A PDF version of our Data Protection Policy is available on request.

Data Protection Policy

HEGS is registered with the Information Commissioner’s Office as a Data Controller.

Contents:
1. General Statement of the HEGS's Duties and Scope
2. Definitions
3. Data Protection Controller and Data Protection Officer
4. The Principles
5. Personal Data
6. Use of Personal Data
7. Data Security
8. Rights of the Data Subject
9. Criminal Convictions and Offences
10. Rights of Access to Information (Subject Access Request or ‘SAR’)
11. Exemptions
12. Accuracy
13. Enforcement
14. Retention of Data
15. Changes to this Data Protection Policy

1. General Statement of HEGS’s Duties and Scope
Heart of England Guardianship Services Ltd (“HEGS”) is required to process relevant personal data regarding members of Staff, Students, Parents and Home Stay Families, and shall take all reasonable steps to do so in accordance with this policy. HEGS does not sell or distribute personal data.

2. Definitions
“HEGS” is Heart of England Guardianship Services Ltd, incorporated in England and Wales, company number 07706633. “Pupils” is all persons for which HEGS are the Guardians. “Record” is an electronic entry in a database, photographs, electronic (copies of) documents as well as hard copy (prints) such as letters, receipts, bookings, invoices, DBS certificates stored by HEGS. “All Staff” is all staff or employees of HEGS, including those on temporary or part time contracts, Agents and volunteers. “Parental consent”, includes the consent of a guardian or custodian. “Data Subject”, is a living natural individual to whom the personal data relates.

3. Data Protection Controller and Data Protection Officer
HEGS has appointed Dan Hakstege, a Director of HEGS, as the Data Protection Controller (DPC) and Data Protection Officer (DPO) who will attempt to ensure that all personal data is processed in compliance with this Policy and the Principles of current Data Protection Legislation.

4. The Principles
HEGS shall comply with the Data Protection principles contained in the legislation to ensure all data is:-
1. Fairly and lawfully processed in a transparent manner.
2. Processed for a legitimate purpose.
3. Adequate, relevant and not excessive.
4. Accurate and up to date.
5. Not kept for longer than necessary.
6. Processed in accordance with the data subject's rights.
7. Processed securely.

5. Personal Data
Personal data covers both facts and opinions about an individual where that data identifies an individual. For example, for each Pupil HEGS holds a Record and HEGS can add a summary of (telephone) conversations, texts and emails it to this record. Personal Data may also include sensitive personal data as defined in the legislation.
Personal Data is collected when you request information or make enquiries about any of our services, we may use the personal data you provide to fulfil your request or respond to your enquiry. It is in your interest for us to use your personal data in this way so that you receive the information you have requested.
Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses, date of birth, gender, nationality, passport number, police registration will be collected from you when you apply for our Guardianship Services. We need to collect and use the above information in order to consider and process your application.
If necessary, we also collect personal data about your health to allow us to make specific arrangements for you regarding your accommodation.
If you use an education consultant (Agent) to arrange your application and study with us, we may collect the categories of personal data described above from your consultant.

6. Use of Personal Data
HEGS will only use your personal data in accordance with the law. Most commonly, we will use your personal data in the following circumstances:
• Where we need to perform a contract we have entered into with you.
• Where we need to comply with a legal obligation.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do
not override those interests.
• Where we need to protect your vital interests (or someone else's interests).
• Where it is needed in the public interest or for official purposes.

HEGS does not use Personal Data and Records for marketing purposes, unless specific written authorisation is obtained from the Data Subject and his/her legal custodian in case where the Data Subject is a minor.

HEGS does not provide its Records to any Third-Party Data Processor and does not store any Records on-line (“the cloud”).

7. Data Security
HEGS will take appropriate technical and organisational steps to ensure the security of Personal Data and Records.
All Staff will be made aware of this policy and their duties under the legislation. Violations of this policy by Staff may be treated as misconduct or gross misconduct.
An appropriate level of data security must be deployed for the type of data and the data processing being performed. In most cases, personal data must be stored in appropriate systems and should be encrypted when transported offsite. Some other personal data such as allergy information may be appropriate for distribution to Home Stay Families or schools and colleges.

8. Rights of Data Subject
GDPR expands the rights of the data subject over previous legislation, specifically data subjects have:
1. The right to be informed.
2. The right of access.
3. The right to rectification.
4. The right to erasure.
5. The right to restrict processing.
6. The right to data portability.
7. The right to object.
8. Rights in relation to automated decision making and profiling.
If you wish to exercise any of these rights, please contact HEGS. Information on the right of access and how to exercise that are specifically detailed in this policy.
Not all rights are applicable to all personal data and may depend on the lawful basis that personal data is being processed under.

9. Criminal Convictions and Offences.
HEGS does not maintain registers of or process data on Criminal Convictions and offences, other than is required for safeguarding purposes. Specifically, Enhanced DBS checks are required for All Staff and Home Stay Families over the age of 16. Where convictions or adverse findings are present that data is used as part of a risk assessment.

10. Rights of Access to Information (Subject Access Request or ‘SAR’)
Data subjects have the right of access their Personal data held by HEGS, subject to the provisions of current Data Protection legislation. Any Data Subject wishing to access their personal data should put their request in writing to the DPC or DPO. HEGS will respond to any such written requests as soon as is reasonably practicable and, in any event, within one month for access to personal data and 21 days to provide a reply to a Subject Access Request. Proof of identity is required before any information will be made available.
Only the DPC or DPO may accept or respond to a Subject Access Request. Any other staff receiving such a request MUST immediately pass it to the DPC / DPO for processing or refer the person making the request to the DPC / DPO.

11. Exemptions
Certain personal data or obligations are exempted from the some of the provisions of the Data Protection legislation which includes matters such as processing for National Security and Public Security, the prevention or detection and prosecution of criminal offences. The above are examples only of some of the some of the exemptions under the legislation. Any further information on exemptions should be sought from the DPC or DPO.

12. Accuracy
HEGS will endeavour to ensure that all personal data held in relation to all Data Subjects is accurate. Data Subjects must notify the College of any changes to information held about them.

13. Enforcement
If an individual believes that HEGS has not complied with this policy or acted otherwise than in accordance with data protection legislation, the member of staff should utilise the College grievance procedure and should also notify the DPC or DPO.

14. Retention of Data
HEGS may retain data for differing periods of time for different purposes as required by law or best practice. Statutory obligations, legal processes and enquiries may also direct the retention of certain data. HEGS may store some data such as Application Forms, photographs, exam results, achievements, books and works indefinitely in its archive.

15. Changes to this Data Protection Policy
We reserve the right to update this Data Protection Policy at any time.

You are viewing the text version of this site.

To view the full version please install the Adobe Flash Player and ensure your web browser has JavaScript enabled.

Need help? check the requirements page.


Get Flash Player