Four Oaks Primary School (‘We’, ‘Our’ or ‘Us’) are committed to safeguarding your privacy as a user of Our:
- website: http://fouroaksprimary.bham.sch.uk
collectively, the ‘Services’.
We process and control your personal data and for the purposes of the Data Protection Act 1998 (the ‘Act’) and the General Data Protection Regulations (2016/679) (‘GDPR’) We are a
- 'Data Controller’: meaning We determines the purpose and method of processing your personal data; and
- ‘Data Processor’: meaning We collect, record, organise, structure, store, use and otherwise deal with your personal data.
Personal data we may collect about you
Below We set out:
- the general categories of personal data We collect and process;
- the purposes for which We collect and process that personal data; and
the legal basis for processing that personal data.
- ‘Account Data’ - This is information you provide to Us when registering for Our Services. Account Data includes your name, email address and location of home address (GPS). Account Data is processed for the purposes of setting up, providing access to and operating your account. The basis for processing this information is our legitimate interest in the proper administration of our Services.
- ‘Communication Data’ - This is information contained in or relating to any communication that you send to Us. Communication Data may be processed for the purposes of communicating with you and recording Our communications with you. The basis for processing is Our legitimate interest in the proper administration of Our Services and communications with its users.
- ‘Content Data’ - This is any information, text, images, video, audio or other multimedia content, or other information or material that you submit or otherwise distribute while using our Services. This is processed for the purposes of enabling you to use our Services and enhancing your user experience. The basis for processing this information is our legitimate interest in enabling you to; and enhancing your use of, our Services.
- ‘Enquiry Data’ - This is the information you provide to Us by contacting Us in relation to Our Services. Enquiry Data may be processed for the purposes of offering relevant services to you. The basis for this processing is Our legitimate interest in the proper administration of Our Services and communications with its users.
- ‘Profile Data’ - This is the information you may provide through your user profile. This includes your name, profile picture, children, interests and location. Profile Data may be processed for the purposes of enabling and monitoring your use of Our Services. The basis for this processing is your consent.
- ‘Usage Data’ - This may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the Usage Data is Our analytics tracking system. This Usage Data may be processed for the purposes of analysing the use of the Services. The basis for this processing is Our legitimate interest in monitoring and improving Our Services.
Special categories of personal data (Sensitive personal data)
We may receive sensitive personal data from you when you volunteer it while using our Services. Sensitive personal data includes information relating to:
- your racial or ethnic origin;
- your religious or philosophical beliefs;
- your political opinions;
- your membership of a trade union;
- your physical or mental health or condition;
- your genetics or biometrics; and
- your sexual life or orientation.
We will only process any such sensitive personal data with your consent.
Processing personal data out of a necessity and/or legal obligation
We may process any of your personal data where it is:
- necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or otherwise. The basis for this processing is Our legitimate interest in the protection of; and being able to assert, Our legal rights, your legal rights and the legal rights of others; and/or
- necessary for compliance with a legal obligation to which We are subject, or in order to protect your vital interests or the vital interests of another natural person.
Personal data provided by third parties
Occasionally We may receive personal data about you from third parties, which We will add to the data We already hold about you in order to help Us deliver and improve Our service to you. Where appropriate and proportionate, We will advise of the source and type of that data. Your rights in relation to that personal data are also as set out below.
Who your data might be shared with
We may disclose your personal data:
- to other companies within Our group (including any subsidiaries) insofar as is reasonably necessary for the purposes set out in this policy;
- subject to your consent, to Our agents and service providers, insofar as is reasonably necessary in providing Our services to you. This includes:
- Social media providers - to the extent that Our services interact with theirs;
- Our platform host - Google Firebase
- to protect your vital interests or those of another where We have a legitimate concern about your or their safety; and
- to law enforcement agencies in connection with any investigation to help prevent unlawful activity or otherwise in compliance with a legal obligation to which We are subject.
We may use your email address to send marketing communications by email, including:
- advertisements and offers; and
- new developments or changes to the Services.
You will be asked to expressly agree in advance to Our use of your personal information for marketing purposes.
You may opt out or instruct Us at any time not to process your personal information for marketing purposes.
Keeping your data secure
We will use technical and organisational measures to safeguard your personal data, for example:
- access to your account is controlled by a password and user name that are unique to you;
- We store your personal data on secure servers;
While We will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason We cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact Us using Our contact details below.
International transfers of your personal data
Where we transfer personal data outside of the EEA, we will ensure that:
- the European Commission has made an adequacy decision regarding the data protection laws of that country; or
- transfers to that country will be protected by appropriate safeguards, such as an data protection agreement obliging the recipient to provide the same or similar protections that We do;
and that they only use your personal data in accordance with Our instructions.
The hosting facilities for Our Services are situated in Ireland.
Retaining and deleting personal data
The personal data that We process will not be kept for longer than is necessary for the processing purpose.
We will retain your personal data for the duration of the period that your account is open. At the end of that period it will be deleted from Our systems.
In some instances, your personal data may be retained for a longer period. This includes:
- where necessary for Us to defend or bring any actual or contemplated legal proceedings;
We may retain your personal data up to 6 years where such retention is necessary for compliance with a legal obligation to which We are subject.
- recognise you whenever you visit the Services (this speeds up your access to the Services as you do not have to log in each time);
- obtain information about your preferences, online movements and use of the internet;
- carry out research and statistical analysis to help improve our content and to help us better understand your requirements and interests;
- target our marketing and advertising campaigns more effectively by providing interest-based advertisements that are personalised to your interests; and
- make your online experience more efficient and enjoyable.
If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of our Services. For further information about cookies and how to disable them please go to the Information Commissioner’s webpage on cookies:
You should check this policy occasionally to ensure you are aware of the most recent version that will apply each time you access Our Services.
We may also notify you of changes to this policy by email or through messages displayed on your profile and/or Our Services.
You have the following rights in respect of the personal data We hold about you:
Right of access
You have the right to request a copy of the personal data which We hold about you. You may also request details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data.
Right to rectification
You have the right to have any inaccurate personal data about you rectified and to have any incomplete personal data about you completed.
Right to erasure
In certain circumstances, you have the right to request that We delete personal data held about you, free of charge and without undue delay.
Those circumstances include:
- where personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw consent to consent-based processing;
- the processing is for direct marketing purposes; and/or
- the personal data have been unlawfully processed.
Right to restrict processing of your personal data
You have the right to ask Us not to process your personal data where:
- the accuracy of the personal data is contested;
- processing is unlawful and you do not wish for the personal data to be erased; and
- We no longer need the personal data for the purposes of Our processing, but where you require the data for the establishment, exercise or defence of legal claims.
Right to object to processing of your personal data
You have the right to object to Our processing your personal data:
- on grounds related to your particular situation. We will stop processing your personal data unless We have a legitimate ground for processing which overrides your interests or rights;
- where processing is for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.
Right to data portability
Where the legal basis for Our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from Us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
Right to withdraw consent
Where the legal basis for Our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
Right to complain
If you consider that Our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection.
Exercising rights in relation to your personal data
You can exercise your rights at any time in by contacting Us using the contact details below.
Following a request by you, We may request account information and/or proof of your identity and address in order to help Us identify you (for example, a copy of your driving licence or passport and a recent utility or credit card bill).
Where you request a copy of the personal data which We hold, the first copy will be provided free of charge, however We may charge a small administration fee for additional requests.
Our details and how to contact us
Please see above for out contact details.