Learn more

Privacy Policy

subheading

1. Introduction 

Under UK data protection law, individuals have a right to be informed about how our trust and academies uses any personal data that we hold about them. We comply with this right by providing ‘privacy notices’ (sometimes called ‘fair processing notices’) to individuals where we are processing their personal data.

This privacy notice explains how we collect, store, and use personal data about individuals using the trusts online digital systems.

The Learning Community Trust is the ‘data controller’ for the purposes of UK data protection law. Our data protection officer is listed inline with the trust’s data protection policy.

 

2. The personal data we hold

Personal data that we may collect, use, store, and share (when appropriate) about you includes, but is not restricted to:

  • Name
  • Contact details
  • Information provided through your enquiry
  • Employment records, including work history, job titles, training records and professional memberships Contact details
  • References
  • Qualification information
  • Information about your use of our information and communication systems, equipment, and facilities (e.g. school computers)

 

We may also collect, use, store, and share (when appropriate) information about you that falls into ‘special categories’ of more sensitive personal data. This includes, but is not restricted to:

  • Information about race, ethnicity, religious beliefs, sexual orientation, and political opinions
  • Information about disability and access requirements
  • Photographs captured through online uploads

 

We may also collect, use, store, and share (when appropriate) information about criminal convictions and offences.

 

3. Why we use this data

We use the data listed above to:

a.     To deliver a service to you

b.     Enable us to establish relevant experience and qualifications

c.     Facilitate safe recruitment, as part of our safeguarding obligations towards pupils

d.     Enable equalities monitoring

e.     Ensure that appropriate access arrangements can be provided for candidates that require them

f.      Make sure our information and communication systems, equipment and facilities (e.g. school computers) are used appropriately, legally and safely

 

3.1 Use of your personal data for marketing purposes

Where you have given, us consent to do so, we may send you marketing information by email or text promoting the trusts and our academies events, campaigns, charitable causes or services that may be of interest to you.

You can withdraw consent or ‘opt out’ of receiving these emails and/or texts at any time by clicking on the ‘Unsubscribe’ link at the bottom of any such communication, or by contacting us.

 

3.2 Use of your personal data in automated decision making and profiling

We do not currently process any personal data through automated decision making or profiling. If this changes in the future, we will amend any relevant privacy notices in order to explain the processing to you, including your right to object to it.

 

3.3 Use of your personal data for filtering and monitoring purposes

While you’re communicating with us, we may monitor information and communication incoming and outgoing our systems. We do this so that we can:

  • Comply with our policies (e.g. child protection policy, IT acceptable use policy) and our legal obligations
  • Keep our network(s) and devices safe from unauthorised access, and prevent malicious software from harming our network(s)

 

4. Our lawful basis for using this data

Our lawful bases for processing your personal data for the purposes listed in section 3 above are as follows:

For the purposes of a, b, c, d, e, f from section 3 above, in accordance with the ‘public task’ basis – we need to process data to fulfil our statutory function as a school as set out here:

  • List any relevant legislation or guidance that applies
  • For the purposes of [list the relevant letter(s) from section 3 above], in accordance with the ‘legal obligation’ basis – we need to process data to meet our responsibilities under law as set out here:
  • List any relevant legislation or guidance that applies
  • For the purposes of [list the relevant letter(s) from section 3 above], in accordance with the ‘consent’ basis – we will obtain consent from you to use your personal data
  • For the purposes of [list the relevant letter(s) from section 3 above], in accordance with the ‘vital interests’ basis – we will use this personal data in a life-or-death situation
  • For the purposes of [list the relevant letter(s) from section 3 above], in accordance with the ‘contract’ basis – we need to process personal data to fulfil a contract with you or to help you enter into a contract with us
  • For the purposes of [list the relevant letter(s) from section 3 above], in accordance with the ‘legitimate interests’ basis – where there’s a minimal privacy impact and we have a compelling reason, including:
  • List your interests here

 

Where you have provided us with consent to use your data, you may withdraw this consent at any time. We will make this clear when requesting your consent, and explain how you would go about withdrawing consent if you wish to do so.

 

4.1 Our basis for using special category data

For ‘special category’ data, we only collect and use it when we have both a lawful basis, as set out above, and 1 of the following conditions for processing as set out in UK data protection law:

  • We have obtained your explicit consent to use your personal data in a certain way
  • We need to perform or exercise an obligation or right in relation to employment, social security or social protection law
  • We need to protect an individual’s vital interests (i.e. protect your life or someone else’s life), in situations where you’re physically or legally incapable of giving consent
  • The data concerned has already been made manifestly public by you
  • We need to process it for the establishment, exercise or defence of legal claims
  •  We need to process it for reasons of substantial public interest as defined in legislation
  •  We need to process it for health or social care purposes, and the processing is done by, or under the direction of, a health or social work professional or by any other person obliged to confidentiality under law
  • We need to process it for public health reasons, and the processing is done by, or under the direction of, a health professional or by any other person obliged to confidentiality under law
  • We need to process it for archiving purposes, scientific or historical research purposes, or for statistical purposes, and the processing is in the public interest

 

For criminal offence data, we will only collect and use it when we have both a lawful basis, as set out above, and a condition for processing as set out in UK data protection law. Conditions include:

  • We need to perform or exercise an obligation or right in relation to employment, social security or social protection law
  • We have obtained your consent to use it in a specific way
  • We need to protect an individual’s vital interests (i.e. protect your life or someone else’s life), in situations where you’re physically or legally incapable of giving consent
  • The data concerned has already been made manifestly public by you
  • We need to process it for, or in connection with, legal proceedings, to obtain legal advice, or for the establishment, exercise or defence of legal rights
  • We need to process it for reasons of substantial public interest as defined in legislation

 

5. Collecting this data

While the majority of information we collect about you is mandatory, there is some information that can be provided voluntarily.

Whenever we seek to collect information from you, we make it clear whether you must provide this information (and if so, what the possible consequences are of not complying), or whether you have a choice.

Most of the data we hold about you will come from you, but we may also hold data about you from:

  • Local authorities
  • Government departments or agencies
  • Police forces, courts or tribunals

 

6. How we store this data

We keep personal information about you during the application process. We may also keep it beyond this if this is necessary. Our [record retention schedule/records management policy] sets out how long we keep information about applicants.

Explain how to request a copy of your record retention schedule/records management policy, and link to it if it’s available online. Alternatively, insert your schedule and more information about how you store personal data here.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed.

We will dispose of your personal data securely when we no longer need it.

 

7. Who we share data with

Adapt the list below to reflect the third parties with which you share personal data about applicants. We’ve suggested some likely third parties, but amend and/or add to these as needed. Personalise where appropriate (e.g. specify who your local authority is).

In addition, for each third party, explain briefly why you share data with them and what makes the data sharing lawful. We’ve provided examples of how you might explain this in the first 2 bullet points below.

When listing the types of third parties you share data with below, you should either name each of the specific recipients or just the categories of recipients. If you’re naming the categories, be as specific as possible by indicating the type of recipient (i.e. the activities it carries out).

We do not share information about you with any third party without consent unless the law and our policies allow us to do so.

Where it is legally required, or necessary (and it complies with UK data protection law), we may share personal information about you with:

  • Our local authority [name of local authority] – to meet our legal obligations to share certain information with it, such as safeguarding concerns
  • Suppliers and service providers – to enable them to provide the service we have contracted them for, such as HR and recruitment support, and filtering and monitoring IT use
  • Professional advisers and consultants
  • Employment and recruitment agencies

 

7.1 Transferring data internationally

Adapt the text in square brackets below to indicate any international third parties you share data with, if any. For example:

  • Other schools or educational establishments
  • Government departments or agencies
  • Security organisations
  • App or cloud server providers
  • Filtering and monitoring providers

We may share personal information about you with the following international third parties, where different data protection legislation applies:

[Insert the relevant organisations and countries, and for each one explain whether you transfer data on the basis of an adequacy regulation (previously named ‘adequacy decision’) by the UK government, or if you’ve set up your own safeguards]

Where we transfer your personal data to a third-party country or territory, we will do so in accordance with UK data protection law.

In cases where we have to set up safeguarding arrangements to complete this transfer, you can get a copy of these arrangements by contacting us.

 

8. Your rights

8.1 How to access personal information that we hold about you

You have a right to make a ‘subject access request’ to gain access to personal information that we hold about you.

If you make a subject access request, and if we do hold information about you, we will (subject to any exemptions that may apply):

  • Give you a description of it
  • Tell you why we are holding and processing it, and how long we will keep it for
  • Explain where we got it from, if not from you
  • Tell you who it has been, or will be, shared with
  • Let you know whether any automated decision-making is being applied to the data, and any consequences of this
  • Give you a copy of the information in an intelligible form
  • You may also have the right for your personal information to be transmitted electronically to another organisation in certain circumstances.

If you would like to make a request, please contact us (see ‘Contact us’ below).

 

8.2 Your other rights regarding your data

Under UK data protection law, you have certain rights regarding how your personal data is used and kept safe. For example, you have the right to:

  • Object to our use of your personal data
  • Prevent your data being used to send direct marketing
  • Object to and challenge the use of your personal data for decisions being taken by automated means (by a computer or machine, rather than by a person)
  • In certain circumstances, have inaccurate personal data corrected
  • In certain circumstances, have the personal data we hold about you deleted or destroyed, or restrict its processing
  • Withdraw your consent, where you previously provided it for the collection, processing and transfer of your personal data for a specific purpose
  • In certain circumstances, be notified of a data breach
  • Make a complaint to the Information Commissioner’s Office
  • Claim compensation for damages caused by a breach of the data protection regulations

To exercise any of these rights, please contact us (see ‘Contact us’ below).

 

9. Complaints

We take any complaints about our collection and use of personal information very seriously.

If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance.

Alternatively, you can make a complaint to the Information Commissioner’s Office:

  • Report a concern online at https://ico.org.uk/make-a-complaint/
  • Call 0303 123 1113
  • Or write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

 

10. Contact us

If you have any questions or concerns, or would like more information about anything mentioned in this privacy notice, please contact our data protection officer:

[Name and contact details of your data protection officer]

You’re required to include the details of your data protection officer in your privacy notice. However, if your school has a data protection lead that you’d prefer to direct people to, use the following text instead:

Our data protection officer is:

[Name and contact details of your data protection officer]

However, our data protection lead has day-to-day responsibility for data protection issues in our school.

If you have any questions or concerns, or would like more information about anything mentioned in this privacy notice, please contact them:

[Name and contact details of your data protection lead]