Terms of Use
No part of this website may be copied or reproduced without express written consent of the School Consulting Ltd (SCL).
Privacy Notice
Your privacy is important to SCL. As a Data Controller, this Privacy Notice covers what we collect and how we use, disclose, transfer and store your information under the General Data Protection Regulations (GDPR) 2018.
1. School Consulting Ltd
If there are any questions regarding this Privacy Policy you can contact DPO@schoolconsulting.co.uk
2. What information do we collect?
You may visit our site anonymously although cookies may be used by the web host company. If you choose to contact us, your data will be used to contact you with further information requested, and your information may be held for record keeping purposes, though you can ask us to delete it if you do not use our services, or after terminating our services.
3. What do we use your information for?
Any of the information we collect from you may be used for one or more of the following purposes:
a. To answer your enquiry
b. To contact you regarding our services
c. To establish a primary channel of communication with you
d. To identify you as a contracting party;
e. To enable SCL to issue valid invoices and to process transactions (your information will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the service requested);
f. To send periodic e-mails (The e-mail address you provide for order processing may be used to send you information and updates pertaining to your order, in addition to receiving occasional company news (if accepted), updates, related product or service information, etc). You can request that your details are deleted at any time and, with the exception of financial records, this will be carried out immediately.
g. SCL carries out Social Media Checks on staff using information provided by your school directly. You are required to inform your staff about this requirement (KCSIE 2018), during the recruitment process. Social Media Check information is requested in individual sets, never in bulk, so as to minimise the likelihood of a significant data breach (ie name, photo, previous workplace/education, sent in separate correspondence to SCL). SCL will not forward or reply this information, only send a certificate containing a name.
4. Legal basis
4.1 EU General Data Protection Regulation (GDPR) The processing of your data is either based on your consent or in case the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract. Under Article 6 and Article 9 of GDPR, where the lawful bases do not allow us to collect essential personal information, we will use consent (6,a) where the data subject has given consent to the processing of his or her personal data for one or more specific purposes. If you are requesting a Social Media Check on one of your prospective members of staff, or current members of staff, this information will only be kept until the search is completed, and after the search, only a copy of the certificate containing the full name will be kept within the company. All other information will be deleted. SCL acts as a Data Processor for this information, and it is the responsibility of the school as the Data Controller to request permission or to inform the candidate of the Social Media Check prior to requesting the check from SLC and providing the information for the check.
If the processing is based on your own consent, you may at any time withdraw your consent by contacting us using the contact information in clause 1.
In order to enquire about any SCL service, you must provide us some data. If you do not to provide us with all the required information, it may not be possible to respond to your enquiry.
4.2 Children SCL is in compliance with the requirements of GDPR 2018. We will not intentionally collect any information from anyone under 13 years of age. Our website and services are directed at people who are at least 13 years old or older.
5. How do we protect your information?
SCL does not store any personal identifiable information about you online or using cloud storage unless those organisations comply with GDPR. Google (calendar & contacts) and Microsoft being two such examples.
5.1 Confidentiality All data is protected by password access and MFA where possible. We do request or keep financial information such as your bank account details.
5.2 Transparency SCL will keep you informed about changes to the processes to protect data privacy and security, including practices and policies. You may at any time request information on where and how data is stored, secured and used.
5.3 Personal Data breach notification In the event that your data is compromised and reaches the reporting threshold, SCL will notify the ICO with basic details within 72 hours of breach discovery, and thereafter again, with information about the extent of the breach, affected data, any impact on the Service and our action plan for measures to secure the data and limit any possible detrimental effect on the data subjects. We will also inform the data subjects as necessary and in accordance with the GDPR.
"Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of the service.
6. How we use cookies
The Web Host for this website uses cookies but they are not used to identify you personally.
6.1 Measuring Website Usage
Analytics is in use to collect information about how visitors use this site. This provides us with important information that can enable the site to work better. We do not link this information to your name or address.
7. Do we disclose any information to outside parties?
SCL does not sell, trade or otherwise transfer to outside parties any personally identifiable information.
This does not include trusted third parties or subcontractors who assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential.
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property, or safety.
7.1 Legally required disclosure SCL will not disclose the customer’s data except when instructed by the data subject directly, or where it is required by law, and will only release specific data mandated by the relevant legal demand.
8. Third party services
There is no intention to provide services by third parties. If this situation changes, you will be informed.
9. Where do we store the information?
Data will be stored with GDPR compliant third parties where required, and backed up at the registered company address on encrypted devices.
9.1. Personal data location Data is stored centrally at the UK business address held by Companies House for SCL. Data is backed up at the same address, with Google (documents, calendar & contacts) https://www.google.com/policies/privacy/ and Microsoft 365 https://privacy.microsoft.com/en-gb/privacystatement
10. Access, data portability, migration, and transfer back assistance
You may at any time obtain confirmation from SCL as to whether or not personal data concerning you is being processed.
You may at any time request a redacted data copy, which you may transmit to another controller of the data. Your data will normally be delivered within 30 days in an electronic format. Under GDPR, ordinarily there will be no charge for this information. You may be required to provide ID so that we can identify you.
11. Request for rectification, restriction or erasure of the personal data
11.1. Rectification You may at any time obtain without undue delay rectification of inaccurate personal data concerning you.
11.2 Erasure You may without undue delay request the erasure of personal data concerning you, and SCL shall erase the personal data without undue delay when one of the following applies:
a. if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b. if you withdraw your consent on which the processing is based, and where there is no other legal ground for the processing;
c. if you object to the processing in case the processing is for direct marketing purposes;
d. if the personal data have been unlawfully processed; or
e. if the personal data have to be erased for compliance with a legal obligation.
12. Data retention
12.1. Data retention policy Invoice data will, due to HMRC regulations, be retained for up to seven years from the last date of delivery of a service.
Other data will be removed two years after termination of services, unless otherwise informed, or it is required to be kept for longer for legal reasons.
12.2. Data retention for compliance with legal requirements You cannot require SCL to change any of the default retention periods, except for the reasons linked to compliance with specific laws and regulations.
13. Your consent
By using our website and/or services, you consent to this Privacy Notice.
14. Changes to our Privacy Policy
If we decide to change our Privacy Policy, we will post those changes on this page, and update the Privacy Policy modification date below.
This Privacy Policy was last modified on 7 June 2023.
15. Complaint
You can contact the Data Protection Officer with enquiries at DPO@schoolconsulting.co.uk. You may at any time lodge a complaint with a supervisory authority regarding SCL's collection and processing of your personal data with The Information Commissioner's Office https://ico.org.uk/concerns/
Copyright © 2023 School Consulting Ltd - All Rights Reserved.
Powered by GoDaddy Website Builder