DATA PROTECTION REGULATIONS: Privacy Notices

The EU General Data Protection Regulation (GDPR) includes rules on giving privacy information to those whose data is held by an organisation (data subjects). These are more detailed and specific than in the Data Protection Act (DPA) and place an emphasis on making privacy notices understandable and accessible. Data controllers are expected to take ‘appropriate measures’ to ensure that this is the case.

The School interprets this as using very clear language to outline each of the responsibilities for each of the data subject groups.

The GDPR say that the information provided to data subjects about how RGS Worcester (RGSW) processes their personal data must be:

  • concise, transparent, intelligible and easily accessible;

  • written in clear and plain language, particularly if addressed to a child; and free of charge.

These requirements are about ensuring that privacy information is clear and understandable for data subjects. These requirements are about ensuring that privacy information is clear and understandable for data subjects. This privacy notice deals with the overall privacy responsibilities of the school but includes a particular notice that applies to parents (or guardians) of children at RGS or applying to join RGS Worcester. The notice deals with two sources of data, that obtained directly from the subject and, data not obtained directly from the subject.

Mr Ian Roberts OBE
Privacy and Compliance Officer office@rgsw.org.uk

Privacy Notice Parents (or guardians) of children at RGS Worcester, or applying to join RGS Worcester

This Notice should be read in conjunction with the introductory paragraphs above.

This Privacy Notice will be provided to you at the time your data is being obtained, or prior to the introduction of GDPR in the case of current parents, if it is being obtained directly.

Data will be processed for the purposes of responding to requests for information about joining RGSW and RGSW will therefore have a “legitimate interest” for processing basic personal data and sensitive personal data. The data the School holds will be the minimum it requires to form and maintain the contract between you and the School.

The School will share your data with the following companies who have contracts with the School and who have equalled the school’s precautions and systems for dealing with data, these are:

  • Catering contractor

  • Photographers and School year book publishers

  • Healthcare service providers

  • IT contractors

  • IT software providers

  • Ministry of Defence (if the child joins the RGS CCF) 

  • Outdoor education centres

  • Careers advice services

  • The RGSW and AOS Foundation

  • The AOOE’s (The Alumni Association)

It is not necessary for data to be shared with other countries. The exception to this will be international trips that the School organises, should this be envisaged for your child, you will be contacted for your consent, the consent will be limited in time and content if it is required.

The retention period for most pupil data will be until the pupil reaches the age of 25. The School will maintain a permanent record of pupils which attend each RGS School, along with their examination results and notable achievements.

You have the right to withdraw your consent to data processing at any time, however this will only apply to certain groups of data for which you have given particular consent.

You can complain at any time about how RGSW has handled your data, the Information Commissioner is available as follows:

ICO helpline is 0303 123 1113.

We will obtain the data RGSW requires from you, should we need data from other sources we will contact you within a month.

We see the provision of personal data as necessary to properly admit your child to RGSW and to fulfil its obligations under the contract once your child is a pupil here.

There is no automated decision making or profiling involved in this data stream into and through RGSW. May 2018

About cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser, and stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies do not identify people, but rather they are defined themselves by a combination of a computer, a user account, and a browser.

Cookies may be either “persistent” cookies or “session” cookies.  A persistent cookie consists of a text file sent by a web server to a web browser, which will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before the expiry date). A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

How we use cookies

Cookies do not contain any information that personally identifies you.

We may use the information we obtain from your use of our cookies for the following purposes:

1) To recognise your computer when you visit our website;

2) To analyse the use of our website;

In addition, we use Google Analytics to analyse the use of this website.  Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers.  The information generated relating to our website is used to create reports about the use of the website.  Google will store this information.  Google’s privacy policy is available at: http://www.google.com/privacypolicy.html

Blocking cookies

Most browsers allow you to refuse to accept cookies.  For example:

1) In Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector;

2) In Firefox you can block all cookies by clicking “Tools”, “Options”, and un-checking “Accept cookies from sites” in the “Privacy” box.

Blocking all cookies will, however, have a negative impact upon the usability of many websites.