All information provided will be processed in compliance with the Data Protection Act 1998 and the General Data Protection Regulation (GDPR).
Al Furqan St Albans will not disclose any information you provide unless required to do so in accordance with ‘access to information regimes’ (these are primarily the Freedom of Information Act 2000, the Data Protection Act 1998 and the Environmental Information Regulations 2004).
Introduction
Al Furqan St Albans collects and uses personal information about staff, pupils, parents, and other individuals who come into contact with the organisation. This information is gathered to enable the provision of education and other associated functions. Al Furqan St Albans issues a Privacy Notice to all pupils/parents, this summarises the information held on pupils, why it is held and the other organisations to whom it may be passed on to.
Purpose
This policy sets out how Al Furqan St Albans deals with personal information correctly and securely and in accordance with the Data Protection Act 1998, and other related legislation. This policy applies to all personal information however it is collected, used, recorded, and stored and whether it is held on paper or electronically. All staff and governors involved with the collection, use, processing, or disclosure of personal data will be aware of their duties and responsibilities and will adhere to this policy.
Personal Information / Data
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
Sensitive Personal Data
Sensitive personal data includes information as to an individual’s racial or ethnic origin, their political opinions, religious beliefs, or beliefs of a similar nature, whether they are a member of a trade union, their physical or mental health or condition, the commission or alleged commission of an offence and any proceedings for an offence committed or alleged to have been committed by them, the disposal of those proceedings or the sentence of any court in such proceedings.
Data Protection Principles
The Data Protection Act 1998 establishes eight principles that must be adhered to at all times:
- Personal data shall be processed fairly and lawfully;
- Personal data shall be obtained only for one or more specified and lawful purpose;
- Personal data shall be adequate, relevant and not excessive;
- Personal data shall be accurate and where necessary, kept up to date;
- Personal data processed for any purpose shall not be kept for longer than necessary for that purpose or those purposes;
- Personal data shall be processed in accordance with the rights of data subject under the Data Protection Act 1998;
- Personal data shall be kept secure i.e. protected by an appropriate degree of security;
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of data protection.
Who We share Your Personal Information With
- Council teams working to improve outcomes for children and young people
- Commissioned providers of local authority services (such as education services)
- Support organisations providing capacity development support, prevent related organisations and staff
- Local police services ensuring safety for children and the local community
- Charity Commission, local LADO team, safeguarding practitioners.
- Local multi-agency forums which provide advice, support and guidance (such as Local Inclusion Forum Team (LIFT))
We will share personal information with law enforcement or other authorities if required by applicable law.
Commitment
Al Furqan St Albans is committed to maintaining the above principles at all times. Therefore, the institution will:
- Inform individuals why personal information is being collected.
- Inform individuals when their information is shared, why and with whom unless the Data Protection Act provides a reason not to do this.
- Obtain consent before processing Sensitive Personal Data, even if consent is implied within a relevant privacy notice, unless one of the other conditions for processing in the Data Protection Act applies.
- Check the accuracy of the information it holds and review it at regular intervals.
- Ensure that only authorised personnel have access to the personal information whatever medium (paper or electronic) it is stored in.
- Ensure that clear and robust safeguards are in place to ensure personal information is kept securely and to protect personal information from loss, theft, and unauthorised disclosure, irrespective of the format in which it is recorded.
- Ensure that personal information is not retained longer than it is needed.
- Ensure that when information is destroyed that it is done so appropriately and securely.
- Share personal information with others only when it is legally appropriate to do so.
- Comply with the duty to respond to requests for access to personal information, known as Subject Access Requests.
- Ensure that personal information is not transferred outside the organisation.
- Ensure all staff and governors are aware of and understand these policies and procedures.
What Data to Protect
Information that needs to be protected includes ALL personal and sensitive data such as:
- staff, trustees and volunteers’ address on file;
- staff sickness and disclosures records and their bank details;
- contact details of the parents whose children attend the supplementary classes.
Guidance For Our People Who Process Personal Pata
- Be careful when processing personal data. The definition of ‘processing’ is obtaining, using, holding, amending, disclosing, destroying, and deleting personal data. It applies to personal information on paper as well as that kept on computer.
- Follow the principles, code and procedures given in this policy document. When not sure of something, you must ask someone who is more knowledgeable, experienced or senior to you.
- A designated person will conduct late night sweeps to spot laptops being left out overnight and other security breaches such as desk drawers left open, PC screens left on and documents left on desks.
- Al Furqan St Albans stresses to all its people the importance of disposing of sensitive data in the correct way; it should always be put in the confidential waste bag.
- All at Al Furqan St Albans must be aware that we could be given a heavy fine or made to pay compensation if we misuse personal data.
- Breaches of this policy by anyone in our organisation will result in a disciplinary investigation and appropriate action.
Requests For Personal Information
Our employees, volunteers and members have rights to see their personal information. They can make a subject access request to see the personal information we hold about them.
Procedures
- Al Furqan St Albans will appoint a Data Controller who will be responsible for implementing this policy on behalf of Al Furqan St Albans
- We shall tell people what we are doing with their data and who it will be shared with.
- We shall make sure our staff are adequately trained. New employees will receive data protection training to explain how they should store and handle personal information. Refresher training will be provided every year for existing staff.
- All of Al Furqan St Albans people who handle personal data on computers must use strong passwords (that contain upper- and lower-case letters, a number, and a symbol).
- All portable devices such as memory sticks and laptops used to store personal information shall be encrypted.
- Breaches of Al Furqan St Albans shall only keep people’s information for as long as necessary. Al Furqan St Albans shall establish retention periods and set up a process for deleting personal information once it is no longer required.this policy by anyone in our organisation will result in a disciplinary investigation and appropriate action.
- Al Furqan St Albans shall tell the Information Commissioner’s Office (ICO) how our organisation uses personal information. We will renew this notification once a year. If there is any change during the year, we will tell the ICO within 28 days. We shall also tell the ICO and the public who our data controller is.
- Al Furqan St Albans shall respond to a data protection request, if someone asks to see what information we have about them. We will do so as quickly and politely as possible.
- This policy will be reviewed every year to ensure is up to date and complies with the law. If the law changes during the year, we will review it within 28 days.
- Everybody (including committee members/trustees/staff/volunteers) who deals with personal data in our organisation will need to read, understand, and implement this policy. They will be asked to sign the form given in the appendix.
Withdrawal Of Consent And The Right To Lodge A Complaint
Where we are processing your personal data with your consent, you have the right to withdraw that consent. If you change your mind, or you are unhappy with our use of your personal data, please contact: farasat56@hotmail.com
Complaints And Review
Any complaints will be dealt with in accordance with our complaints procedure. This policy will be reviewed as it is deemed appropriate, but no less frequently than every two years. The policy review will be undertaken by the Trustees or nominated representative.
Contact Information
If you have any questions about how your personal information will be processed, please contact us.
.png)
.png)
