Details of all our school's internal policies, including what information we collect about you and your children whilst they are attending Lymington Junior School can be found here. You can jump to our updated GDPR compliance notice here.
Lymington Junior School may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 25th May 2018.
1.0 OUR CORE BELIEFS REGARDING USER PRIVACY AND DATA PROTECTION
- User privacy and data protection are human rights
- We have a duty of care to the people within our data
- Data is a liability, it should only be collected and processed when absolutely necessary
- We loathe spam as much as you do!
- We will never sell, rent or otherwise distribute or purposefully make public your personal information – that’s a promise
2.0 RELEVANT LEGISLATION
Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
- UK Data Protection Act 1988 (DPA)
- EU Data Protection Directive 1995 (DPD)
- EU General Data Protection Regulation 2018 (GDPR)
This site's compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether this site is compliant with your own country of residences' specific data protection and user privacy legislation you should contact our data protection officer (details of whom can be found in section 9.0) for clarification.
3.0 PERSONAL INFORMATION DATA WE COLLECT AND WHY WE COLLECT IT
We only collect personal information data that is relevant to the purpose of our website. This information allows us to provide you with a customised and efficient experience. We collect the following types of information from our users:
3.1 Contacting us via the contact form
When using the contact form on this website your personal information, including your name, email address and other information you choose to put in your message will be collected. This information is necessary for us to respond to your enquiry and assists us with identifying you.
The data you send is sent securely over an SSL connection (see section 5.0 below for more information) using this website’s server smtp protocol. The data is not stored on the website, it is transmitted directly to our in-office email client software.
3.2 Site visitation & tracking
Like most websites, this site uses Google Analytics (GA) to track user interaction. We do this to determine the number of people using our site, to better understand how they find and use our web pages and help us to build a better service.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this.
We consider GA & TL to be a third party data processor (see section 6.0 below).
5.0 SECURING DATA TRANSFER & THIS WEBSITE'S SERVER
The connection your web browser has to our site is secured with an SSL certificate from Let’s Encrypt meaning any data transferred from our server to your browser (or from you to us) is encrypted and secure. The website is hosted by Siteground within a UK data centre located just outside London.
6.0 OUR DATA PROCESSORS
6.1 Personal Data Processors (3rd Party)
We use 1 main third parties to process personal data on our behalf, Google. This third parties has been carefully chosen and complies with the legislation set out in section 2.0. as well as being certified EU-U.S Privacy Shield compliant.
7.0 DATA BREACHES
Any unlawful data breach of this website's database or the database(s) of any of our third party data processors will be reported to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
8.0 CONTROLLING YOUR PERSONAL DATA
8.1 Data Handling
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen. You may request details of personal information which we hold about you, if you would like a copy of the information held on you please contact us. You may also request that we delete or anonymise any data we hold about you, if you would like us to do this, please contact us.
8.2 Data Controller
The data controller of this website is: Lymington Junior School
Whose operating office is:
Lymington Junior School, 15 Avenue Road, Lymington, Hampshire. SO41 9GP
8.3 Data Protection Officer
9.1 Change Log
25th May 2018 - policy instigated
4th June 2018 - updated DPO, inclusion of internal policy links