Privacy Policy

Your privacy is extremely important to us. This privacy notice aims to give you information on how we collect and process your personal data and how you can check and update any of your personal data.

For information on our school privacy policies for students, parents and carers or for Folio employees please refer to the appropriate privacy policy on the School or Trust web site.

 

Data Protection

 

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

 

Third-party links

 

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit. Note that we do not share your personal data with other organisations.

 

The data we collect about you

 

We may collect technical data from visitors to our web site.

  • Technical Data may include internet protocol (IP) address, browser type and version, time zone setting, location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Usage Data includes information about how you use our website.

 

Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We do not collect any Special Categories of Personal Data about you.

Automated technologies or interactions

 

As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.  Our web hosting company will store this data on their servers.

How we use your personal data

 

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data so that you


We use the following types of cookie

 

Analytics cookies that anonymously remember your computer or mobile device when you visit our website. They keep track of browsing patterns and build up a profile of how our readers use the website.

Service cookies that help us to: make our website work as efficiently as possible and meter the number of pages you view. Service cookies are also used to administer the website (load balancing).

Third party cookies from Twitter and Facebook may be used to allow our Twitter and Facebook feeds to work.

We have no access to third party cookies and third-party organisations have no access to ours. Other than allowing the third-party cookies to be served, we have no part to play in the use of these cookies. The third-party organisations that place cookies have their own strict privacy policies.  Most browsers allow you to turn off cookies. However, switching off cookies will restrict your use of the website and/or delay or affect the way in which the website operates.

 

Change of purpose

 

We will only use your personal data for the purposes for which we collected it.


Transfer of data outside the European Economic Area (EEA)

 

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.

 

Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.

Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

Your legal rights

 

Under certain circumstances, data protection laws in relation to your personal data allow the right to:

  • Request access to your personal data (commonly known as a "data subject access request").
  • Request correction of the personal data that we hold about you.
  • Request erasure of your personal data.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
  • Request restriction of processing of your personal data.
  • Request the transfer of your personal data to you or to a third party.
  • Withdraw consent at any time where we are relying on consent to process your personal data.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.  We try to respond to all legitimate requests within one month.

 

Lawful Basis

 

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.