Learning Accord Multi Academy Trust

GOVERNANCE

Under UK data protection, individuals have a right to be informed about how the Learning Accord Multi Academy Trust uses any personal data. The trust complies with this requirement by providing privacy notices to inform individuals about how their personal data will be processed. 

This privacy notice explains how the trust will collect, store and use personal data about trustees and governors.

Who processes your information

Learning Accord Multi Academy Trust (the trust) is the Data Controller of the personal information you provide. This means the trust determines the purpose for which, and the manner in which, any personal data is to be processed.

In some cases, personal data processing will be outsourced to a third party, however this will only be done with your consent, unless the law specifies otherwise.  Where the trust does outsource to a third party the same data protection principles that the trust upholds will apply to the processor/supplier.

Evolution HR Services Ltd is the Data Protection Officer (DPO). Whilst the trust remains overall responsibility for Data Protection, the DPO will oversee and monitor the trusts data protection procedures, ensuring they are compliant with the Data Protection Act 2018. The DPO can be contacted on 07747 611662 or via email at info@evolutionhrservices.co.uk.

The categories of governance information that we process include:

• personal identifiers, contacts and characteristics (such as name, date of birth, contact details and postcode)
• governance details (such as role, start and end dates and governor ID)
• next of kin and emergency contact details;
• personal information such as pen portraits;
• skills audit;
• safeguarding information;
• photographs;
• CCTV;
• data about your use of school’s information and systems.

We may also collect, store and use information about you that falls into sensitive data (special categories). This includes:

• race, ethnicity, religious belief, sexual orientation and political opinions;

Why we collect and use governance information

The purpose of collecting and processing your data helps the trust to do the following:

• establish and maintain effective governance;
• meet our statutory requirements for publishing and sharing Trustees and Governor details;
• enable safer recruitment, as part of our safeguarding responsibilities;
• undertake ethnicity and disability monitoring;
• ensure that appropriate access can be provided to volunteers who require them.

Whilst the majority of personal data collection is mandatory, some of it may be provided to the trust on a voluntary basis. If any information is voluntarily supplied, the trust, to ensure it complies with UK data protection law, will gain your consent. If consent is required, we will provide you with specific and explicit information in regards to how we will collect this data, how the data will be used and how you can withdraw your consent at any time.

Under the UK General Data Protection Regulation (GDPR) 2018, the legal bases we rely on for processing personal information for general purposes are:

• Conditions of UK GDPR Article 6 for the purpose of

1. a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
2. c) processing is necessary for compliance with a legal obligation to which the controller is subject;
3. e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

All maintained school governing bodies, under section 538 of the Education Act 1996 and academy trusts, under the Academies Financial Handbook have a legal duty to provide the governance information as detailed above.

In addition, concerning any special category data:

• conditions of UK GDPR - Article 9 will apply, and the trust will use consent, or a legal obligation as their lawful basis to process.

Collecting governance information

We collect personal information via your application process and through the duties of your governance role.

Governance roles data is essential for the trusts operational use. Whilst the majority of personal information you provide to us is mandatory, some of it may be requested on a voluntary basis. In order to comply with GDPR, we will inform you at the point of collection, whether you are required to provide certain information to us or if you have a choice in this.

Storing governance information

The trust will create and maintain a file for each governor and trustee. The information contained in these files are kept secure and are only used for the purposes directly related to the role of a governor/trustee. Once your term of office has ended, the trust will retain the files and delete all information in accordance with our Data Retention Policy. For example, the trust will shred paper documents and delete/override electronic files. The trust may also use a third-party to securely dispose of records.

For more information on our Data Retention Policy and how we keep your data safe, please speak to your school’s office.

Who and why we share governance information

The trust will not share your personal data with any third party without your consent, unless the law requires us to do so. Where it is legally required or necessary, and it complies with UK data protection law, we may share your data with:

• our local authority;
• The Department of Education;
• educators and examining boards;
• Ofsted;
• suppliers and service providers – e.g. payroll providers;
• financial organisations;
• our auditors;
• security organisations;
• professional advisers and consultants;
• charities and voluntary organisations;
• police forces, courts, tribunals.

All maintained school governing bodies, under section 538 of the Education Act 1996 and academy trusts, under the Academies Financial Handbook have a legal duty to provide the governance information as detailed above.

Requesting access to your personal data

Under data protection legislation, you have the right to request access to information about you that we hold. To make a request for your personal information, contact your Data Protection Officer via your school office.

You also have the right to:

• ask us for access to information about you that we hold
• have your personal data rectified, if it is inaccurate or incomplete
• request the deletion or removal of personal data where there is no compelling reason for its continued processing
• restrict our processing of your personal data (i.e. permitting its storage but no further processing)
• object to direct marketing (including profiling) and processing for the purposes of scientific/historical research and statistics
• not be subject to decisions based purely on automated processing where it produces a legal or similarly significant effect on you

If you have a concern or complaint about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office (ICO) at https://ico.org.uk/concerns/.

For further information on how to request access to personal information held centrally by the DfE, please see the ‘How Government uses your data’ section of this notice.

Withdrawal of consent and the right to lodge a complaint

Where we are processing your personal data with your consent, you have the right to withdraw that consent. If you change your mind, or you are unhappy with our use of your personal data, please let us know by contacting your school office or the Data Protection Officer.

Contact

If you would like to discuss anything in this privacy notice, please contact: Data Protection Officer, email admin@learningaccord.org