General Data Protection Regulations 2018

In accordance with the GPDR Statement.

GDPR stands for General Data Protection Regulation and replaces the previous Data Protection. It was approved by the EU Parliament in 2016 and comes into effect on 25th May 2018. GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individuals data is not processed without their knowledge and are only processed with their ‘explicit’ consent. GDPR covers personal data relating to individuals. Annette Adams School is committed to protecting the rights and freedoms of individuals with respect to the processing of children's, parents, visitors and staff personal data. The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.

What we do at PDS Elite Academy:

  • We do not disclose or sell personal data to third parties.

  • We do not disclose personal data to other members of the school and their families.

  • The school uses contact numbers and emails for newsletters, updates, whole school and individual communication, invoices and general information.

  • Emergency Parent contact numbers are given to teachers termly for the sole use of emergency contact only.

  • Paper registration forms are stored in a secured filing cabinet at the school's office.

  • Hard copy information is destroyed via secure information shredding service.

Information about individual children is used in certain documents, such as, a weekly register, medication forms and examination documentations. These documents include data such as children's names, date of birth and emergency contact numbers. These records are shredded after the relevant retention period.

The PDS Elite Academy collects a large amount of personal data every year including; names and addresses of those on the waiting list. These records are shredded if the child does not attend or added to the child’s file and stored appropriately.

The PDS Elite Academy stores personal data held visually in photographs or video clips or as sound recordings. No names are stored with images in photo albums, displays, on the website or on the PDS Elite Academy social media sites.

Access to School Email account, Website, personal Data, Social Media Accounts, Newsletters and Examination Details is password protected and is not available to members of the Public, members of the School and or it's staff.

The Principal and School manager has sole access to all this data and the administration team has access to School Email account only for welcoming new members only. 

When a member of staff leaves The School these passwords are changed in line with this policy and our Safeguarding policy. Any portable data storage used to store personal data, e.g. USB memory stick, are password protected and/or stored in a locked filing cabinet.

GDPR includes 7 rights for individuals

1) The right to be informed

The PDS Elite Academy is registered with UKA and IDTA and as so, is required to collect and manage certain data. The School collects parent’s and or guardian's names, addresses, emergency telephone numbers and email addresses. We also collect children’s’ full names, addresses, date of birth along with any SEN requirements and are stored via a paper registration forms are stored in a secured filing cabinet at the School's office.

This is in respect of our Health and Safety and Safeguarding Policies.

As an Employer of Self Employed practitioners, The PDS Elite Academy is required to hold data on its Teachers such as names, addresses, email addresses, telephone numbers and bank details. Information such as Disclosure and Barring Service checks (DBS), personal Public Liability insurance, First Aid Certificate's, Membership details and any qualification's. This information stored via paper forms are stored in a secured filing cabinet at the School's office.

2) The right of access

At any point an individual can make a request relating to their data and The PDS Elite Academy will need to provide a response (within 1 month). The PDS Elite Academy can refuse a request, if we have a lawful obligation to retain data but we will inform the individual of the reasons for the rejection. 

3) The right to erasure

You have the right to request the deletion of your data where there is no compelling reason for its continued use. However The PDS Elite Academy has a legal duty to keep student and parents details for a reasonable time*. The PDS Elite Academy retain ant records relating to student's accident and injury records for 19 years (or until the child reaches 21 years), and 22 years (or until the child reaches 24 years) for Child Protection records. Self Employed Teaching records will be erased when the member of leaves their position. All hard copy information is destroyed via secure information shredding service.

* The PDS Elite Academy holds personal data while the student is registered at the School. The School requires a written notice to leave the School to put into cation the erasure of your data. If records of this is not found, The School will continue to use your data for School purposes only.

4) The right to restrict processing

Parents, visitors and staff can object to The PDS Elite Academy processing their data. This means that records can be stored but must not be used in any way, for example School Newsletters, General Emails about School news and updates text service. In this situation, The School has no obligation to refund any classes missed or cancelled due to 'lack of communication'. It will be the parents responsibility to ensure they are informed about the Termly event's happening at the School.

5) The right to data portability

The PDS Elite Academy requires data, for example registration forms to be transferred from student, to teacher, to School Principal. The School also requires to provide data such as student DOB and exam pin number's to be able to enter students in UKA and DTA Exams. In this case recipients use secure file transfer systems and have their own policies and procedures in place in relation to GDPR.

6) The right to object

Parents, visitors and staff can object to their data being used for certain activities like marketing or research.

 

7) The right not to be subject to automated decision-making including profiling.

Automated decisions and profiling are used for marketing based organisations. The Annette Adams School does not use personal data for such purposes.

 

Website data

What personal data we collect on our website and why we collect it?

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the gravatar service to see if you are using it.

 

The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

 

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

 

Contact forms Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

 

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

 

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

 

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics Who we share your data with How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

 

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

 

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.

You can also request that we erase any personal data we hold about you.

This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Additional information

How we protect your data

What data breach procedures we have in place

What third parties we receive data from

What automated decision making and/or profiling we do with user data Industry regulatory disclosure requirements