School User Privacy Policy

SIPS Education Ltd is committed to protecting your personal information and being transparent about what information we hold about you. We take our responsibilities very seriously and we continuously strive to be fully compliant with General Data Protection Legislation (GDPR), which came into force on 25th May 2018. This privacy notice is intended for you as our customer, to give you a clear explanation about your rights, how we keep personal information safe, the legal basis we rely on to use information and the purposes for which we use the information we collect from you and relevant third parties. The personal data we hold The personal data we may collect, store, use and share about you includes, but is not restricted to: • Full name and title • Date of Birth • Home address • Email address • Mobile Telephone Number • Teacher Reference Number • Name of School/Academy • Details of support provided as part of a contract • Details of termly reports

The lawful basis for obtaining and using personal data SIPS Education Ltd requires data in order to fulfil its contractual obligations with customers. We will only process personal data where we have one of 6 “lawful bases” to do so under the General Data Protection Regulations: • To fulfil a contract with you, or where you have asked SIPS Education to take specific steps before entering into a contract, • For the legitimate interests of SIPS Education, provided the individuals’ rights and freedoms are not impacted upon. • Where you have freely given consent • To comply with a legal obligation • To help to safeguard your vital interests • To perform a task in the public interest

Where the processing of data is necessary to comply with a statutory obligation such as NQT registration etc, or that forms part of a contract as SIPS Education as a third party ie, HR support services, the processing of such data is consistent with the processing of other types of personal data.

How we use this data

We use this data to: • Comply with contractual/regulatory obligations • Keep you updated with SIPS Education activities that are relevant to you, if you have given consent for us to do so. • Assess the quality of our services, courses and programmes through evaluations

As part of our communication strategy, you will only receive marketing communication from us if you have ‘opted in’ to receive them, meaning that you have stated that you are happy for us to share such communications with you. IT systems are used to monitor the effectiveness of our electronic communications with you. The data from this monitoring is generally used as a business database to inform profiling and business development. Data sharing We do not share personal information with any third party (unless otherwise stated in this privacy notice) without consent, unless the law requires us to do so. Where it is legally required, or necessary (and complies with data protection law) we may share personal data with: • The relevant Local Authority – to meet our legal obligations to share certain information with it, such as safeguarding concerns and NQT statutory requirements • Partners undertaking joint activities (TRA) • Suppliers and service providers – to enable them to provide the services we have contracted them for NQT Manager • Professional advisers and consultants • Professional bodies

Security of your personal data

We have appropriate safeguards in place (both in terms of our procedures and the technology we use) to keep your personal information as confidential and as secure as possible. We will: • protect data against accidental loss • prevent unauthorised access, use, destruction or disclosure • ensure business continuity and disaster recovery • restrict access to personal information • train staff and contractors on data security • manage third party risks, through use of contracts and security reviews Your data will only be accessible to authorised staff. We will ensure, as far as reasonably possible, that any third parties we use for processing your personal information will do the same.
Information will be stored only for as long as it is needed or required by statute and will be disposed of appropriately. We undertake to report any personal data breaches in accordance with the General Data Protection Regulation requirements. Your Rights as a Data Subject

Under the Regulation, Data Subjects have 8 rights, as listed below. SIPS Education will ensure procedures are in place to be able to respond in a timely manner to any request from a Data Subject to exercise one of their rights. The 8 rights are:

• Right to be informed • Right of access • Right to rectification • Right to erasure • Right to restrict processing • Right to data portability • Right to object • Rights in relation to automated decision making and profiling

Subject Access Requests

If you wish to see copies of the information held on you by SIPS Education, you may submit a Subject Access Request. Such requests must be made in writing and marked for the attention of the Data Protection Officer.

SIPS Education is registered as a Data Controller with the Information Commissioner. The Director for Health, Safety and Facilities, Laura Hadley is the Data Protection Officer for the Company. The Deputy Data Protection Officer for the Company is Business Development Manager, Amanda Moore. You have a right to complain to the Information Commissioner’s Office about the way in which we process your personal data. Please see

Changes to this privacy notice

This privacy notice may be updated from time to time. We encourage you to check this privacy notice from time to time to ensure you understand how your data will be used and to see any minor updates. If material changes are made to the privacy notice, for example, how we would like to use your personal data, we will provide a more prominent notice (for example, email notification or correspondence of privacy notice changes).