Processing managers should collect only the minimum amount of data needed for a given task or reason. We only manage the data with the consent of the (school) processing manager. We use and update data processing security measures and introduce privacy requirements to our employees. We will help fulfill the rights of those involved. “Treatment is necessary for the legitimate interests of the person in charge of the treatment.” The protection of data and respect for the rights of the individuals concerned are the objective of this policy and related procedures. Under the Data Protection Act, processing managers (i.e. schools) must prove compliance, which means that they must assess compliance with all their service providers. All database records are deleted 1 month after a customer`s contract is terminated. You can complain if you asked us to delete, correct and not process data, and we did not accept your request.
All staff, contractors and third parties who control the lockable areas must exercise the necessary diligence to prevent data breaches. Questions about the data we hold in the school do not transfer data to countries outside the EEA. The cloud providers we work with are only treated in the EEA or expressly comply with the regulations. Please share your data protection concerns firstname.lastname@example.org The General Data Protection Regulations (GDPR) and the Data Protection Act 2018 govern our data collection, use and storage. There is the right to complain if you feel that the data was transmitted without consent or legal authority. As an Academy Trust, we will receive the consent of staff, volunteers, youth, parents and facilitators to collect and process their data. Some of our support services may use cloud platforms operated by third countries outside the EEA (z.B ZenDesk and SendGrid). In this case, we will ensure that adequate security measures are taken to protect your data. For more information, please see www.parentpay.com We explain this in the prot notices