S7 Privacy Notice
1 The Purpose of this Privacy Notice
S7 is a Peer Review and Development Group comprising eight sixth form colleges in the South East of England – Bexhill, BHASVIC, Collyer’s, Esher, Godalming, Reigate, Varndean, Woking. You can find more about us at www.s7colleges.com
The General Data Protection Regulation (GDPR) comes into effect on 25th May 2018 and will strengthen the rights which individuals have over the collection, processing and storage of personal data. This Privacy Notice is intended to inform you about personal information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (‘personal data’) and information that could not. In the context of the law and this notice, ‘process’ means collect, store, transfer, use or otherwise act on information.
2 How we use your personal Information
S7 promises to collect, store and process your personal data only for legitimate purposes. This Privacy Notice explains how we do this and tells you about your privacy rights and how the law protects you.
3 S7’s Privacy Promise
We promise to keep your personal data safe and private and give you a regular opportunity, at least once a year, to update it. We promise not to sell your personal data to a third party and we will not transfer your personal data to a third party unless there is a legal requirement to do so or a legitimate business need. We will give you access to your personal data within a reasonable time limit should you require it.
4 How the Law protects you
This Privacy Notice explains in some detail what kinds of personal information we collect, why we collect it, why and how we process it and how and for how long we store it. The Data Protection Act permits S7 to process your personal information if we have a legitimate reason, business reason or legal requirement to do so. Please see Table 1. For example, the personal information of the S7 Director and S7 Officer will be shared with the HR and Finance Departments of one of the S7 colleges for pay roll and employment purposes and also for the purpose of staff development and appraisal. The college may have a legal duty to share your information, for example in relation to safeguarding or PREVENT or we may ask you to consent to us sharing or processing your personal information for advertising purposes or reporting purposes, for example attendance at meetings.
5 How We Collect Your Personal Data
We collect personal data from you when you take on a particular role at college or attend a training or staff development session. The type of personal data we collect depends on your role within S7. Please see Table 1.
Table 1
Personal Information Type*
This list is not exhaustive |
Description | Reasons for requesting Personal Data which lie within business and legitimate interests and legal duties*
This list is not exhaustive |
Contact | Your name, your job title and how to contact you e.g., email address, mobile phone numbers and college extension number
Staff in S7 colleges, Student Union members from the S7 colleges, external (non-S7) trainers Your name and how to contact you, e.g., home and mobile phone numbers, email address S7 Director and S7 Officer |
There are a number of business and legitimate reasons it is necessary to contact you or for us to hold this information. For example, to let you know details about a particular course or meeting that you have signed up for.
Student Union member names and Student Union roles are collected for those attending S7 Student Union Days. We will delete this information after the event has taken place. We will request mobile phone numbers only from trainers delivering workshops at our S7 Conferences. This information is used solely by the S7 Director and Officer as a means of emergency contact and the information is deleted when the conference has ended. This information will be held securely and not shared with anyone else or made public. Some internal email groups will be created in which you will be able to see other members’ email addresses. |
Contractual | Details about your employee’s contract including qualifications and references
S7 Director and S7 Officer
|
To manage employee and employer relationships.
Fulfilling contractual obligations is a legal duty |
Special types of personal data | The law and other regulations treat some types of personal information as special. We will only collect and use these types of data if the law allows us to do so: racial or ethnic origin, religious or philosophical beliefs, trade union membership, genetic and bio-metric data, health data including gender, criminal convictions and offences
S7 Director and S7 Officer
|
In order to monitor diversity effectively, it is necessary to collect personal information across all nine of the protected characteristics under the Equality Act 2010. You may be asked to complete an Equal Opportunities Form, although completion is voluntary. |
Financial | Your bank details.
S7 Director and S7 Officer
|
This may be to pay staff or reimburse expenses. |
Transactional | Details about payments to and from your accounts with us, and salary payments
S7 Director and S7 Officer
Details about professional progress S7 Director and S7 Officer, staff attending S7 training courses
|
S7 also has a legal duty to make additional employer payments relating to salary for example National Insurance contributions and LGPS and TPS pension contributions
We share this information between line managers for the purposes of monitoring professional progress (appraisal and more widely performance management) and for the purposes of reference writing |
Documentary Data | Details about you that are stored in documents in different formats, or copies of them. This could include things like your passport, driver’s licence, birth certificate or qualification certificates.
S7 Director and S7 Officer |
We collect this information to ensure you are qualified or have the residency status to take up the job role for which you have been employed. |
6 Sharing your personal information with third parties
A staff member’s information may be shared internally, for example college email address and S7 courses previously attended. Where S7 engages non-statutory third parties to process personal data on its behalf, for example payroll for staff, S7 requires them to do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of personal data. For S7 staff we will share some of your personal information such as your name, address and date of birth with the Disclosure and Barring Service (DBS) so that they can check whether you have any previous convictions which would make you unsuitable for working with young people.
7 How we store your data
Data will be stored in a range of different places, including the password protected computer hard drives of the S7 Director and S7 Assistant and on paper in secure places. S7 takes the security of personal data seriously.
Sending data outside of the EEA
We will not send your personal data outside of the European Economic Area (‘EEA’).
Marketing
We may use your personal information, including images of you (photos or videos) in publicity material such as advertisements, information leaflets, newsletters, press releases or on our website to raise awareness of the services provided by S7. We will always ask your consent to use your personal information for specific marketing purposes.
8 Use of our Website
Wherever possible, we aim to obtain your explicit consent to process information gleaned from your use of the S7 website, for example, by asking you to agree to our use of cookies.
Sometimes you might give your consent implicitly, such as when you send us a message by e-mail to which you would reasonably expect us to reply.
Except where you have consented to our use of your information for a specific purpose, we do not use your information in any way that would identify you personally. We may aggregate it in a general way and use it to provide class information, for example to monitor the performance of a particular page on our website.
9 Personal Information and Automated Decisions
We sometimes use systems to make automated decisions for example regarding staff attendance at S7 training sessions.
10 How long we keep your personal information
We will keep your personal information for as long as you are an S7 member of staff or for 3 years whichever is the longer.
Letting us know if your personal information is incorrect
You have the right to question any personal information we hold that you think is wrong or incomplete. Staff should update their personal data via the S7 Director or S7 Officer.
11 How to get a copy of the personal information we hold
You can request to see the personal information we hold by contacting the S7 Director or S7 Officer. Under GDPR, from 25 May 2018, you will have the right to request your personal information from us in a format that can be easily re-used. You can also ask us to pass on your personal information in this format to other organisations.
12 What if you choose to withhold your personal information or withdraw your consent for us to hold and process your information?
If you choose not to give us this personal information, or withdraw your consent to us holding or processing your personal information, it may delay or prevent us from meeting our obligations to you as a member of S7, e.g. you may not be able to attend S7 training events or meetings
What if you want us to stop using your personal information?
You have the right to object to our use of your personal information, or to ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. This is known as the ‘right to object’ and ‘right to erasure’, or the ‘right to be forgotten’.
13 Complaints
If you have a complaint about the way we are processing your data or any aspect of this Privacy Notice, please address your complaint in the first instance to the S7 Director. You also have the right to complain to the Information Commissioner’s Office if you believe we are processing your personal data without a legitimate reason to do so. The complaints form is available from their website. https://ico.org.uk/concerns/.
14 Legal Framework
The member colleges of S7 will remain data controllers. S7 will process the data on behalf of the members for relevant activities/events.
Date: December 2018
Author: Brett Freeman, Chair of S7