Last Updated: 01/04/2018
Thank you for visiting Strathallan School
If you have any questions please do not hesitate to contact us at firstname.lastname@example.org or, if you prefer to call or write to us, then you can find our contact details at the bottom of this page.
WHO WE ARE
Because we are a school located in Scotland the personal information that you give us or that we collect from you will be held under Scottish data protection legislation and, from 25th May 2018, the General Data Protection Regulation. The legislation requires that we tell you that we are a data controller for your personal information or, in other words, we determine the purposes for which and the manner in which any of your personal information are, or are to be, processed by us.
You may be affected by other Strathallan policies and privacy notices which relate to data protection, depending on who you are and whether you visit our premises. Those which directly affect current pupils and their parents or legal guardians, or which affect employees, are published on the relevant Portal, on Firefly or on the school network. They give greater detail than this notice and must be consulted by those to whom they apply.
The following are published internally:
- Staff Data Handling Policy
- IT Acceptable Use Policy for Pupils
- IT Acceptable Use Policy for Employees
- The Parental Contract
- Pupils’ Privacy Notice
- Parents’ Privacy Notice
- Employees’ Privacy Notice
HOW YOU CONSENT TO US COLLECTING YOUR PERSONAL INFORMATION
If you do not click or select the “I Agree” button that appears in the pop-up at the bottom of your screen then we will endeavour to not collect your personal information – this is subject to the caveat below.
Caveat: Even if you do not click or select the “I Agree” button there is still some information that we may automatically collect about you – this is normally technical information sent by your device and used to connect your computer, tablet, or mobile device to the Internet, including your browser type and version, the time when you visit our site, your time zone setting, certain browser plug-in types and versions, operating system and platform. This type of information is sent by you to our site automatically. We only use this information to administer our site including troubleshooting, load testing, traffic throughput, data analysis, performance testing, and for anonymised research and statistics purposes that we only use internally.
We will only hold your personal information as detailed in our Retention Policy.
INFORMATION WE MAY COLLECT ON VISITORS TO THIS SITE
If you consent to us collecting your personal information then we may process the following data about you:
Information you give to us:
You may give us personal information about you by filling in forms on our site or by corresponding with us by phone, e-mail or otherwise. This includes information you may provide to us when you subscribe to our services, search our site, participate in any social media functions on our site, and when you report a problem with our site.
The information you give us may automatically include your IP Address, which would give us the location of your internet connection. It will include any other information which you choose to give us when filling in a form on the site.
Information we collect about you:
When you visit our site we may collect information about you, including which pages you have visited (including date and time) which services and pages you viewed or searched for, page response times, download errors, files downloaded, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from a page and any phone number used to call us.
The purpose of this information is to allow us to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, improving our site to ensure that content is presented in the most effective manner for you and for your computer, and as part of our efforts to keep our site safe and secure.
Information we receive from other sources:
Data collected from our site, StrathConnect (for Sixth Form pupils, alumni, staff and parents), and our Parent and Pupil Portals may be shared internally and combined with data collected on this site. We work with third parties (including, for example, sub-contractors in technical, payment and delivery services, analytics providers, search information providers, and credit reference agencies) and may receive information about you from them.
Caveat: Information you may pass to third-parties outside our control:
In some cases other sites will be registering the fact that you are visiting our site, and the specific pages you are on, even if you don’t click on the button but are already or automatically logged into their services, like Google and Facebook. We recommend that you check the respective policies of each of these sites to see how exactly they use your personal information and to find out how to opt out, or delete, such personal information.
Information for current pupils and their parents or legal guardians.
HOW WE MAY USE YOUR PERSONAL INFORMATION
When you give us your personal information then we may use it to:
- Carry out our obligations from any contracts entered into between you and us and to provide you with information that you request from us.
- Provide you with information about our school.
- Ensure that content from our site is presented in the most effective manner for you and for your computer.
If you provide us with your e-mail, telephone or mobile number then we may contact you by these electronic means (e-mail or SMS). However, we will not use your personal information for marketing purposes without your express consent. If you do not wish to receive any information by electronic means then please get in touch with us.
If you opt-in to receive information about us then, depending on what personal information we hold about you, we may decide to contact you via e-mail, SMS, telephone or post. You may opt-in to receive general school information or we may ask you to opt-in on a case by case basis.
We will do our best to let you know what method or methods of communication we will use. You can always opt-out from receiving communications from us after you have opted-in or you can tell us that you only want to receive communications in a particular manner, or about a particular element of the school. Depending on the type of campaign we might give you the ability to select how you would like to be contacted but this might not always be possible due to technical issues.
If you opt-in to receive communication then we may need to pass your personal information to select third parties who are responsible for facilitating communication with you on our behalf. For example, we may need to pass some of your personal details if you wish to be contacted via SMS because we need to partner with a third party business to provide us with this ability.
The third parties that we use are as follows:
- Company Name MailChimp
Purpose: Send enewsletters and eflyers about news updates and events
Information Passed: First name, last name, email address
- Company Name SurveyMonkey
Purpose: Market research surveys
Information Passed: First name, last name, email address
- Company Name: Blackbaud Raiser’s Edge
Purpose: CRM database
Information Passed: Name, address, contact details, publicly available information and communication preferences
- Company Name: School Sports (SOCS)
Purpose: School fixtures and calendar
Information Passed: Name, team sheets
- Company Name: Printers and mailing houses (various)
Purpose: Postal mailing
Information Passed: Name, address
- Company Name: SagePay
Purpose: Processing of online payments
Information Passed: Name, address, bank details as entered by you at the time
- Company Name: EventBrite
Purpose: Event booking
Information Passed: Form information entered by you
If you have opted-in to receive communications but that organisation is not listed above then this might be because we are using that organisation or service on a one-off basis – in which case, we will let you know. If you are unsure then please get in touch with us.
The purpose of opting into receiving communications from us is to help us better understand you, engage with you, share details about the School, and to assist us in providing the types of communications that you wish to receive from us. We will not knowingly sell your personal information for marketing purposes or pass your personal information to third parties. If you are receiving communications from us in error or you have opted-out then please get in touch with us and we apologise for any inconvenience caused.
DISCLOSURE OF YOUR INFORMATION
We may share your personal information with Freeland Services. The reason for this is that different parts of the School are responsible for different functions within the School and we need to be able to freely pass your personal information within these various units for operational efficiency.
This does not mean that we will use it for advertising or marketing purposes. Unless you opt-in to receive marketing communication we will not contact you unless it is necessary for us to get in touch with you. For example, we may need to get in touch with you if you asked us to provide you with further information about your potential attendance at our school.
Please remember that our Cookies Policy covers matters such as using your personal information for analytics purposes.
In some cases we may disclose information about you with select third-parties:
– We may anonymise and aggregate your information with other users (for example, we may track that 500 men aged under 20 have clicked on a specific page on our site on any given day). We may use such aggregate and anonymised information to help reach a particular target audience or understand who uses our site.
– Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you or providing you with services.
– Debt collection agencies where you have breached a condition of any contract entered between us and you.
– If we or substantially all of our assets are acquired by a third party, in which case personal information held by us about you may be one of the transferred assets.
– If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce any agreements with you, or to protect our rights, property, or safety of our pupils, our employees, or others.
WHERE WE STORE YOUR PERSONAL INFORMATION
The personal information that we collect from you will be stored within the United Kingdom and the European Economic Area. We will not knowingly transfer your personal information outside of the Economic Area. If we do need to transfer your personal information outside of the European Economic Area we will get in touch with us and seek your consent.
All personal information you provide to us is stored on our secure servers. Any online payment transactions will be encrypted using Secure Socket Layer/Transport Layer technology.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
The transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted from our site and any transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to try to prevent unauthorised access. We apply a ‘Privacy by Design’ approach to protecting your personal information in order to promote privacy and data protection compliance from the start.
You have the right to ask us not to process your personal information or to restrict the purposes for which we may process your personal information. However, if you have an account with us on our site and you withdraw your consent then we reserve the right to suspend or terminate your access to certain parts of our site.
You can exercise your right to prevent processing of your personal information by not selecting or clicking on the “I Agree” button when you visit our site or when you login or create an account on our site.
You can also exercise your right at any time by contacting us. If you consented to us collecting and/or processing your personal information but you change your mind then you can get in touch with us about erasing the personal information we hold about you.
Please be aware that, even if we receive a request from you to delete your personal information, it may be that we cannot entirely remove all of your personal information. This is usually because we have a legitimate interest to hold onto some of that personal information, for example, if you have an ongoing contract with us, there are outstanding payments due by you to us, the personal information relates to a third-party such as a pupil who attends our school, or we have a legal obligation to retain some or all of your personal information – but we’ll let you know.
ACCESS TO INFORMATION
The legislation gives you the right to access a copy of the personal information that we hold about you.
In order to request a copy you need to submit a request – details on how to get in touch can be found at the bottom of this page. However, please remember that certain types of data cannot be disclosed to you as part of your request. For example, we cannot disclose information to you which identifies another individual or information that may be subject to legal professional privilege. In many cases we may be required to redact some of the documentation that you receive in order to comply with the legislation.
Additionally, we can’t just release your personal information to anyone. We can only release your personal information to you or an authorised third party who can demonstrate that you consented to have your personal information released – this is a legal requirement. Therefore, it is important for us to ensure that we confirm your identity before we can release any personal information.
If you send us a request to provide you with a copy of your personal information then we may ask you to provide some identification. We may ask you to provide a copy of your current and valid passport and/or driving license plus a utility bill (that is no more than 3 months old) and has your current address. We may also ask you to visit our premises or obtain a solicitors or notary publics’ confirmation of your identification.
All of this might sound very onerous but please understand that we have an obligation to protect your personal information and we need to be certain that it is being released to the right person.
WHAT IF I DO NOT CONSENT OR WITHDRAW CONSENT?
If you do not consent to us collecting your personal information then we cannot guarantee the full functionality of our site and cannot be held responsible or liable to you for any reduction or restriction in access to our site or any of our other services.
Our site may, from time to time, contain links to and from the sites of our partners and affiliates. If you follow a link to any of these sites, please note that these sites have their own privacy and cookie policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these sites.
HOW LONG WILL YOU HOLD ONTO MY PERSONAL INFORMATION?
You can find details on how long we may retain your personal information on our Records Retention Policy.
The Privacy Officer,
Perth PH2 9EG
If you are not satisfied with the way that we have handled any of your requests or queries relating to our use of your personal data then you can contact the Information Commissioner’s Office: this link will take you to their Complaints page. The Information Commissioner’s Office is the statutory body responsible for overseeing data protection legislation and law in the United Kingdom.
 The GDPR states that the age of consent is 16. As at the 28th of January 2018 the draft Data Protection Bill that will be adopted by the UK post-Brexit states that, for Scotland, 12 will be the presumed age of consent (See Section 201 of the Data Protection Bill).