral Grammar School, charity number 527536) whereby single entity financial statements may be prepared. The registered office is 5 College Green, Worcester WR1 2LL.
The foundation operates one senior school and two junior schools known as King’s St Alban’s and King’s Hawford.
The foundation also operates in conjunction with The King’s School Development Trust, King’s School Worcester Enterprises Ltd, and King’s School Activities Ltd. As Data Controller, the data we manage refers individually and collectively to these bodies.
For the purpose of the Data Protection Act 2018, the UK General Data Protection Regulations (UK GDPR) and any other applicable data protection and privacy laws and regulations, the foundation will be the ‘Data Controller’ of all personal information. We determine the means and purpose of processing and we have registered with the Information Commissioners Office under registration number Z7022029.
We will process the Personal Data supplied to us to conduct and manage the foundation to enable us to give you the best and most secure experience. In particular, the conduct of the foundation includes, but is not necessarily limited to:
- The selection and admission of pupils
- The provision of education to pupils, including the administration of the school curriculum and timetable, monitoring pupil progress and educational needs, reporting on the same internally and to parents, administration of pupils entries to public examinations, reporting upon and publishing the results, providing references for pupils and alumni
- The provision of educational support and related services to pupils (and parents) including the maintenance of discipline, provision of careers and library services, administration of sports fixtures and teams, school trips, provision of schools IT and communications systems and virtual learning environment
- The provision of educational courses and co-curriculum during the school holidays including school trips, holiday camps, academies and pre-season training
- The safeguarding of pupils’ welfare and provision of pastoral care, welfare, health care services by school staff and other specialist professionals
- Compliance with legislation and regulation including the preparation of information for inspections by the Independent Schools Inspectorate, submission of annual census information to each of the Independent Schools Council and Department of Education
- Operational management including the compilation of pupil records, the administration of invoices, fees and accounts, the management of the foundation estate, the management of security and safety arrangements (including the use of CCTV in accordance with our CCTV policies and monitoring of the schools IT and communication systems in accordance with our Acceptable Use Policy), management planning and forecasting, research and statistical analysis, the administration and implementation of the School Rules and policies for pupils and staff, the maintenance of historic archives and other operational purposes
- Staff administration including the recruitment of staff/engagement of contractors, and volunteers (including compliance with DBS procedures) administration of payroll, pensions and sick leave, maternity leave, paternity leave, review and appraisal of staff performance, conduct of any grievance, capability or disciplinary procedures, and the maintenance of appropriate human resources records for current and former staff and providing references
- The promotion of the foundation through its own websites, the prospectus and other publications and communications including social media platforms.
- Maintaining relationships with the Old Vigornians and the wider school community by communicating with the body of current and former pupils and/or their parents or guardians, current and former staff/volunteers, and organising events.
These are what we consider to be our ‘Legitimate Interests’. We endeavour at all times to keep your data accurate and secure, and to honour your data preferences with regard to receipt of postal communications, email, mobile messaging and telephone calls.
Information we may collect
To enable us to run our services adequately we will need to collect Personal Data from you when you engage with the foundation informally or formally. We collect data when you send us information, talk to us over the phone, submit an application form or when you visit our website.
We process data about prospective, current and past pupils and their parents; staff, governor and volunteers, suppliers and contractors; donors, friends and supporters; and other individuals connected to or visiting the foundation (including children enrolled on our holiday camps).
The information may be factual, expressions of opinion, images or other recorded information, which identifies or relates to a living individual. We may collect both personal and pseudonymous data about you. Pseudonymous data does not identify you as a person but it might be used in aggregate, for instance, when you participate in a survey or when we analyse stakeholder interaction with the foundation.
Examples of personal data include:
- Names, addresses, telephone numbers, email addresses and other contact details
- Family details
- Admission, academic, disciplinary and other education related records, information about special educational needs, references, examination scripts and marks
- Education and employment data including attendance, sickness and absence records
- Images, audio and video recordings
- Financial information
- Courses, meetings or events attended
- Supplementary information you provide about yourself when engaging with the foundation such as medical information, dietary requirements, disability
- Equal opportunities monitoring
- We may collect technical information about you when you visit the Website. This information may include the Internet Protocol (IP) address used to connect your computer to the Internet, your browser type and version, time zone setting, operating system and platform, browser plug-in types and version, the full URL clickstream to, through and from the Website, page response times, download errors, length of visits to certain pages, page interaction (such as scrolling, clicks and mouse-overs) and methods used to browse away from the page.
The collected information is used to provide an overview of how people are accessing and using the Website. It is not used for any additional purpose, such as to profile those who access the Website.
The rights of Data Protection legislation belong to the individual to whom the data relates. However, we will often rely on parental consent to process personal data relating to pupils unless, given the nature of the processing in question, and the pupil’s age and understanding, it is more appropriate to rely on the pupil’s consent. Parents should be aware that in such situations they might not be consulted, depending on the interests of the child, the parents’ rights at law or under their contract, and all the circumstances.
In general, we will assume that pupils’ consent is not required for ordinary disclosure of their personal data to their parents e.g. for the purposes of keeping parents informed about the pupil’s activities, progress and behaviour, and in the interests of the pupil’s welfare, unless, in the foundation’s opinion, there is a good reason to do otherwise.
However, where a pupil seeks to raise concerns confidentially with a member of staff and expressly withholds their agreement to their personal data being disclosed to their parents, we may be under an obligation to maintain confidentiality unless, in our opinion, there is a good reason to do otherwise; for example where the foundation believes disclosure will be in the best interests of the pupils or other pupils, or is required by law.
Pupils can make subject access requests for their own personal data, provided that they have sufficient maturity to understand the request they are making. Our pupils are generally assumed to have this level of maturity in the senior school. A person with parental responsibility will generally be entitled to make a subject access request on behalf of their child, but the information in question is always considered to be the child’s at law. A pupil of any age may ask a parent or other representative to make a subject access request on their behalf. Moreover, if of sufficient maturity, their consent or authority may need to be sought by the parent making such a request.
Fundraising helps us to achieve our strategic objective of improving access and the opportunities for our pupils. We fundraise from individuals, companies and foundations who want to support our charitable purposes. We keep in touch with the Old Vigornians, current or former parents and other members of the school community. We will use your contact details to keep you updated about our charitable activities and invite you to events of interest by email and by post. You can update your data preferences at any time by contacting the Foundation Development Office to ensure that our communications are relevant to you firstname.lastname@example.org see also the Alumni Relations and Fundraising Privacy Notice.
Data we collect from a third party
We collect most of the personal data directly from the individuals concerned, or in the case of pupils, from their parents. In some cases, we collect data from third parties, for example referees, previous schools, the Disclosure and Barring Service, professionals or authorities working with the individual, or from publicly available sources.
We may occasional purchase data from third party suppliers or use profiling techniques to provide us with general information. The data we may purchase might include contact details, demographic and economic data. Such a purchase uses publicly available data or data you have already provided us and may result in you receiving communications from the School regarding your educational interests without you having directly supplied your information to us. We do this because it allows us to understand our stakeholders and helps us to analyse the popularity and effectiveness of our foundation. We keep clear records of the data suppliers and provide an opportunity to unsubscribe at every contact. If you have any queries concerning the use of this data, we hold about you please email email@example.com. See also the Privacy Notice – Alumni Relations and Fundraising.
What we do with the information we collect?
Personal data held by us is processed by appropriate members of staff for the purposes for which the data was provided. We take appropriate technical and organisational steps to ensure the security of personal data about individuals, including policies around use of technology and devices, and access to school systems.
We will use your personal information for a number of purposes including:
- Internal record keeping
- To carry out any obligations owed to you in respect of any contracts entered into between you and us
- To provide our services to pupils, staff and the third parties we work with
- To give you information that you request from us and to improve our services
- To notify you about changes to our services
- To keep you informed about what is happening at the foundation
- For good governance, accounting, managing and auditing our business operations
- To monitor emails, calls, other communications and activities on your account
- For market research, analysis and developing statistics
- To send you marketing communications
- For compliance with legal and regulatory requirements and related disclosures
- For establishment and defence of legal rights
- For activities relating to the prevention, detection and investigation of safeguarding matters or crime including
- Disclosures and Barring Service checks (DBS)
- To verify your identity
- To identify whether you have the right to work in the UK
- In connection with ways in which you might support the School such as when you volunteer, as a member of a parent committee or our alumni
- To undertake any relevant troubleshooting, testing or statistical analysis as appropriate
- To carry out any obligations owed to you through the use of our Website and to operate the Website efficiently ensuring that the content of our Website is presented in the most effective manner for you and your computer, and to keep the website secure.
We will take photographs, audio and video recordings to use in our publicity, which may include printed material, social medial platforms and website. If you do not wish us to use photographs, audio or video recordings of you please inform the firstname.lastname@example.org
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We operate Records Retention Guidelines, which set out the time period for different categories of data to be kept.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We will keep data about you indefinitely if we need this for safeguarding, legal claims, historical archives, research or statistical purposes.
Legal basis of processing
We will only process your information if we have a relevant legal basis to do so. This is usually in order to provide you with the contractual services you have requested from the foundation or if you have provided us with adequate consent to process your information for other purposes.
We will only use your personal data for the purposes for which we collected it, unless we reasonable consider that we need to use it for another purpose that is compatible with the original intention, please contact email@example.com if you have any queries.
You are free at any time to change your mind and withdraw your consent. The consequence might be that we cannot do certain things for you.
Protecting your information
We are committed to ensuring that your information is secure and we have procedures in place to try to prevent any unauthorised access or disclosures and to safeguard and keep secure the information that we collect online.
We do not transfer personal data outside the EEA unless we are satisfied that the personal data receives an equivalent level of protection. Where required, this information is encrypted for additional security. We use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorise access to Personal Data only for those employees who require it to fulfil their job responsibilities. All our employees and data processors that have access to, and associated with, the processing of your personal information are legally obliged to respect the confidentiality of your data and are bound by contract to do so.
However, you should be aware that providing information over the internet can never be guaranteed as being completely safe, and if you choose to send such information to us via the internet, you do so at your own risk. If you comment on social forums, be aware that other visitors may collect any information you make public.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach in accordance with our statutory obligations.
Sharing your information with others
Please be assured that we will not share your information for any reason unless we are required by law or permitted to do so under this Privacy Notice. The main circumstances in which we will be permitted or required to disclose this by law will be by court order, to government bodies such as HMRC, Department of Education and the Department for Work and Pensions, and law enforcement agencies. However, sometimes we may share your information with third parties in the following ways:
- Service providers such as examination boards, travel companies, banks, pension providers
- Local Children Safeguarding board, DBS, NCTL
- An insurance claim
- Sub-contractors and other persons who help us provide our services
- Our legal and other professional advisors, including our auditors
- Fraud prevention agencies, credit reference agencies, and debt collection agencies if appropriate as part of your account management
- Our Health Centre and NHS
- In an emergency or to otherwise protect your vital interests
- To protect the security or integrity of our business operations
- To other parties connected with your account e.g. guarantors and other people named on the application including joint account holders who will see your transactions
- Where we restructure our business or its assets
- Payment systems e.g. credit cards to process transactions
- We may use carefully selected sub-processors to help us collect, store or manage your information. This will always be managed under the terms of a written data processing agreement
- Analytics and search engine providers that assist us in the improvement and optimisation of the Website, school portal, management information systems, cloud storage provider, and social media platforms
- The King’s School Development Trust
- Anyone else where we have your consent or where it is required by law.
We do not otherwise share or sell personal data to other organisations for their own purposes.
Access to your Personal Data
You have rights in relation to any Personal Data that we hold about you. If you wish to access your Personal Data you may make a formal subject access request by contacting the foundation.
The information you request must relate to you (or another person that you have authority to act on their behalf). The foundation will require a confirmation of your ID prior to providing any information about the data we hold. If you are unable to provide sufficient information to prove your ID, the foundation reserves the right to refuse your request for access to Personal Data. The rights you have in relation to the Personal Data we hold regarding you are:
- The right to be informed about our processing of your personal data
- The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed
- The right to object to processing of your personal data
- The right to restrict processing of your personal data
- The right to have your personal data erased (the right to be forgotten’)
- The right to request access to your personal data and information about how we process it
- The right to move, copy or transfer your personal data (‘data portability’)
- Rights in relation to automated decision making including profiling
If you have provided us with consent to process your information, you always reserve the right to withdraw this consent via the method detailed in the paragraph below. We are committed to ensuring that your wishes are respected and upon notification that you wish to withdraw your consent, the foundation will immediately cease processing the information in question.
Please be aware that the School may have another lawful reason to process the personal data in question even without your consent. That reason will usually have been stated under this Privacy Notice, or may exist under some form of contract or agreement with the individual e.g. employment or parent contract or membership of the Old Vigornians.
Please send any data related request to the foundation emailing firstname.lastname@example.org we try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You should be aware that certain data is exempt from the right of access. This may include information, which identifies other individuals, or information, which is subject to legal privilege. We are also not required to disclose any pupil examination scripts, nor any confidential reference given by the school for the purposes of the education, training or employment of any individual.
Changes to this Privacy Notice
We may change this Privacy Notice at any time to ensure it always accurately reflects the way we collect, use and safeguard your Personal Information. The date of the changes will be listed in the ‘Last update’ section below. Any substantial changes will be notified on our website, and to you directly as far as practicable.
This Privacy Notice should be read in conjunction with our other policies and terms and conditions, which refer to personal data including our Parent Contract, Employment Contract, Safeguarding Policy, Health and Safety Policy, Acceptable Use Policy and IT Policies.
A cookie is a small data file that certain websites write to your hard drive when you visit them. The only personal information a cookie can obtain is information supplied by the user. A cookie cannot read data from your hard disk or read cookie files created by other sites.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our website. They include cookies that enable you to log into secure areas of our website
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Social media cookies. These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of training your browser across other sites and building up a profile of your interests. This may impact on the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.
How can you make a complaint?
Please note that if you are not satisfied with the processing of your personal data as set out in this Privacy Notice, or consider that we have acted otherwise than in accordance with Data Protection Law please contact us at email@example.com
You have the right to make a referral or issue a complaint directly to the Information Commissioners Office (ICO), the data protection supervisory authority for England and Wales https://ico.org.uk/concerns, although the ICO recommends that steps are taken to resolve the matter with us before involving them.
Please contact us at firstname.lastname@example.org if you have any questions, comments or requests regarding this Privacy Notice.
25 March 2022