.
1 of 3
Power Up Limited policy on privacy notices for pupils
and parents/carers
Definitions
“GDPR” General Data Protection Regulation
"Personal data" means any information relating to an identified or identifiable
natural person ("data subject")
an identifiable person is one who can be identified, directly or indirectly, in
particular by reference to an identifier such as a name, an identification number,
location data, online identifier or to one or more factors specific to the physical,
physiological, genetic, mental, economic, cultural or social identity of that person
“Processing” means any operation or set of operations performed upon personal
data or sets of personal data, whether or not by automated means, such as
collection, recording, organisation, structuring, storage, adaptation or alteration,
retrieval, consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination, restriction, erasure or
destruction.
Policy Statement
Personal data must be processed lawfully, fairly and in a transparent manner.
It is a requirement of the GDPR that individuals are provided with the
following information when their personal data is collected:
2 of 3
The identity and contact details of the Data Controller and its
representative.
The purposes for which the personal data is being collected.
The legal basis for the processing of the personal data.
Who the personal data may be shared with, if applicable.
Details of any transfer of the personal data to a country outside of the
EEA, which does not have an adequacy decision.
The period for which the personal data will be stored or, where that is
not possible, the criteria used to determine that period.
Individuals must also be informed of the existence of the following rights:
The right to subject access.
The right to rectification and erasure of personal data in certain
circumstances.
Where the processing is based on consent, the right to withdraw that
consent.
The right to lodge a complaint with a supervisory authority.
Whether the data subject is obliged to provide the personal data and the
consequences of failure to provide such data.
Where applicable, the existence of automated decision making as well as
the significance and envisaged consequences of such processing for the
data subject.
Where Power Up intends to process the personal data for a purpose other than
that for which it was originally collected Power Up will, prior to that further
processing, provide the individuals concerned with information on that other
purpose.
3 of 3
If Power Up receives personal data from another Data Controller it will provide
the individuals concerned with the above information within one month of
receipt of the data.
Procedure
Power Up will use a layered privacy notice approach to provide individuals with
the above information. All privacy notices will be concise, transparent, written in
plain language and free of charge.
All forms used to collect personal data will contain basic privacy information and
will refer to a more detailed privacy notice which will be available on the website
or in paper form from the office. Where the legal basis for processing the
personal data will be consent Power Up must follow the agreed guidance.
Privacy statements will be updated whenever any of the information covered by
the statement changes. Privacy statements will be reviewed on an annual basis
to ensure that they are accurate and up to date.