English Talks is committed to the protection of all personal and sensitive data for which it holds responsibility as the Data Controller and the handling of such data in line with the data protection principles and the Data Protection Act (DPA).
All staff and students have been informed of the new and updated GDPR (2018). Changes to data protection legislation implemented in the school’s policy shall be monitored in order to remain compliant with all legal requirements.
The legal basis for Collection and Use of your Personal data is as follows:
(a) Consent: The member of staff/student/parent has given clear consent for the school to process their personal data for a specific purpose.
(b) Contract: The process is necessary for the member of staff’s employment contract or student placement contract.
(c) Legal obligation: The process is necessary for the school to comply with the law (not including contractual obligations)
Staff responsible for data protection are in Management, Marketing, and Administration departments. However, all staff must treat all student information in a confidential manner and follow the guidelines as set out in this document. The school is also committed to ensuring that its staff are aware of data protection policies, legal requirements and adequate training is provided to them. The requirements of this policy are mandatory for all staff employed by the school and any third party contracted to provide services within the school.
All data within the school’s control shall be identified as personal, sensitive, or both to ensure that it is handled in compliance with legal requirements, and access to it does not breach the rights of the individuals to whom it relates.
The principles of the Data Protection Act shall be applied to all data processed:
English Talks will ensure that:
We shall be transparent about the intended processing of data and communicate these intentions via notification to staff and students prior to the processing of an individual’s data. All students are required to sign an application form with clearly stated Terms & Conditions which include information on personal data processing within the school according to the school’s policy and legal requirements.
In order to assure the protection of all data being processed and inform decisions on processing activities, we shall undertake an assessment of the associated risks of proposed processing and equally the impact on an individual’s privacy in holding data related to them. Security of data shall be achieved through the implementation of proportionate physical and technical measures. Nominated staff shall be responsible for the effectiveness of the controls implemented and report the performance.
All individuals, whose data is held by us, has a legal right to request access to such data. Personal data about students will not be disclosed to third parties without their consent unless it is obliged by law.
Where any personal data is no longer required for its original purpose, an individual can request that the data is erased by the school including any data held by external contractors.
Images of staff and pupils may be captured at appropriate times and as part of educational activities for use in school media only. Unless prior consent from students/parents/staff has been given, the school shall not utilise such images for publication or communication to external sources. It is the school’s policy that external parties may not capture images of staff or students without prior consent.
These guidelines are clearly communicated to all school staff, and any person who is found to be intentionally breaching this conduct will be disciplined in line with the seriousness of their misconduct.
The school recognises that the secure disposal of redundant data is an integral element to compliance with legal requirements and an area of increased risk. All data held in any form of media (paper & documents must be shredded. All (tape, electronic and media) should be wiped and physically destroyed when no longer required.
All data shall be destroyed to agreed levels meeting recognized national standards, with confirmation at completion of the disposal process. Disposal of IT assets holding data shall be in compliance with ICO guidance.
The school has identified a qualified source for disposal of IT assets and collections. The school also uses Shred-it to dispose of sensitive data that is no longer required.