Privacy Policy

Last Updated: 01/04/2018


Thank you for visiting Strathallan School

Your privacy is important to us. This Website Privacy Policy explains what personal information is collected when you visit our site, how it is collected, how we may use that information, where we store it, how long we store it for, and how we protect it. We also explain your rights in relation to your personal information. Please read the following carefully to understand our views and practices regarding your personal information and how we may collect it and treat it.

If you have any questions please do not hesitate to contact us at or, if you prefer to call or write to us, then you can find our contact details at the bottom of this page.



We are Strathallan School. We are registered in Scotland as a charity. Our registered number is SC008903 and our registered office is at Strathallan School, Forgandenny, Perth PH2 9EG. We are also, for commercial purposes including agency agreements, Facilities Lets and Hire and the School Shop, Freeland Services Ltd and our registered office is at the same address. For the purposes of this Website Privacy Policy, we refer to ourselves as “we”.



This Privacy Policy applies to our site,, and any other services that we may provide to you through our site.

In the context of this Privacy Policy “personal information” means information which, on its own or in combination with other information, can be used to identify you, in particular by reference to an identifier such as your name, your address, or location data.

Provided that you consent to us collecting your personal information when you visit our site then this Privacy Policy will govern how we may use that personal information.

Because we are a school located in Scotland the personal information that you give us or that we collect from you will be held under Scottish data protection legislation and, from 25th May 2018, the General Data Protection Regulation. The legislation requires that we tell you that we are a data controller for your personal information or, in other words, we determine the purposes for which and the manner in which any of your personal information are, or are to be, processed by us.



You may be affected by other Strathallan policies and privacy notices which relate to data protection, depending on who you are and whether you visit our premises. Those which directly affect current pupils and their parents or legal guardians, or which affect employees, are published on the relevant Portal, on Firefly or on the school network. They give greater detail than this notice and must be consulted by those to whom they apply.

CCTV Policy


The following are published internally:

  • Staff Data Handling Policy
  • IT Acceptable Use Policy for Pupils
  • IT Acceptable Use Policy for Employees
  • The Parental Contract
  • Pupils’ Privacy Notice
  • Parents’ Privacy Notice
  • Employees’ Privacy Notice



When you visit our site you should see a pop-up at the bottom of your screen directing you to this Privacy Policy and our Cookie Policy.

By clicking or selecting the “I Agree” button that appears in the pop-up then you are demonstrating to us that you are freely giving us informed and specific consent for us to collect and process your personal information for the purposes specified in this Privacy Policy and you are accepting and consenting to the practices described.

If you do not click or select the “I Agree” button that appears in the pop-up at the bottom of your screen then we will endeavour to not collect your personal information – this is subject to the caveat below.

If you do not see a pop-up then you may have already accepted our Privacy Policy and our Cookie Policy. You may also be using a pop-up blocker or similar tools that may prevent this policy from being brought to your attention. Please ensure that any pop-up blockers are disabled when you use our site. We cannot be held liable to you if you use pop-up blocks or similar tools that prevent us from complying with our obligations under the legislation.

Caveat: Even if you do not click or select the “I Agree” button there is still some information that we may automatically collect about you – this is normally technical information sent by your device and used to connect your computer, tablet, or mobile device to the Internet, including your browser type and version, the time when you visit our site, your time zone setting, certain browser plug-in types and versions, operating system and platform. This type of information is sent by you to our site automatically. We only use this information to administer our site including troubleshooting, load testing, traffic throughput, data analysis, performance testing, and for anonymised research and statistics purposes that we only use internally.

We will only hold your personal information as detailed in our Retention Policy.



If you consent to us collecting your personal information then we may process the following data about you:


Information you give to us:

You may give us personal information about you by filling in forms on our site or by corresponding with us by phone, e-mail or otherwise. This includes information you may provide to us when you subscribe to our services, search our site, participate in any social media functions on our site, and when you report a problem with our site.

The information you give us may automatically include your IP Address, which would give us the location of your internet connection. It will include any other information which you choose to give us when filling in a form on the site.


Information we collect about you:

When you visit our site we may collect information about you, including which pages you have visited (including date and time) which services and pages you viewed or searched for, page response times, download errors, files downloaded, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from a page and any phone number used to call us.

The purpose of this information is to allow us to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, improving our site to ensure that content is presented in the most effective manner for you and for your computer, and as part of our efforts to keep our site safe and secure.


Information we receive from other sources:

Data collected from our site, StrathConnect (for Sixth Form pupils, alumni, staff and parents), and our Parent and Pupil Portals may be shared internally and combined with data collected on this site. We work with third parties (including, for example, sub-contractors in technical, payment and delivery services, analytics providers, search information providers, and credit reference agencies) and may receive information about you from them.


Caveat: Information you may pass to third-parties outside our control:

In some cases other sites will be registering the fact that you are visiting our site, and the specific pages you are on, even if you don’t click on the button but are already or automatically logged into their services, like Google and Facebook. We recommend that you check the respective policies of each of these sites to see how exactly they use your personal information and to find out how to opt out, or delete, such personal information.


Information for current pupils and their parents or legal guardians.

If you are a parent of a pupil who attends our school, a member of staff, or a pupil who is 12 years or older and attending our school then this Privacy Policy will apply alongside our additional privacy policies. These other policies will have been brought to your attention separately, however, if you are unsure then please do not hesitate to get in touch with us. They are available to parents on the Parent Portal and to pupils on Firefly.



When you give us your personal information then we may use it to:

  1. Carry out our obligations from any contracts entered into between you and us and to provide you with information that you request from us.
  2. Provide you with information about our school.
  3. Ensure that content from our site is presented in the most effective manner for you and for your computer.


If you provide us with your e-mail, telephone or mobile number then we may contact you by these electronic means (e-mail or SMS). However, we will not use your personal information for marketing purposes without your express consent. If you do not wish to receive any information by electronic means then please get in touch with us.



If you opt-in to receive information about us then, depending on what personal information we hold about you, we may decide to contact you via e-mail, SMS, telephone or post. You may opt-in to receive general school information or we may ask you to opt-in on a case by case basis.

We will do our best to let you know what method or methods of communication we will use. You can always opt-out from receiving communications from us after you have opted-in or you can tell us that you only want to receive communications in a particular manner, or about a particular element of the school. Depending on the type of campaign we might give you the ability to select how you would like to be contacted but this might not always be possible due to technical issues.

If you opt-in to receive communication then we may need to pass your personal information to select third parties who are responsible for facilitating communication with you on our behalf. For example, we may need to pass some of your personal details if you wish to be contacted via SMS because we need to partner with a third party business to provide us with this ability.

The third parties that we use are as follows:

  1. Company Name MailChimp
    Purpose:  Send enewsletters and eflyers about news updates and events
    Information Passed: First name, last name, email address
  2. Company Name SurveyMonkey
    Purpose: Market research surveys
    Information Passed: First name, last name, email address
  3. Company Name: Blackbaud Raiser’s Edge
    Purpose: CRM database
    Information Passed: Name, address, contact details, publicly available information and communication preferences
  4. Company Name: School Sports (SOCS)
    Purpose: School fixtures and calendar
    Information Passed: Name,  team sheets
  5. Company Name: Printers and mailing houses (various)
    Purpose: Postal mailing
    Information Passed: Name, address
  6. Company Name: SagePay
    Purpose: Processing of online payments
    Information Passed: Name, address, bank details as entered by you at the time
  7. Company Name: EventBrite
    Purpose: Event booking
    Information Passed: Form information entered by you

If you have opted-in to receive communications but that organisation is not listed above then this might be because we are using that organisation or service on a one-off basis – in which case, we will let you know. If you are unsure then please get in touch with us.

The purpose of opting into receiving communications from us is to help us better understand you, engage with you, share details about the School, and to assist us in providing the types of communications that you wish to receive from us. We will not knowingly sell your personal information for marketing purposes or pass your personal information to third parties. If you are receiving communications from us in error or you have opted-out then please get in touch with us and we apologise for any inconvenience caused.



We may share your personal information with Freeland Services. The reason for this is that different parts of the School are responsible for different functions within the School and we need to be able to freely pass your personal information within these various units for operational efficiency.

This does not mean that we will use it for advertising or marketing purposes. Unless you opt-in to receive marketing communication we will not contact you unless it is necessary for us to get in touch with you. For example, we may need to get in touch with you if you asked us to provide you with further information about your potential attendance at our school.

Please remember that our Cookies Policy covers matters such as using your personal information for analytics purposes.

In some cases we may disclose information about you with select third-parties:

– We may anonymise and aggregate your information with other users (for example, we may track that 500 men aged under 20 have clicked on a specific page on our site on any given day). We may use such aggregate and anonymised information to help reach a particular target audience or understand who uses our site.

– Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you or providing you with services.

– Debt collection agencies where you have breached a condition of any contract entered between us and you.

– If we or substantially all of our assets are acquired by a third party, in which case personal information held by us about you may be one of the transferred assets.

– If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce any agreements with you, or to protect our rights, property, or safety of our pupils, our employees, or others.




The personal information that we collect from you will be stored within the United Kingdom and the European Economic Area. We will not knowingly transfer your personal information outside of the Economic Area. If we do need to transfer your personal information outside of the European Economic Area we will get in touch with us and seek your consent.

All personal information you provide to us is stored on our secure servers. Any online payment transactions will be encrypted using Secure Socket Layer/Transport Layer technology.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

The transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted from our site and any transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to try to prevent unauthorised access. We apply a ‘Privacy by Design’ approach to protecting your personal information in order to promote privacy and data protection compliance from the start.



You have the right to ask us not to process your personal information or to restrict the purposes for which we may process your personal information. However, if you have an account with us on our site and you withdraw your consent then we reserve the right to suspend or terminate your access to certain parts of our site.

You can exercise your right to prevent processing of your personal information by not selecting or clicking on the “I Agree” button when you visit our site or when you login or create an account on our site.

You can also exercise your right at any time by contacting us. If you consented to us collecting and/or processing your personal information but you change your mind then you can get in touch with us about erasing the personal information we hold about you.

Please be aware that, even if we receive a request from you to delete your personal information, it may be that we cannot entirely remove all of your personal information. This is usually because we have a legitimate interest to hold onto some of that personal information, for example, if you have an ongoing contract with us, there are outstanding payments due by you to us, the personal information relates to a third-party such as a pupil who attends our school, or we have a legal obligation to retain some or all of your personal information – but we’ll let you know.



The legislation gives you the right to access a copy of the personal information that we hold about you.

In order to request a copy you need to submit a request – details on how to get in touch can be found at the bottom of this page. However, please remember that certain types of data cannot be disclosed to you as part of your request. For example, we cannot disclose information to you which identifies another individual or information that may be subject to legal professional privilege. In many cases we may be required to redact some of the documentation that you receive in order to comply with the legislation.

Additionally, we can’t just release your personal information to anyone. We can only release your personal information to you or an authorised third party who can demonstrate that you consented to have your personal information released – this is a legal requirement. Therefore, it is important for us to ensure that we confirm your identity before we can release any personal information.

If you send us a request to provide you with a copy of your personal information then we may ask you to provide some identification. We may ask you to provide a copy of your current and valid passport and/or driving license plus a utility bill (that is no more than 3 months old) and has your current address. We may also ask you to visit our premises or obtain a solicitors or notary publics’ confirmation of your identification.

All of this might sound very onerous but please understand that we have an obligation to protect your personal information and we need to be certain that it is being released to the right person.



If you do not consent to us collecting your personal information then we cannot guarantee the full functionality of our site and cannot be held responsible or liable to you for any reduction or restriction in access to our site or any of our other services.

Our site may, from time to time, contain links to and from the sites of our partners and affiliates. If you follow a link to any of these sites, please note that these sites have their own privacy and cookie policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these sites.



Depending on how you engage with us it may be necessary for us to store your personal information for shorter or longer periods of time. Either way, we will only store your personal information for a legitimate and lawful reason. Please remember that this Privacy Policy only applies to how we may collect, store, use, and retain your personal information when you visit our site. If you are a parent of a pupil or you are a pupil who is 12[1] years or older and attend our school then you will be bound by the terms of additional policies that specifically relate to how we may use your personal information.

You can find details on how long we may retain your personal information on our Records Retention Policy.



We may need to change this Privacy Policy if it is necessary for legal reasons or to reflect changes to our site and services. In any case, the provisions of this Privacy Policy may be changed without prejudice to your rights. When we change our Privacy Policy we will make the updated Privacy Policy available on our site and we will also update the “Last Updated” date.

Once we change our Privacy Policy, it will become legally binding on you 30 days after we post it on our site. During that period you’re welcome to contact us if you have questions about the changes.

If you do not agree with our changes to the Privacy Policy (regardless of whether you get in touch with us) we may need to restrict or limit your use of the parts of our site that require your personal information in order for us to deliver our services to you. We encourage you to get in touch with us if you have queries.



This Privacy Policy does not provide exhaustive detail of all aspects of our collection and use of your personal information. However, we are happy to provide additional information or explanation needed.

If you have any questions, comments or requests regarding our Privacy Policy then please get in touch with us by contacting:

The Privacy Officer,
Strathallan School,
Perth PH2 9EG
01738 815813



If you are not satisfied with the way that we have handled any of your requests or queries relating to our use of your personal data then you can contact the Information Commissioner’s Office: this link will take you to their Complaints page. The Information Commissioner’s Office is the statutory body responsible for overseeing data protection legislation and law in the United Kingdom.


[1] The GDPR states that the age of consent is 16. As at the 28th of January 2018 the draft Data Protection Bill that will be adopted by the UK post-Brexit states that, for Scotland, 12 will be the presumed age of consent (See Section 201 of the Data Protection Bill).