This notice explains how the Edinburgh Hellenic School of St Andrew (Edinburgh Greek School), complies with the General Data Protection Regulation (GDPR), which is in effect from May 2018. It describes what type of data we collect, how the data are used by the school and for what purposes. Providers of the information are informed of their rights to access the data and to complain to the ICO if they believe their data is misused.
CATEGORIES OF PERSONAL DATA WE COLLECT AND STORE
We collect and store the following types of data from parents, children, teachers and volunteers at the Edinburgh Greek School:
- personal information- e.g. name, surname, date of birth, gender;
- contact details- e.g. phone numbers, e-mails, home address;
- other – e.g. Scottish school, significant medical information that may influence learning process, bank account information;
- professional qualifications- e.g. degree titles, professional certificates and accreditation information;
- PVG information – e.g. criminal record checks.
WHY WE COLLECT AND KEEP THESE DATA
- Legitimate purposes. e.g. for managing the educational and learning process of the children, organise learning activities, manage invoices and payments for school fees, providing information and updates on matters relevant to the Greek School’s interests and activities.
- Contractual purposes – e.g. for managing learning and teaching staff and extracurricular activities.
- Legal purposes – e.g. comply with health and safety information, PVG disclosures, safeguarding purposes, report tax information and other financial arrangements with third parties (HM Revenue and Customs), possible investigations by police and other competent authorities.
WHO WE MAY SHARE YOUR PERSONAL DATA WITH
Personal information collected and processed by the Edinburgh Greek School may be shared with the following recipients if and when necessary:
- learning and Teaching Staff and other people offering services to the School on a volunteering basis;
- with external organisations responsible for recognised examination-based;
- qualifications such as EDEXEL or GCSE or with Cyprus Education mission to manage compliance with educational aims and outcomes, or with employers or other formal organisations or individuals who may require a reference note;
- any other competent authorities if required to (e.g. police).
No data is processed or used for profiling. It is not sold or rented out or shared with other bodies or organisations for processing or profiling.
HOW WE PROTECT YOUR PERSONAL DATA
The data for children are entered into an electronic database, which is then stored in password protected computers and are accessible only by selected members of the Edinburgh Greek School Board. Data on paper are stored in locked cabinets located in a locked room.
HOW LONG DO WE STORE YOUR PERSONAL DATA FOR
The Edinburgh Greek School may retain your data for as long as is necessary to fulfil the reasonable purposes set out in this privacy note. When there is no anticipated need to retain personal data any more, these data will be destroyed.
YOUR RIGHTS UNDER GDPR
- to request and obtain the personal data we hold for you
- to request corrections of personal data if these change or are incorrect
- to ask us to erase all or part of personal data we hold for you
You can also find more information about your rights and GDPR at: www.ico.org.uk