You are in: HGfL eServices » Hertfordshire Grid for Learning - Privacy and Cookie Policy

The Hertfordshire Grid for Learning - Privacy and Cookie Policy

Herts for Learning (HfL) has created this privacy statement in order to demonstrate our firm commitment to privacy. The following discloses our information gathering and dissemination practices for this website: www.thegrid.org.uk (known as ‘the Grid’) including the intranet www.intra.thegrid.org.uk.

This policy is also designed to let you know your rights and what you can do if you have questions about Personal Data.

The Trust is the controller for the purposes of data protection laws.

This document sets out the types of Personal Data (meaning information about an individual from which that individual can be personally identified) we handle, the purposes of handling those Personal Data and any recipients of it.

We evaluate the relevant sites which we provide links to but HfL does not give approval or endorsement of those websites and we are not responsible for their content. As such, links to other websites are not covered by this policy and individuals are advised to check the privacy policies of those other sites for their terms and conditions.

1. Our details

We are: Herts for Learning
Address: Robertson House, Six Hills Way, Stevenage, SG1 2FQ
Information Commissioner's Office Registration Number: ZA154308
Our Data Protection Officer is: Lynette Dexter
and their contact details are: Data Protection Officer, Herts for Learning, Robertson House, Six Hills Way, Stevenage, SG1 2FQ

2. Why we collect Data

We collect and hold personal information relating to our users. We may also receive information from other bodies linked to pupils' education, development and welfare.

We may share Personal Data with other agencies as necessary under our legal duties or otherwise in accordance with our duties/obligations.

The Personal Data we are provided with or collect is provided to us on a voluntary basis. Below are set out the reasons why we collect and process Personal Data, as well as the legal basis on which we carry out this processing:

  • to support pupils’ learning: we will process Personal Data to help every child achieve his or her potential in all areas of learning and to promote excellence in teaching and learning environment.
  • assess the quality of our services: we will process Personal Data so that we may reflect on our own practices to help us improve and provide the highest quality service that we can to all users. 
  • Information to improve our website: we will process information for system administration and to provide statistics which we use for evaluation of the site.

3. Legal Basis for Processing

The lawful basis for us to collect/process this Personal Data is by reason of necessity for the performance of a contract of employment to which the Data Subject is party, or in order to take steps at the request of the Data Subject prior to entering into a contract.

We also process Personal Data where processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject.

We do not process any special categories of Personal Data except where necessary for reasons of substantial public interest in complying with legal obligations including under the Equality Act 2010 or where necessary to protect the vital interests of the Data Subject or of another natural person and where safeguards are in place to ensure that this Personal Data is kept secure.  For the avoidance of doubt where special categories of Personal Data are collected it shall not be used for the purposes of automated decision making and/or profiling.

Special categories of data means Personal Data revealing:

  • racial or ethnic origin;
  • political opinions; religious or philosophical beliefs or trade union membership;
  • genetic or biometric data that uniquely identifies you;
  • data concerning your health, sex life or sexual orientation; or
  • data relating to criminal convictions or offences or related security measures.

Further Personal Data including special categories of Personal Data may be collected and/or processed where consent has been given.  If consent is the only legal basis for processing and has been given then this may be revoked in which case the Personal Data will no longer collected/processed.

4. Cookies

This website uses cookies, which are small text files that are placed on your computer by websites you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. They cannot be used to get information from your computer about you or read any personal material kept by you on your computer.

The cookie is used to make the link between you and the information you have provided to the website. The creation of a cookie on your computer does not give the website any access to other information such as your email address.

The Privacy and Electronic Communications (EC Directive) Regulations 2003 (the Regulations) cover the use of cookies and similar technologies for storing information, and accessing information stored, on a user’s equipment such as their computer or mobile. Amendments to the regulations came into effect on 25 May 2011 The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 make it compulsory for websites to inform users if cookies are being used, and to provide some information on how cookies are used.

Where the Grid links to external/third party websites or other Hertfordshire County Council websites/HCC systems which may set cookies, we have no control over these. Certain of our pages may contain links to Twitter, Facebook and Survey Monkey. These web sites set cookies as part of their processes which we cannot control.

A list of the cookies we use on the site is below:

 

Cookie

Name

Purpose

Expires

Google Analytics

These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

For more information visit: Google Analytics Overview

 

_utma

Identifies unique visitors. Each unique browser that visits a page  on the site is provided with a unique ID via the __utma cookie. In this way, subsequent visits to the website via the same browser are recorded as belonging to the same (unique) visitor.

2 years from set/update

_utmb

This cookie is used to establish and continue a user session with the site. Each time a user visits a different page on the site, this cookie is updated to expire in 30 minutes, thus continuing a single session for as long as user activity continues within 30-minute intervals

30 minutes/On closure of browser

_utmc

Determines whether or not to establish a new session for the user

Expires on exit from browser

_utmv

Determines how to classify the user for custom segmentation reports in Google Analytics.

2 years from set/update

_utmz

When visitors reach the website via a search engine result, a direct link, or an ad that links to your page, Google Analytics stores the type of referral information in this cookie

6 months

Google Custom Search

Google Custom Search Engine functionality has been implemented on this site at the top of each Grid page and stores any cookies for user preferences, including those which may already be set by a user in their Google Account.*

For more information: www.google.com/preferences

* For example, if you have Google + (which is a way to share information publicly, as part of your Google Profile) then using the search will also install the Google + cookies (APISID, HSID, PREF, SAPISID, SID, SSID) which helps you receive customised content from Google and its partners. If you don't want these cookies to be set then you need to log out of your Google account before using the search.

PREF

Remembers any Google preference settings the user has set when using a specific browser on an individual computer such as Safesearch, location, language.

2 years

NID

A unique identifier which stores any user preferences

6 months

 

Advice on how you can control cookies

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit:

To opt out of being tracked by Google Analytics across all websites visit: http://tools.google.com/dlpage/gaoptout

For more information about Google search preferences: http://support.google.com/websearch/bin/answer.py?hl=en&answer=35892

To find out how to delete your Google search history visit: http://support.google.com/websearch/bin/answer.py?hl=en&answer=465

Or to turn off Google search personalisation: http://support.google.com/accounts/bin/answer.py?hl=en&answer=54048

Google's Privacy Policy: www.google.com/intl/en/policies/privacy/

5. Categories of Information we collect

Herts for Learning does not collect or store any personal information about individuals who browse this website other than where you voluntarily choose to give your personal information via email or online forms used to enquire about or apply for a service.

We may collect the following types of Personal Data (please note this list does not include every type of Personal Data and may be updated from time to time):

  • name and contact details;
  • user's IP address and session information (such as the duration of the visit, type of browser being used and broad demographic information);
  • information received in connection with any complaint

6. Who will have access to your Data

Personal Data will be accessible by members of staff and, were necessary, trustees and directors. 
We will not share information about our users with third parties without consent unless we are required to do so by law or our policies. We will disclose Personal Data to third parties:

  • if we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation;
  • in order to enforce any agreements with you;
  • in order to perform contracts with third party suppliers for purposes listed in Section 2. 
  • to protect the rights, property, or safety of HFL, pupils or others.  This includes exchanging information with other organisations for the purposes of child welfare.

This may include our Local Authority, the DfE, the Police and other organisations where necessary.

Certain data collection obligations are placed on us by the DfE.  To find out more about the data collection requirements placed on us by the DfE (for example; via the school census) visit: www.gov.uk/education/data-collection-and-censuses-for-schools.

The above listed third party suppliers will process data on our behalf.  Therefore, we investigate these third party suppliers to ensure their compliance with Relevant Data Protection Laws and specify their obligations in written contracts. We will never share your details directly with another company, except where this is required to fulfil an order for those third party products or services.

7. How the Data will be processed

Personal Data may be processed in a variety of ways; this will include but is not limited to:

  • maintaining written records;
  • identification;
  • sending by e-mail;
  • adding to spreadsheets, word documents or similar for the purposes of assessing Personal Data;
  • for educational software use (this could be for the purposes of helping children learn, discipline, reports and other educational purposes).

The information provided by users via email or online forms will be acted upon according to the content of the communication. For example, responding to enquiries or getting in touch with you when necessary.

8. Where we store data and how we keep data secure

Paper copies of Personal Data are kept securely at HFL; for example, in secure filing cabinets.

Electronic copies of Personal Data are kept securely and information will only be processed where we are satisfied that it is reasonably secure.

All information you provide to us is stored on secure servers.  Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential.  You must not share your password with anyone.

In particular, this site has security measures in place to protect the loss, misuse and alteration of the information under our control. All instances of unauthorised attempted access to our site are logged and investigated. Where necessary, HFL will inform law enforcement agencies or other relevant organisations regarding misconduct.

At HFL we respect the privacy of email accounts and we store your email addresses securely. Your details will not be passed to ANY organisation beyond HFL without your explicit permission.
When giving Personal Data to third parties (for example, software providers) it is possible that this Personal Data could be stored in a location outside of the European Economic Area.  We will take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this privacy policy.  In particular, any transfer of your Personal Data made by us to a location outside of the EEA will be governed by clauses in a written contract in order to keep these secure.

9. Retention periods

We will only retain Personal Data for as long as is necessary to achieve the purposes for which they were originally collected.  As a general rule, Personal Data will be kept in accordance with guidance from the IRMS.  Further information on retention periods can be obtained by contacting us via the details in Section 1 of this Notice.
Once the retention period concludes the data is securely and safely destroyed/ deleted.

10. Your data rights

The General Data Protection Regulation and associated law gives you rights in relation to Personal Data held about you.  These are:

  • Right to be informed: you have the right to be informed about the collection and use of your data. This policy contains information in relation to the collection of your Personal Data, however, if we collect additional data for other purposes, we will inform you about this.
  • Right of Access: if your Personal Data is held by HFL, you are entitled to access your Personal Data (unless an exception applies) by submitting a written request.  We will aim to respond to that request within one month.  If responding to your request will take longer than a month, or we consider that an exception applies, then we will let you know.  You are entitled to access the Personal Data described in Section 11.
  • Right of Rectification: you have the right to require us to rectify any inaccurate Personal Data we hold about you.  You also have the right to have incomplete Personal Data we hold about you completed.  If you have any concerns about the accuracy of Personal Data that we hold then please contact us.
  • Right to Restriction: you have the right to restrict the manner in which we can process Personal Data where:
    • the accuracy of the Personal Data is being contested by you;
    • the processing of your Personal Data is unlawful, but you do not want the relevant Personal Data to be erased; or
    • we no longer need to process your Personal Data for the agreed purposes, but you want to preserve your Personal Data for the establishment, exercise or defence of legal claims.

Where any exercise by you of your right to restriction determines that our processing of particular Personal Data are to be restricted, we will then only process the relevant Personal Data in accordance with your consent and, in addition, for storage purposes and for the purpose of legal claims.

  • Right to Erasure: you have the right to require we erase your Personal Data which we are processing where one of the following grounds applies:
    • the processing is no longer necessary in relation to the purposes for which your Personal Data were collected or otherwise processed;
    • our processing of your Personal Data is based on your consent, you have subsequently withdrawn that consent and there is no other legal ground we can use to process your Personal Data;
    • the Personal Data have been unlawfully processed; and
    • the erasure is required for compliance with a law to which we are subject.
  • Right to Data Portability: you have the right to receive your Personal Data in a format that can be transferred.  We will normally supply Personal Data in the form of e-mails or other mainstream software files.  If you want to receive your Personal Data which you have provided to us in a structured, commonly used and machine-readable format, please contact us via the details in Section 1 of this Notice.
  • Right to object: you have the right to object to the processing of your Personal Data where one of the following grounds apply:
    • the processing is based on legitimate interests or the performance of a task in the public interest;
    • the processing is for direct marketing; or
    • the processing is for the purposes of scientific/ historical research and statistics.

You can find out more about the way these rights work from the website of the Information Commissioner's Office (ICO).

11. Requesting your data

Where we hold Personal Data concerning you, you are entitled to access that Personal Data and the following information (unless an exception applies):

  • a copy of the Personal Data we hold concerning you, provided by HFL;
  • details of why we hold that Personal Data;
  • details of the categories of that Personal Data;
  • details of the envisaged period for which that Personal Data will be stored, if possible;
  • information as to the source of Personal Data where that Personal Data was not collected from you personally.

If you want to receive a copy of the information that we hold, please contact us via the details in Section 1 of this Notice.

12. Making a complaint

If you are unhappy with the way we have dealt with any of your concerns, you can make a complaint to the ICO, the supervisory authority for data protection issues in England and Wales. We would recommend that you complain to us in the first instance, but if you wish to contact the ICO on the details you can do so on the details below. The ICO is a wholly independent regulator established in order to enforce data protection law.
ICO Concerns website: www.ico.org.uk/concerns
ICO Helpline: 0303 123 1113
ICO Email: casework@ico.org.uk
ICO Postal Address: Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

13. Changes to this notice

Any changes we make to this notice in the future will be posted on our website and, where appropriate, notified to you by e-mail.  Please check back frequently to see any updates or changes.

If you have any questions or concerns relating to this policy and data protection please contact us using the address set out in Section 1 of this notice.


This privacy policy was last updated on 9th May 2018

 

© Herts for Learning