1.2 For the purpose of the General Data Protection Regulation (GDPR) (EU) 2016/679, East Barnet School is the data controller. This policy will apply where we determine the purposes and means of processing personal data from our website visitors.
1.3 Our website incorporates specific opt-in privacy controls which affect how we will process your personal data in relation to marketing communications. You can unsubscribe from any marketing communication at any point.
1.5 Our website incorporates an external online shop where personal details are processed by a third party.
1.6 In this policy, “we”, “us” and “our” refer to East Barnet School.
2. Collected Information
2.1 Data will be collected and processed during the operations of our website. The following are ways we may perform these actions:
2.2 We may process data about your use of our website (“usage data“). The usage data may include: your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your visits. The source of the usage data is Google Analytics. This usage data may be processed for the purposes of analysing the use of the website. We monitor this data to improve our website.
2.3 We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (“notification data“). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent – you may unsubscribe at any time.
2.4 We may process information contained in or relating to any communication that you send to us (“correspondence data” and “enquiry data”). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping.
2.5 We may process account data when accounts are set up (“account data“). The account data and service data may include your name, email address, telephone number, address and name of your child and form group. The source of the account data and service data is provided by you when using our website services. Inactive accounts may be kept for up to 12 months. The account data and service data may be processed for the purposes of operating our website, providing our services, and communicating with you.
2.6 We may process information relating to purchasing transactions, that you enter into with us through our website (“transaction data“). The transaction data may include your contact details. We do not collect or store any card or bank details on our website, as all transactions are processed through a third party, namely ParentPay. The transaction data may be processed for the purpose of supplying the purchased goods and keeping proper records of those transactions. We may keep all data relating to completed purchases for up to 12 months, cancelled orders for up to 60 days, failed and pending orders for up to 30 days.
2.7 We may process information that you post for publication on our website or through our services (“publication data“). The publication data may be processed for the purposes of enabling such publication and administering our website and services.
2.8 If for any reason you communicate with our staff or website, we may collect information.
2.9 In addition to the specific purposes for which we may process your personal data set out in Section 3, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another person.
3. Shared Information
3.1 We may disclose your personal data to third party service providers, namely MailChimp, insofar as reasonably necessary for the purposes of communication, set out in point 2.3.
3.2 We may disclose your personal data to third party service providers, namely Google, insofar as reasonably necessary for the monitoring and improvement of our website, set out in point 2.2.
3.3 Financial transactions performed as a referral from our website may be handled by our payment services providers, namely ParentPay. You can find information about the payment services providers’ privacy policies and practices at https://www.paypal.com/en/webapps/mpp/ua/privacy-full.
3.4 The hosting facilities for our website are situated in the EU, however, we may, in the future, use a hosting provider located outside of the EU. Transfers to any other country will be protected by appropriate safeguards that are expected in the General Data Protection Regulation (GDPR) (EU) 2016/679.
3.4 In addition to the specific shared personal data as outlined above, we may share your data with other third party service providers.
3.6 You acknowledge that personal data that you submit for publication through our website may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
4. Retaining and Deleting Personal Data
4.1 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
4.2 We will retain your personal data as follows:
(a) Mailing Lists will be retained for a continuous period of time, following the date of joining. You have the ability to unsubscribe from any communication via the most recent mailshot (found at the bottom of the email), or by contacting us at any time.
4.3 In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:
(a) the period of retention of contact form information (including, but not limited to: attendance data, Bromcom data, Skooler data, Finance data) will be determined based on the relevance of the information, and how it is processed within the school.
Notwithstanding the other provisions of this Section 6, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
5. Personal Data Storage
5.2 Information we are provided will be stored on secure servers. Transaction data is encrypted for your safety.
5.3 You should understand data via online transmission is not completely secure. We cannot guarantee full protection and security data, only that we take all reasonable action to protect information sent to us electronically. Transmission of any data by you is at your own risk. Where applicable you may be given access to sections of our site that require a password. You are responsible for the passwords safety and confidentiality.
6. Your Rights
6.1 Some of your rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
6.2 Your principal rights under data protection law are:
(a) the right to access;
(b) the right to rectification;
(c) the right to erasure;
(d) the right to restrict processing;
(e) the right to object to processing;
(f) the right to data portability;
(g) the right to complain to a supervisory authority; and
(h) the right to withdraw consent.
7. Information Accessibility
7.1 We cannot withhold data we collect about you, as per The Data Protection Act 1998. This act provides you with access to any information we may hold on you. If you wish to have access about our data collection on you please use the contact details below. This service may incur a fee. The fee covers our costs for processing your request and getting the data to you. Please use the contact details below to formulate your data access request.
8.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
8.2 Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
8.3 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
8.5 Cookies used by our service providers:
8.6 Managing cookies:
(a) Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links: Chrome; Firefox; Opera; Internet Explorer; Safari; and Edge.
(b) Blocking all cookies will have a negative impact upon the usability of many websites.
(c) If you block cookies, you will not be able to use all the features on our website.
9. Third Party Links
10.1 We may update this policy from time to time by publishing a new version on our website.
10.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
10.3 We may notify you of changes to this policy via a notification on our website.
11. Our Details
11.1 This website is owned and operated by East Barnet School.
11.2 We are registered Academy Trust and a charitable company limited by guarantee in England and Wales under registration number 07552702.
11.3 Our principal place of business is at Chestnut Grove, East Barnet, Hertfordshire EN4 8PU.
11.4 You can contact us:
(a) by post, to the postal address given above;
(b) using our website contact form;
(c) by telephone, on 020 8344 2100; or
(d) by email, using email@example.com.
12. Data Protection Officer
14.1 Our data protection officer can be contacted on the details above.