Data Protection policy (GDPR)

Similar documents
Element Finance Solutions Ltd Data Protection Policy

Creative Funding Solutions Limited Data Protection Policy

Privacy Policy Inhouse Manager Ltd

PS Mailing Services Ltd Data Protection Policy May 2018

Data Protection Policy

Toucan Telemarketing Ltd.

Data Protection Policy

Data Protection Policy

Data Protection Policy

Castle View Primary School Data Protection Policy

Data Protection Policy

Care Recruitment Matters Limited Privacy Notice

DATA PROTECTION POLICY THE HOLST GROUP

Enviro Technology Services Ltd Data Protection Policy

Privacy Policy. England Athletics Limited commitment to Privacy. Introduction. The information we collect about you. The information provided to us

UWTSD Group Data Protection Policy

Pathways CIC Privacy Policy. Date Issued: May Date to be Reviewed: May Issued by Yvonne Clarke

St Bernard s Primary School Data Protection Policy

Data protection. 3 April 2018

Data Protection Policy

UKIP needs to gather and use certain information about individuals.

Data protection policy

Guardian Electrical Compliance Ltd DATA PROTECTION GDPR REGULATIONS POLICY

Privacy and Data Protection Policy

Adkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts

Data Protection Policy & Procedures

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

A Homeopath Registered Homeopath

PRIVACY POLICY. 1. Introduction

CHASE GRAMMAR SCHOOL PRIVACY STATEMENT General Data Protection Regulations (GDPR)

Elders Estates Privacy Notice

Privacy and Cookies Policy EH Hotel 2018 Ltd

UWC International Data Protection Policy

PRIVACY NOTICE (TIER 4)

PRIVACY POLICY. What personal data we collect and why we collect it IN ORDER TO: (Date of last update: 1 st January 2019)

PRIVACY POLICY BACKGROUND:

HBW LAW LTD T/A HESELTINE BRAY & WELSH

Motorola Mobility Binding Corporate Rules (BCRs)

DLB Privacy Policy. Why we require your information

Data Subject Access Request

Spectrum Wellness Privacy Statement

M T BUCKLEY & Co Chartered Accountants

Data Protection policy

These pieces of information are used to improve services for you through, for example:

HOW TO EXERCISE YOUR DATA SUBJECT RIGHTS

GDPR Compliance. Clauses

GDPR- the new General Data Protection Regulations. Staff PDM- 2 nd May 2018

1.7 The Policy sets out the manner by which the University will respond to Subject Access Requests.

Privacy Policy. Due Diligence Checking Limited ( We or Us ) are committed to protecting and respecting your privacy.

CURTIS BANKS LIMITED. Privacy Information Notice. curtisbanks.co.uk

Made In Hackney Data Protection Policy Last Updated:

Staff and Recruitment Privacy Notice Your personal information

DATA SUBJECT ACCESS REQUEST PROCEDURE

BELLISSIMA BEAUTY SALON PRIVACY NOTICE

Xpress Super may collect and hold the following personal information about you: contact details including addresses and phone numbers;

General Data Protection Regulation (GDPR) Policy

PORTICO PRIVACY NOTICE

Privacy and cookie policy

Wonde may collect personal information directly from You when You:

Privacy Policy: Data & Information Security Policy Last revised: 9 May 2018

PRIVACY NOTICE: UK NARIC ANNUAL CONFERENCE

Privacy Policy Who are we? What personal date or information do we collect? How do we collect data or information from you?

Privacy Policy. Information about us. What personal data do we collect and how do we use it?

Learning Management System - Privacy Policy

Data Protection Privacy Notice

General Data Protection Regulation (GDPR) Key Facts & FAQ s

NCG Carlisle College Privacy Statement

DATA PROTECTION POLICY

The JJs Hair Group Privacy Policy

Data Protection Policy

We may change the privacy notice from time to time by amending this page. What type of information will we collect from you?

Subject: Kier Group plc Data Protection Policy

The Provincial Grand Lodge and Chapter of East Lancashire. Data Protection Act 1998

letters to The Scottish Parliament and texts to

Privacy and Cookies Policy

GDPR Data Protection Policy

Privacy notice. Last updated: 25 May 2018

RVC DATA PROTECTION POLICY

Policy & Procedure Privacy Policy

BARTON HALL LTD PRIVACY STATEMENT

GDPR effects on Gift Aid. Presented by Keren Caird Business Development Gift Aid Manager Sue Ryder

Our Data Protection Officer is Andrew Garrett, Operations Manager

2. Who we collect information (data) from & why we collect it

PATRIOT CAMPERS PTY LTD PRIVACY POLICY

SOUTHFIELD SCHOOL PROCEDURE FOR RECEIVING AND RESPONDING TO SUBJECT ACCESS REQUESTS

Privacy Notice For Ghana International Bank Plc customers

BISHOP GROSSETESTE UNIVERSITY. Document Administration. This policy applies to staff, students, and relevant data subjects

Blue Alligator Company Privacy Notice (Last updated 21 May 2018)

FOUNDRY COLLEGE. General Data Protection Regulation (GDPR) Policy Incorporating Freedom of Information

Website Privacy Statement

Retention & Archiving Policy

THE BERKSHIRE ARCHERY COACHING GROUP PRIVACY NOTICE

GDPR SUBJECT ACCESS REQUESTS PROCEDURE

REAL RENTS PROPERTY MANAGEMENT LTD PRIVACY NOTICE

Privacy Policy Wealth Elements Pty Ltd

A1 Complete Plumbing and Heating Limited Job Applicant Privacy Notice

The isalon GDPR Guide Helping you understand and prepare for the legislation

TABLE OF CONTENTS. Page

DATA PROTECTION POLICY

Transcription:

Data Protection policy (GDPR) This is the statement of general policy and arrangements for: Overall and final responsibility for health and safety is that of: Day-to-day responsibility for ensuring this policy is put into practice is delegated to: Isca School of English Sarah Tomlinson, Richard Tomlinson, Jo Tomlinson, DOS Privacy statement Responsibility of (Name / Title) Action / Arrangements (Customise to meet your own situation) Your rights Sarah Tomlinson, Principal, DPO You have the following rights under data protection legislation: 1. to access a copy of the comprised in your personal data; 2. to object to processing of your personal data that is likely to cause or is causing damage or distress 3. to prevent processing for direct marketing 4. to object to decisions being taken by automated means; 5. in certain circumstances, to have inaccurate personal data rectified, blocked, erased or destroyed; and 6. to claim compensation for damages caused by a breach of data protection legislation. Sharing your data Sarah Tomlinson, Principal, DPO We may share your Data with partners such as British Council and English UK, and third- party data managers that we appoint as data processors as part of administering your involvement in the school (Oxford University Placement test, DBS). We will not transfer your data to any other third parties without obtaining your consent and, where possible, will anonymise your data before sharing. We will also not share any other personal data you provide to us. Data Protection and Privacy Policy Sarah Tomlinson, Principal, DPO All of the personal data we collect from you will be collected, stored and processed in accordance with the terms of ISCA s Data Protection and Privacy Policy which follows below Complaints Sarah Tomlinson, Principal, DPO If you have any concerns or complaints in relation to how ISCA collects and/or processes your personal data, you should contact ISCA s data protection officer in the first instance by emailing study@iscaschool.com. If you are dissatisfied with how your concern/complaint is dealt with by ISCA, you have the right to report your concern/complaint to the Information Commissioners Office

Produced by Sarah Tomlinson Date: 11.04.2018 Subject to review, monitoring and revision by: Sarah Tomlinson Every: 12 months or sooner if work activity changes

Data Protection and Privacy Policy Organisation name: Isca School of English Our legal bases for processing your How we use your We will process your Data on the basis of the following legitimate interests: To check and validate data to support administrative processes. For example: DBS checks, Oxford University placement test, payroll and legal requirements Providing relevant and necessary via email, text, post to you about Isca We may use your personal for a number of purposes, including: To deal with your requests and enquiries. To contact you for reasons related to your enquiry. To notify you about Events. To be used by staff to organise training and other matters Protecting your Storage of Data In cases when data is stored on printed paper, it will be kept in a secure place where unauthorised personnel cannot access it. Printed data will be securely shredded when it is no longer needed Data stored on computers will be protected by strong passwords that are changed regularly. Data stored on CDs or memory sticks must be locked away securely when they are not being used The DPO must approve any cloud used to store data Servers containing personal data must be kept in a secure location on site or with an approved third party IT provider Data should be regularly backed up If data is stored directly to mobile devices such as laptops, tablets or smartphones or to equipment not belonging to the Isca School they will have to have file encryption. All servers containing sensitive data must be approved and protected by security software and a firewall. The data that we collect from you may be transferred to a destination external to Isca s own secure network (Oxford University Press). By submitting your personal data, you agree to this transfer, storing or processing. We will take all reasonable steps to ensure that your data is treated securely and in accordance with this privacy policy. The Internet is not generally a secure medium for communication and therefore we cannot guarantee the security of any you send to us over the Internet. We use up-to-date industry procedures to protect your personal.

Finding out what EH holds about you Your responsibilities Data retention Under the Data Protection Legislation, you can ask to see any personal that we hold about you. Such requests are called subject access requests. If you would like to make a subject access request, please contact Isca s Data protection officer: Isca School of English 4 Mount Radford crescent EX2, 4EN You must take reasonable steps to ensure that personal data we hold about you is accurate and updated as required. For example, if your personal circumstances change, please inform the Data Protection Officer so that they can update your records. Children Only children aged 13 years and over may lawfully provide their own consent for the processing of their personal data in the UK accordingly an adult with parental responsibility must provide consent for processing if the child is under 13; and in cases where the child is between the age of 13-18 consent from both parent and child should be obtained Any data that we collect from you will be deleted in accordance set out beliow: You will also need to provide two forms of identification, for example, driving licence, utility bill or passport and, if appropriate, any particulars about the source or location of the you are requesting. Student registration after 6 years (HMRC Legislation) Host family data 4 years after a host family has not played an active part in hosting student or immediately if you request this. Staff Information registration after 6 years (HMRC Legislation) Registration lists, entry forms and results for ISCA open after 6 years (HMRC Legislation Payroll contact details 5 years post employment Employees bank detail 3 years post employment Pension details 75 years post employment Payroll tax details 6 years post employment Human resources files (ie your staff files) 6 years post employment Recruitment files for unsuccessful candidates 6 months post campaign max Removal of Data A data subject may request that any held on them is deleted or removed, and any third parties who process or use that data must also comply with the request. Reporting breaches All staff have an obligation to report actual or potential data protection compliance failures. This allows us to: Investigate the failure and take remedial steps if necessary

Maintain a register of compliance failures Notify the Supervisory Authority (SA) of any compliance failures that are material either in their own right or as part of a pattern of failures Training All staff must be aware of the policy and will receive relevant advice and/or training on this policy if relevant to their roles. Further training will be provided at least every two years or whenever there is a substantial change in the law or our policy and procedure. Monitoring Everyone must observe this policy. The DPO has overall responsibility for this policy. They will monitor it regularly to make sure it is being adhered to.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback