Document prepared by Elizabeth Hutchinson
Document became operational on 1st September 2019
Next review date 1st September 2021
Requests for information can be emailed to info@GreatSchoolLibraries.org.uk
The Great School Libraries campaign need to gather and use certain information about individuals as both a Controller and Processer of data.
These details can include customers, suppliers, business contacts, and other people the organisation has a relationship with or may need to contact.
This document describes how this data is collected, handled and stored to meet the campaign’s data protection standards and to comply with the law.
The campaign does not share information it holds on individuals with any third parties unless legally obliged to do so or where it has written, prior consent.
What data we may collect
We may collect the following information:
Name and job title
Contact information including email address, and school name.
Demographic information such as postcode, preferences and interests
What we do with the information we gather
We are committed to ensuring that your personal data is processed in accordance with GDPR requirements. We will make our best efforts to always ensure that the personal data we hold about you is up-to-date and only retained as long as is necessary.
We will use this information for the following reasons:
Internal record keeping
We may use the information to improve our campaign
We will periodically send promotional emails information which we think you may find interesting using the email address which you have provided. This will be done in accordance with the Legitimate Interest lawful basis of data processing under GDPR and you will always be given the option to unsubscribe if you do not wish us to contact you anymore
We are committed to ensuring that the information we collect is appropriate for this purpose and does not constitute an invasion of your privacy.
Legitimate Interests – the legal basis for gathering information
The law allows personal data to be legally collected and used if it is necessary for a legitimate business interest of the organisation – as long as its use is fair and balanced and does not unduly impact the rights of the individual concerned.
The processing of data is necessary so that we can provide updates about the campaign.
Who we share the data with
We will not sell, distribute or lease your personal information to any third parties for marketing purposes.
However it may be necessary for us to pass your personal data on to third party service providers, such as freight companies used to make deliveries i.e. competition winners.
Any third parties will be legally obliged to keep your details securely and to dispose of them once they no longer have a lawful basis for retaining them.
Any involved associations will not use any details for any other purpose other than the campaign.
You can block cookies by activating the setting on your browser that allows you to refuse the setting for some or all cookies. However, this may restrict access to some or all parts of our websites and services.
Subject access requests – How do I find out what personal data is held about me?
We can supply the following information if requested:
The type of data we process
How the data was obtained
How the data is processed (stored, retained and disposed of)
The purpose and lawful basis of the processing
Details of any third parties to whom the data has been provided and the reasons for this
Details of how you can correct, withdraw or delete your data from our records
How to contact the Data Protection Officer in case of query or complaint
If you wish to make a subject access request, please make that request in writing to info@GreatSchoolLibraries.org.uk
Right to rectification and data quality. How do I ask for the data to be amended?
If you wish to have the data amended or rectified, please make that request in writing to info@GreatSchoolLibraries.org.uk
Right to erasure, including retention and disposal. How do I ask for my data to be removed?
If you wish to have the data removed, please make that request in writing to info@GreatSchoolLibraries.org.uk
Where requested, data will be disposed of and destroyed in line with the current legislation. Data will be deleted from both live and archived or back-up copies of our systems.
At present all of our servers are located in the UK, either on site or in secure data centres.
How will you identify a breach, what are your breach reporting processes, and in what time frame will you report to us as the controller?
We have robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not we need to notify the relevant supervisory authority and the affected individuals.
Should such a breach ever occur, our priorities will be the securing of our systems to prevent any further data theft or damage. In line with Article 33(2) of the regulations, if necessary, the breach will be reported to the ICO with any information we have gathered at that time, with further updates to this information as we discover it.
If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, we will also inform those individuals without undue delay.
We will also keep a record of any personal data breaches, regardless of whether we are required to notify.
Breaches would normally be reported within 72 hours, where feasible.
If you have any general enquiries regarding data protection, please submit them in writing info@GreatSchoolLibraries.org.uk
September 19 v1