This policy applies to the Personal Data we collect and process when you visit Milton Keynes Preparatory School websites (http://www.mkprep.co.uk, https://www.bmprep.co.uk, http://www.waltonpps.co.uk), and in the usual course of our business, such as in connection with our recruitment, events, sales and marketing activities or when you visit our schools in person. In this section, “you” and “your” refer to visitors to the website.
The General Data Protection Regulation helps this policy set out the school’s commitment to protecting the rights and freedoms of data subjects and the safe and secure processing of their data in accordance with our legal obligations. This policy describes how the school collects, handles and processes, stores and deletes this data.
For the purposes of the General Data Protection Regulation we are the data controller and our School Support Centre is located in:
Milton Keynes Preparatory School
Our Information Commissioner’s officer registration number is ZA152933.
Data Controller – the entity which decides how and why and under what conditions personal data is processed. This is the Proprietor.
Data Processor – This is the person who processes the data on behalf of the data controller.
Data Protection Officer (DPO) – The person who is responsible for ensuring that the school adheres to the GDPR principles.
Data Subject – A living person to whom the personal data relates
Personal Data – This includes everything from which a data subject can be identified, such as name, physical address, email address, identification number and health records. Personal data can include expressions of opinion about that individual, file notes or minutes and communications (such as email) about them.
Sensitive Personal Data – Some categories of data are ‘special category data’ under the GDPR, broadly equivalent to ‘sensitive personal data’. This includes information about the individual’s race, ethnicity, political opinions, religion, trade union status, health, gender, sexual orientation and criminal record. Such information is treated with particular care. Financial data is also treated as ‘sensitive personal data’.
Processing– This means obtaining, recording or holding data or carrying out any operation on it, including its retrieval, consultation or use.
3 INFORMATION WE COLLECT ABOUT YOU
3.1 Information you give us
You may give us personal data about you, in several ways; these include:
3.1.1 using, visiting or interacting with our website (such as filling out forms or registering on our website);
3.1.2 visiting our school;
3.1.3 corresponding with us by phone, e-mail or post; and
3.1.4 sending information directly to us, for example when paying our fees, giving us medical records or information about your child’s health, completing school admission forms, signing our parent contract or providing information as requested by us and/or which is necessary from time to time.
3.2 The information you give us may include the following information about you and / or your child/children:
3.2.1 full name;
3.2.2 date of birth;
3.2.3 contact details (including home address, e-mail address, and mobile, home and/or work phone number);
3.2.4 financial and credit card information;
3.2.5 (where appropriate) family circumstances (including your relation to the child and your marital status); and
3.2.6 race, religion and ethnicity.
3.2.7 medical history (allergies, dietary requirements);
3.3 With regard to each of your visits to our website we may automatically collect the following information:
3.3.1 technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
3.3.2 information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); pages you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our number.
3.4 Third Party Websites
Our website may contain links to and from the websites of our partner networks, advertisers, suppliers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
4 INFORMATION WE RECEIVE FROM OTHER SOURCES
We may be working closely with third parties (including, for example, your child’s previous or new school(s), medical practitioners, photographers, local authorities, education authorities, business partners, payment and delivery services, debt collectors, lawyers and credit reference agencies) and may receive information about you from them.
5 LAWFUL BASIS FOR WHICH THE SCHOOL PROCESSES DATA
The school processes data for the following reasons:
6 HOW WE USE YOUR DATA
Information you give to us
6.1 We will use the information you give to us to pursue the following legitimate interests:
6.1.1 to respond to and process any online enquiries made to our schools;
6.1.2 to provide you with marketing, news and event information by email (for example, news, after school clubs or open days);
6.1.3 to store this information on the school’s chosen management information system;
6.2 In order to pursue the legitimate interests referred to in paragraphs 6.1.3, our schools also rely on software applications and other technology to process personal data about you and your children. These include the school’s management information system. The third parties we use to deliver these applications are carefully chosen and vetted by us to ensure that, among other things, your and your child’s personal data is kept secure. For further information on the kind of technology we use, please contact our Data Protection Officer.
6.3 We will also use the information you give to us as is necessary to carry out our obligations arising from the contract (or potential contract) between you and us and to provide you with the information and services that you request from us. For example, we will provide education services to your child and will use personal data where necessary to deliver these services. We will also use your personal information to invoice you for our services pursuant to the contract between you and us. We will also require a certain amount of personal information about you and your child at the pre-contract enquiry and application stage.
Information we collect about you from our website
6.4We will use this information for the following legitimate interests:
6.4.1 to contact you if you have made an enquiry to one of our schools via our online enquiry form and/or to inform you about available places in the future;
6.4.2 to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
6.4.3 to provide, operate, optimize, and maintain our websites;
6.4.4 to improve our website to ensure that content is presented in the most effective manner, and your online experience is as effective and appropriate as possible, for you and for your computer;
6.4.5 to allow you and your child to participate in interactive features of our service, when you choose to do so;
6.4.6 as part of our efforts to keep our website safe and secure.
6.4.7 for recruitment purposes if you have applied for a role with MKP
6.4.8 to send you information for marketing purposes, if you have chosen to opt-in to receive this information from us by emailand in accordance with your marketing preferences; for example, regular updates about the school.
Information we receive from other sources
6.5 We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for one of the purposes set out above (depending on the types of information we receive). For example, we may receive a court order relating to you which impacts on our use of your and your child’s information to protect the welfare of the child. Also, social services or health practitioners may provide us with information (particularly sensitive personal data) about your child. This kind of processing of sensitive personal data may be necessary (a) for the purposes of carrying out our obligations in the field of social security or social protection law, (b) for medical diagnosis or provision of health care and/or (c) to protect the vital interests of your child or another person taking into account the mental and physical capacity of your child.
When we disclose information
6.6 In order to pursue one of the legitimate interests set out above, we may share your and your child’s personal information with:
6.6.1 local authorities, education authorities (for example, ISI or Ofsted), the Department for Education, SEN co-ordinators, social services or the police where we have reason to believe there are safeguarding concerns in respect of your child;
6.6.2 where your child is not British, we may have to provide information about you or your child to UK Visas and Immigration;
6.6.3 business partners, professional advisors, debt collectors, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
6.6.4 credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
Where we need to get your consent
6.8 We will not market services to you without your consent and you have the right to ask us not to use your contact details for marketing.
6.9 We will also seek your permission if we wish to post any photographs of you or your child on any of our marketing materials or platforms (including our prospectus, advertisements or social media sites and website).
6.10 You or your child do not have to give us details about your child’s race, religion or ethnicity if you do not want to. If you do provide us with this information, we only use these details to assist us with the day-to-day running of the school (for example, if your child’s religion means that he or she has particular dietary requirements then we will of course be much better informed if we have this information to cater to your child’s requirements) and for equal opportunities monitoring purposes.
Where you have given consent to the above, you can withdraw this consent at any time by contacting the Data Protection Officer.
7 TRANSMISSION OF PERSONAL INFORMATION OUTSIDE THE EEA
The data that we process about you and your child may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). We try to limit this where possible but it may be necessary where, for example, one of our suppliers has a data centre outside the EEA. We will take all steps reasonably necessary to ensure that your and your child’s data is treated securely and in accordance with this privacy notice and that the appropriate legal safeguards are in place prior to the transfer, for example ensuring that any contracts between us and the recipient of the information have EU-approved standard data protection clauses, or the country we are transferring the data to is deemed by the EU Commission as adequate.
8 YOUR RIGHTS
Under the GDPR, you have the following rights:
Right to be Informed about the processing of your personal data
Right to Request Access. You have the right to access the personal data we hold about you. An SAR (Subject Access Request) should be made to the Data Protection Officer in writing to Milton Keynes Preparatory School, Tattenhoe Lane, Milton Keynes, MK3 7EG or by email at firstname.lastname@example.org. However, the school will also accept such requests received verbally, in person or by telephone. The school will verify the identity of the person making the request and a response to the SAR will be supplied to the requestor within 28 days of receiving the SAR, free of charge.
In circumstances where the request is complex, the deadline can be extended by a further two months. If this is the case, then the DPO will inform the requestor within one month of receipt of the request, explaining why the extension is necessary. The information will be supplied to the requestor within two months from the end of the first 28 day period.
The school can refuse to respond to certain requests and in such cases, an explanation will be supplied to the requestor.
Right to Correction. You have the right to have inaccurate personal data about you or your child rectified. Upon request we offer Data Subjects the ability to have inaccuracies corrected in contact information. Data Subjects can have their information amended by sending an e-mail to the DPO at email@example.com. Requests to amend data will normally be processed within 28 days.
Right to Erasure. You have the right to request that we delete your and your child’s personal data where: (a) the personal data are no longer necessary in relation to the purposes for which they were collected or processed; (b) you withdraw your consent to processing for which we previously obtained your consent; (c) you object to the processing and, as a result, we agree to cease that processing (please see paragraph 7.1.5 for more details); (d) the personal data has been unlawfully processed; and (e) we are required to erase the personal data in order to comply with the law.
Right to Restriction. You have the right to obtain from us the restriction of processing where: (a) you contest the accuracy of the personal data we hold about you; (b) the personal data has been unlawfully processed; (c) we no longer need the personal data but they are required in limited circumstances; and (d) you object to the processing and, as a result, we agree to cease that processing.
Right to Request Transfer. In certain circumstances, you have the right to obtain personal data from us in a structured, commonly used and machine-readable format and the right to transfer it to a third party organisation.
Right to Object. You have the right to raise an objection to any of our processing in paragraphs 5.1 and 5.2. Please tell us if you object to any type of processing that we do and we will work with you to address any concerns you may have.
Right to object to marketing. If you do not want us to process your personal data for direct marketing, please tell us and we will ensure that we no longer do this.
Right to complain to the ICO. Whilst we would always prefer it if you approached us first about any complaints or queries you may have, you always have the right to lodge a complaint with the Information Commissioner’s Office.
Residents of the EEA. In addition, if you are a resident of the EEA, you can object to processing of your Personal Data, ask us to restrict processing of your Personal Data or request portability of your Personal Data. Again, you can exercise these rights by emailing us at firstname.lastname@example.org.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We may ask you to verify your identity in order to help us respond efficiently to your request.
9 HOW LONG WE KEEP PERSONAL INFORMATION
9.1 We will not keep any Personal Data about you for any longer than is necessary for the purposes for which the Personal Data are processed.
9.2 As a general rule, we keep your child’s education records until they reach 25 years of age at which point we destroy the file.Ient that your child transfers schools.
9.3 We follow a Personal Data Retention Policy which determines how long we keep specific types of personal information for. For further information about the criteria we use to determine what periods we keep specific information, please contact our Data Protection Officer.
10 USE OF OUR WEBSITE
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
12 CONTACT US