This privacy notice has been written to inform Members, Trustees, Governors and
volunteers at the Areté Learning Trust about how and why we process your personal
data.
Who are we?
The Areté Learning Trust is a data controller as defined by the UK GDPR. This
means that we determine the purposes for which your personal data is processed
and the manner of the processing. We will only collect and use your personal data
in ways that are compliant with data protection legislation.
The school has appointed Veritau Ltd as its Data Protection Officer (DPO). The role
of the DPO is to monitor our compliance with the UK GDPR and the Data Protection
Act 2018 and advise on data protection issues. If you would like to discuss this
privacy notice or our use of your data, please contact Veritau or
Veritau’s contact details are:
Schools Data Protection Officer
Veritau
West Offices
Station Rise
York
North Yorkshire
YO1 6GA
schoolsDPO@veritau.co.uk // 01904 554025
Please ensure you include the name of your school in all correspondence.
What personal information do we collect?
The personal data we collect about you includes:
• Personal identifiers, including your name, address and contact details.
• Information relating to your particular role, i.e. if you are a parent governor, community governor etc.
• Information about the history of your appointment.
• Your business and/or financial interests, where applicable.
• Relevant criminal history data, including your DBS check, where applicable.
• Photographs or video images of you, including CCTV footage.
• Relevant skills, expertise and qualifications.
• References you have provided.
• Records of communications and interactions we have with you.
• Information about any health condition or disability you may disclose.
• E-monitoring information about your use of the school’s network and IT
systems.
Why do we collect your personal information?
We process your information for the purposes outlined below:
• To establish and maintain effective governance.
• To meet our safeguarding obligation to pupils and the school workforce.
• To meet statutory obligations for publishing and sharing member, trustee and governor details.
• To meet our health and safety obligations.
• To monitor and manage skills, training and personal development.
• To make any reasonable adjustments you may need in relation to a health condition or disability.
• To promote the school, including in newsletters, on the school website and social media platforms.
What is our lawful basis for processing your information?
Under the UK GDPR, it is essential to have a lawful basis when processing personal information. We normally rely on the following lawful bases:
• Article 6(1)(c) – legal obligation
• Article 6(1)(e) – public task There may be occasions where our processing is not covered by one of the legal bases above. In that case, we may rely on Article 6(1)(f) – legitimate interests. We only rely on legitimate interests when we are using your data in ways you would reasonably expect. For the processing of personal data relating to criminal convictions and offences, processing meets Schedule 1, Part 2 of the Data Protection Act 2018 as below:
• (10) Preventing or detecting unlawful acts
Some of the information we collect about you is classed as special category data under the UK GDPR. The additional conditions that allow for processing this data are:
• Article 9(2)(g) – reasons of substantial public interest
The applicable substantial public interest conditions in Schedule 1 of the Data Protection Act 2018 are:
• Condition 6 – statutory and government purposes
• Condition 10 – preventing or detecting unlawful acts
• Condition 18 – safeguarding of children and vulnerable people
Who do we obtain your information from?
We normally receive this information directly from you, for example via documents and other records and information supplied by you in the course of your application for the role or a period of volunteering. However, we may also receive some information from the following third parties:
• Disclosure and Barring Service (DBS).
• Local Authority.
• Referees you have provided.
Who do we share your personal data with?
We may share your information with the following organisations:
• Department for Education (DfE).
• Disclosure and Barring Service (DBS).
• Local Authority.
• Any relevant funding authority.
• Our IT application providers, where relevant to your role.
• Berry Education (Clerking Provider)
We may also share information with other third parties where there is a lawful basis to do so. For example, we sometimes share information with the police for the purposes of crime detection or prevention.
How long do we keep your personal data for?
We will retain your information in accordance with our Records Management Policy. The retention period for most of the information we process about you is determined by statutory obligations. Any personal information which we are not required by law to retain will only be kept for as long as is reasonably necessary to fulfil its purpose. We may also retain some information for historical and archiving purposes in accordance with our Records Management policy.
International transfers of data
Although we are based in the UK, some of the digital information we hold may be
stored on computer servers located outside the UK. Some of the IT applications we
use may also transfer data outside the UK.
Normally your information will not be transferred outside the European Economic
Area, which is deemed to have adequate data protection standards by the UK
government. In the event that your information is transferred outside the EEA, we
will take reasonable steps to ensure your data is protected and appropriate
safeguards are in place.
What rights do you have over your data?
Under the UK GDPR, individuals have the following rights in relation to the
processing of their personal data:
• to be informed about how we process your personal data. This notice fulfils
this obligation.
• to request a copy of the personal data we hold about you.
• to request that your personal data is amended if inaccurate or incomplete.
• to request that your personal data is erased where there is no compelling
reason for its continued processing.
• to request that the processing of your personal data is restricted.
• to object to your personal data being processed.
If you have any concerns about the way we have handled your personal data or
would like any further information, then please contact our DPO using the details
provided above.
If we cannot resolve your concerns then you may also complain to the Information
Commissioner’s Office, which is the UK’s data protection regulator. Their contact
details are below:
Phone: 0303 123 1113 or via their live chat. Opening hours are Monday to Friday
between 9am and 5pm (excluding bank holidays). You can also report, enquire,
register and raise complaints with the ICO using their web form on Contact us | ICO.
Changes to this notice
We reserve the right to change this privacy notice at any time. We will normally
notify you of changes that affect you. However, please check regularly to ensure you
have the latest version.
This privacy notice was last reviewed May 2023