Privacy Policy

WHAT IS THIS PRIVACY POLICY?

This Data Privacy Policy describes the categories of personal data Outside Education Ltd process and for what purposes.

Outside Education Ltd are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protections Regulations (GDPR), the regulations set by the European Union and the Data Protection Act 2018 (DPA 2018), the UK law that encompasses the GDPR.

This Privacy Policy applies to students, parents/guardians, volunteers, employees, contractors, suppliers, supporters, donors and members of the public who will make contact with Outside Education Ltd.

WHO WE ARE

Cathy Fieldhouse is the Data Controller and Data Processor for Outside Education Ltd.

From this point on, Outside Education Ltd will be referred to as ‘we’.

THE DATA WE MAY PROCESS

The majority of the personal information we hold is provided to us directly by you or by the parents or legal guardians of students verbally or in paper form, digital form or via our website.

Where a student is under the age of 18, this information will only be obtained from a parent or guardian and cannot be provided by the young person.

We may collect the following personal information:

  • Personal contact details such as name, title, address, telephone numbers and personal email address – so that we can contact you.
  • Date of birth – so that we can ensure young people are allocated to the appropriate activity for their age.
  • Gender – so that we can address individuals correctly and accommodate for any specific needs.
  • Emergency contact information – so that we are able to contact someone in the event of an emergency.
  • Race or ethnic origin – so that we can make suitable arrangements based on students cultural needs.
  • Health records – so that we can make suitable arrangements based on students medical needs.
  • Criminal records checks – to ensure Outside Education is a safe space for young people and adults.

THE LAWFUL BASIS WE PROCESS YOUR DATA BY

We comply with our obligations under the GDPR and DPA 2018 by

  • keeping personal data up to date
  • storing and destroying it securely
  • not collecting or retaining excessive amounts of data
  • protecting personal data from loss, misuse, unauthorised access and disclosure
  • ensuring that appropriate technical measures are in place to protect personal data

In most cases, the lawful basis for processing will be a legitimate interest for personal data of our students. Sensitive (special category) data for our students will mostly align to the lawful basis of legitimate activities of an association.

Explicit consent is requested from parents/guardians to take photographs of our students. On occasion we may use legitimate interest to process photographs where it is not practical to gather and maintain consent, such as large-scale events. On such occasions, we will make it clear this activity will take place and give individuals the opportunity to exercise their data subject rights.

We use personal data for the following purposes:

  • To provide information about events to our members
  • To promote the interests of Outside Educations
  • To maintain our own accounts and records
  • To inform you of news, events, activities and services
  • To contact your next of kin in the event of an emergency

We use personal sensitive (special) data for the following purposes:

  • For the protection of a person’s health and safety whilst in our care
  • To respect a person’s religious beliefs with regards to activities
  • For equal opportunity monitoring and reporting

OUR RETENTION PERIODS

We will keep data for 24 months after you cease taking part in activities with Outside Education as required by Ofsted.

We will only share your data with third parties outside of the organisation where there is a legitimate reason to do so.

We will never sell your personal information to any third party.

Where personal data is shared with third parties, we will seek assurances that your personal data will be kept confidential and that the third party fully complies with GDPR and DPA 2018.

HOW WE STORE YOUR PERSONAL DATA

We generally store personal information in the following way:

  • Cloud
  • Local databases/spreadsheets
  • Printed records and data held while participating in activities (e.g. registration, health and contact records)

FURTHER PROCESSING

If we wish to use your personal data for a new purpose, not covered by this Policy, we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

HOW WE PROVIDE THIS PRIVACY POLICY

A link to this website page is provided to those whose data is held by us. A printed version is also available on request.

YOUR RIGHTS

As a Data Subject, you have the right to object to how we process your personal information. You also have the right to access, correct, sometimes delete and restrict the personal information we use.

Unless subject to an exemption under the GDPR and DPA 2018, you have the following rights with respect to your personal data:

  • The right to be informed – you have the right to know how your data will be used by us.
  • The right to access your personal data – you can ask us to share with you the data we have about you. This is a Data Subject Access Request.
  • The right to rectification – this means you can update your data if it is inaccurate or if something is missing.
  • The right to erasure – you have the right to request that we delete any personal data we have about you.
  • The right to restrict processing – if you think that we are not processing your data in line with this privacy notice then you have the right to restrict any further use of that data until the issue is resolved.
  • The right to data portability – this means that if you ask us we will have to share your data with you in a way that can be read digitally, such as a PDF.
  • The right to object – you can object to the ways your data is being used.
  • Rights in relation to automated decision making and profiling – this protects you in cases where decisions are being made about you based entirely on automated processes, rather than human input. It is highly unlikely that this will be used by us.

Outside Education 2020 – All Rights Reserved