Heathside School is part of the Dukes Education Group.
Summary of how we use your personal data
Heathside uses your personal data:
• where we need to perform the contract which we are about to enter into, or have entered into, with you;
• where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
• where we need to comply with legal obligations;
• where we have your consent.
Personal data is shared with other companies in the Dukes Education Group and on occasion with third parties, such as:
• companies that assist us in performing our services; • our insurance providers; • companies carrying out background checks (where relevant and necessary).
• Where we rely on your consent, such as for marketing purposes, you can withdraw this consent at any time.
What does this policy cover?
It also describes your data protection rights, including a right to object to some of the processing which a member of the Dukes Education Group carries out. More information about your rights, and how to exercise them, is set out in the “What rights do I have?” section.
What information do we collect?
We collect and process personal data about you when you interact with us and our websites, and when you purchase resources and/or services from us.
• your name, your child’s name, username and password;
• your / your child’s gender;
• your age/date of birth and / or your child’s age/date of birth together with any relevant medical information required for us to perform a service (only where necessary);
• your home address, email address and phone number;
• your payment and delivery details, including billing address and credit card details, where you make purchases from us (where relevant);
• your marketing preferences, including any consents you have given us;
• communications that you may send to us;
• related to the browser or device you use to access our website.
How do we use this information, and what is the legal basis for this use?
We process this personal data for the following purposes:
• To fulfil a contract, or take steps linked to a contract: this is relevant where you purchase resources or services from us. This includes:
• verifying your identity;
• taking payments;
• communicating with you;
• providing customer services and arranging the delivery or other provision of resources or services.
As required to conduct our business and pursue our legitimate interests, in particular:
• we will use your information to provide details of resources and services you have enquired about or resources or services you have requested, and respond to any comments or complaints you may send us;
• we monitor use of our websites and online services, and use your information to help us monitor, improve and protect our resources, content, services and websites, both online and offline;
• we use information you provide to personalise our website, resources or services for you;
• where relevant, if you provide a credit or debit card as payment, we also use third parties to check the validity of the sort code, account number and card number you submit in order to prevent fraud (see data sharing below);
• we monitor customer accounts to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law;
• we use information you provide to investigate any complaints received from you or from others, about our website or our resources or services;
• we will use personal data in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation), for example we may need to share personal data with the Department of Education or an inspection authority to comply with our regulatory obligations;
• we use personal data of some individuals to invite them to take part in market research.
• Where you give us consent:
• we will send you direct marketing in relation to our relevant resources and services, or other resources and services provided by us.;
• we place cookies and use similar technologies in accordance with our cookies policy (see below paragraph Cookies and how we use them) and the information provided to you when those technologies are used;
• on other occasions where we ask you for consent, we will use the personal data for the purpose which we explain at that time.
For purposes which are required by law:
• where we need parental consent to provide online services to children under 13. However, most of our websites are not designed for children under 16;
• in response to requests by government or law enforcement authorities conducting an investigation.
Relying on our legitimate interests
We have carried out balancing tests for all the data processing we carry out on the basis of our legitimate interests, which we have described above. You can obtain information on any of our balancing tests by contacting us using the details set out later in this notice.
Withdrawing consent or otherwise objecting to direct marketing
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your personal data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, updating your preferences in any account or by contacting us using the details set out below.
Who will we share this personal data with, where and when?
We will share your personal data within the Dukes Education Group for reporting, safeguarding, quality control and potential referral basis (for example, to our consultancy division in respect of university applications).
Personal data will also be shared with other organisations, such as insurers and organisations which conduct background checks, where necessary.
Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.
Personal data will also be shared with third party service providers, who will process it on behalf of a Controller for the purposes identified above. In particular, we use third party providers of website hosting, maintenance and identity checking.
In the event that the business is sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.
Cookies and how we use them
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
What rights do I have?
You have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this personal data with another controller.
In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the personal data to meet a contractual or other legal requirement, or where we are using the personal data for direct marketing).
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in both the GDPR and in the Data Protection Act 2018. We will inform you of relevant exemptions we rely upon when responding to any request you make.
To exercise any of these rights, or to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch with us via our Data Protection Champion using the details set out below. If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred. This likely to be the Information Commissioner’s Office in the UK.
How long will you retain my personal data?
We only retain your personal data for as long as is required by law, or for as long as necessary for the purposes for which we process your personal data. Please refer to our Data Retention Policy available from the college for further information.
How do I get in touch with you?
We hope that we can satisfy queries you may have about the way we process your personal data. If you have any concerns about how we process your personal data, or would like to opt out of direct marketing, you can get in touch with our Data Protection Champion at Heathside School, 84-86 West Heath Road, London NW3 7UJ or by email: firstname.lastname@example.org
Which Controller entity is my data controller, and which affiliates might my personal data be shared with?
The Controller for your information is the entity with which you have a relationship, or which manages the website you have visited.
A full list of Controllers in the current Dukes Education Group is set out below:
Dukes Education Holdings Limited; DEG Investments Ltd; Dukes Education Finance Ltd; DEG Bidco Ltd; Dukes Education Dukes Education Group Ltd; CSFC Ltd; RIC Trading Ltd; Fine Arts College Ltd; Heathside School Ltd; Sussex Summer Schools Ltd; Summer Boarding Courses Ltd; Dukes Education Ltd; Dukes Guardians Ltd; Dukes Schools Ltd; Minerva Education Holdco Ltd; Minerva Education Finance Ltd; Eaton Square Schools Limited; Eaton Square Kensington Limited; Sancton Wood School Ltd; The Hannay-Rowe Education Company Ltd; Knightsbridge School Limited; Miss Daisy’s Schools Ltd; Little Owls School Limited.