Privacy Notice
Who We Are
Clarendon International Education Limited is a company registered in England and Wales under the Companies Act (Company Number 03001991). Its Registered Company address is Narrow Quay House, Narrow Quay, Bristol BS1 4QA. Its office postal address is Suite 1a, Innovation House, Oxford Business Park, John Smith Drive, Oxford OX4 2JY.
The Controller of any personal data is Clarendon International Education and the Data Protection Officer (DPO) is Maria Gladysheva. Her contact details are as follows: telephone – 01865 989 697; email – maria@clarendon.uk.com.
Clarendon International Education acts ‘in loco parentis’ as the educational guardian of international pupils in UK boarding schools, and of young students in UK universities and colleges, in addition to offering a consultancy and advisory service to international parents.
In the following paragraphs, Clarendon International Education Limited is abbreviated to ‘Clarendon’ or referred to as ‘the company’.
The Reason For This Privacy Notice
The intention of this Privacy Notice is to provide you with more detailed information than the Privacy Policy about how Clarendon will use (or “process”) personal data about individuals, including its staff; its Clarendon families*, its current, past and prospective pupils, and their parents (or, if applicable, their legal guardians or carers). This information is provided because Data Protection law gives individuals rights to understand how their data is used.
Parents, older pupils and university/college students are all encouraged to read both the Privacy Policy and Privacy Notice and understand Clarendon’s obligations to its entire community. Anyone who works for, or acts on behalf of, Clarendon (including staff, Clarendon families, volunteers and service providers) should also be aware of and comply with this Privacy Notice, which applies alongside other relevant Clarendon policies, guidelines and advisory notes.
[*Clarendon families are selected by Clarendon, after a rigorous checking procedure, to care for international pupils in our guardianship care during half-term holidays and exeat weekends, if they are not returning home.]
Responsibility For Data Protection
Clarendon’s DPO will deal with all your requests and enquiries concerning the Company’s uses of your personal data (see section on Your Rights below) and endeavour to ensure that all personal data is processed in compliance with the policy and Data Protection law. She may be contacted at maria@clarendon.uk.com, or at the Oxford address above.
Why Clarendon Needs To Process Personal Data
In order to carry out its ordinary day-to-day duties to staff, pupils and parents, Clarendon needs to refer to and to make use of (that is, to process) a wide range of personal data about individuals (including current, past and prospective staff, pupils or parents). The company will need to carry out some of this activity in order to fulfil its legal rights, duties or obligations to its staff, parents and their children. Other uses of personal data will be made in accordance with the company’s legitimate interests, or the legitimate interests of another, provided that these are not outweighed by the impact on individuals, and provided it does not involve special or sensitive types of data.
The following uses may fall within the category of the company’s legitimate interests:
- For the purposes of pupil acceptance into guardianship, and confirmation of the identity of prospective pupils and their parents;
- To safeguard pupils’ welfare and provide appropriate pastoral care;
- To enable relevant authorities to assist with incidents as appropriate;
- To provide educational advice and services, such as monitoring pupils’ progress and educational needs, and also making arrangements for additional or holiday tuition and school placement;
- To give and receive information and references about past, current and prospective pupils, including information relating to outstanding fees or payment history, to/from any guardianship organisation who may have cared for the child previously, or any educational institution that the pupil attended or where it is proposed they attend;
- To provide references to potential employers of former pupils, volunteers, Clarendon families or staff;
- To monitor (as appropriate) use of the company’s IT and communications systems in accordance with ICT acceptable use guidelines;
- To make use of photographic images of pupils in Clarendon publications, on the Clarendon website and (where appropriate) on the company’s social media channels in accordance with its guidelines on taking, storing and using images of children;
- To refer in a Clarendon newsletter to the results of public examinations or other achievements of pupils in guardianship care;
- To carry out or cooperate with any relevant complaints, disciplinary or investigation process;
- Where reasonably necessary for the company’s purposes, including, for example, to obtain appropriate professional advice and for the company;
- For the purposes of management planning and forecasting, research and statistical analysis, including that imposed or provided for by law, such as tax.
In addition, the company may occasionally have reason to process special category personal data (concerning health, ethnicity, religion, biometrics or sexual life) or criminal records information (such as when carrying out DBS checks) in accordance with rights or duties imposed on it by law, including safeguarding and employment matters, or from time to time by explicit consent where required. These reasons will include:
- To safeguard pupils’ welfare and provide appropriate pastoral (and where necessary, medical) care, and to take appropriate action in the event of an emergency, incident or accident, including by disclosing details of an individual’s medical condition or other information where it is in the individual’s interests to do so: for example, for medical advice, for social protection, safeguarding and cooperation with police or social services, or for insurance purposes.
- To give guidance to Clarendon families, parents of children’s friends who have invited them to stay, caterers or organisers of school trips who need to know of dietary or medical needs;
- To arrange educational or medical services in relation to a pupil’s special educational or medical needs;
- To help with the provision of spiritual education, if required, in the context of any religious beliefs;
- In connection with employment of its staff, for example DBS checks, welfare, union membership or pension plans;
- As part of any Clarendon or external complaints, disciplinary or investigation process that involves such data, for example if there are special educational needs (SEN), health or safeguarding elements; or
- For legal and regulatory purposes (for example, child protection) and to comply with its legal obligations and duties of care.
Types Of Personal Data Processed By Clarendon
Examples of this may include:
- Names, addresses, telephone numbers, e-mail addresses and other contact details;
- Car details (for example, if using our office car park, or driving children);
- Bank details and other financial information, e.g. about parents and other people such as agents who pay fees to the company or a school, or request Clarendon to make payments;
- Past, present and prospective pupils’ academic, disciplinary, admissions and attendance records (including information about any special needs), and examination scripts and marks;
- Personnel files, including in connection with academic, safeguarding or employment matters;
- Where appropriate, information about individuals’ health and welfare, and contact details for their next of kin;
- References given or received by Clarendon about pupils, and relevant information provided by previous educational establishments and/or other professionals or organisations working with pupils;
- Correspondence with and concerning staff, school staff, pupils, and parents past and present; and
- Images of pupils (and occasionally other individuals) engaging in school or Clarendon family activities.
How Clarendon Collects Data
Generally, the company receives personal data from the individual directly or, in the case of pupils, from parents. This may be via a form, or simply in the ordinary course of interaction or communication (such as email or written assessments). However, in some cases, personal data will be supplied by third parties (for example, an agent, a child’s school or other professionals or authorities working with that individual), or collected from publicly available resources.
Who Has Access To Personal Data And With Whom Clarendon Shares It
Occasionally, the company will need to share personal information relating to its community with third parties, such as professional advisers (lawyers, insurers, PR advisers and accountants), government authorities (e.g. HMRC, DfE, Police or Local Authority), and other appropriate regulatory authorities.
For the most part, personal data collected by the company will remain within the company, and will be processed by appropriate individuals only in accordance with a ‘need to know’ basis. Particularly strict rules of access would apply in the context of medical information and pastoral or safeguarding files. Clarendon staff, families, pupils and parents are reminded that the company is under duties imposed by law and statutory guidance (including Keeping Children Safe in Education) to record or report incidents and concerns that arise or are reported to it, in some cases regardless of whether they are proven, if they meet a certain threshold of seriousness in their nature or regularity. This is likely to include file notes on personnel or safeguarding files, and in some cases referrals to relevant authorities such as the Local Authority Designated Officer or the Police. Finally, in accordance with Data Protection law, some of the company’s processing activity is carried out on its behalf by third parties, such as ICT systems, web developers or cloud storage providers. This is always subject to contractual assurances that personal data will be kept securely and only in accordance with the company’s specific directions.
How Long Personal Data Will Be Kept
The company will retain personal data securely and only in line with how long it is necessary to keep for legitimate and lawful reasons. If you wish to request that personal data that you no longer believe to be relevant is considered for erasure, please contact Clarendon’s DPO. However, please bear in mind that the company may have lawful and necessary reasons to retain some personal data, even following such request. A limited and reasonable amount of information will be kept for archiving purposes, for example; and even where a request is made that we no longer keep in touch with you, we will need to keep a record of the fact in order to fulfil your wishes.
Rights Of Access
Individuals have various rights under Data Protection law to access and understand personal data about them held by the company, and in some cases ask for it to be erased or amended or have it transferred to others, or for the company to stop processing it – but subject to certain exemptions and limitations. Any individual wishing to access or amend their personal data, or wishing it to be transferred to another person or organisation, should put their request in writing to the company’s DPO. The company will endeavour to respond to any such written requests as soon as is reasonably practicable and, in any event, within statutory time-limits, (which is one month in the case of requests for access to information). There may be requests that cannot be fulfilled. You should be aware the right of access is limited to your own personal data, and certain data is exempt from the right of access. This will include information which identifies other individuals (and parents need to be aware this may include their own children, in certain limited situations), or information which is subject to legal privilege (for example, legal advice given to or sought by the company, or documents prepared in connection with a legal action).
The company is also not required to share any confidential reference received, nor any confidential reference given by the company itself, for the purposes of the education, training or employment of any individual. We will sometimes have compelling reasons to refuse specific requests to amend or stop processing personal details; for example a legal requirement, or where it falls within a legitimate interest identified in this Privacy Notice. All such requests will be considered on their own merits.
From time to time, parents may receive educational and pastoral updates about their children from Clarendon. Where parents are separated, we shall in most cases aim to provide the same information to each person with parental responsibility, but may need to consider all the circumstances, including any initial instructions and the express wishes of the child. All information requests from, on behalf of, or concerning, pupils will therefore be considered on a case-by-case basis.
Where the company is relying on consent as a means to process personal data, any person may withdraw this consent at any time (subject to similar age considerations as above). Please be aware, however, that the company may not be relying on consent but have another lawful reason to process the personal data in question even without your consent. That reason will usually have been covered under this Privacy Notice or may otherwise exist under some form of contract or agreement with the individual.
The rights under Data Protection law belong to the individual to whom the data relates. However, the company will often rely on parental authority or notice for the necessary ways it processes personal data relating to pupils – for example, under the parents’ agreement, or consent forms or requests. Parents and their children should be aware that this is not necessarily the same as the company relying strictly on individual consent. However, it may in some cases be necessary or more appropriate – given the nature of the processing in question, and the pupil’s age and understanding, to seek the pupil’s individual consent. Parents should be aware that in such situations they may not be consulted, depending on the interests of the child, the parents’ rights at law or under their agreement/contract, and all the circumstances. In general, the company will assume that pupils’ consent is not required for ordinary disclosure of their personal data to their parents, e.g. for the purposes of keeping parents informed about the pupil’s activities, progress and behaviour, and in the interests of the pupil’s welfare. However, where a pupil seeks to raise concerns confidentially with a member of Clarendon staff or a Clarendon family and expressly withholds their agreement to their concerns or personal data being disclosed to their parents, Clarendon may be under an obligation to maintain confidentiality unless, in our opinion, there is a good reason to do otherwise; for example, where we believe disclosure will be in the best interests of the pupil or other pupils, or if required by law.
Children and young people are required at all times to respect the personal data and privacy of others. Clarendon staff are under professional duties to do the same, and Clarendon families are given appropriate guidelines and advice.
Data Accuracy And Security
The company will endeavour to ensure that all personal data held in relation to an individual is as up to date and accurate as possible. Individuals must, please, notify the DPO by email of any changes to information held about them. An individual has the right to request that any inaccurate or out-of-date information about them is erased or corrected (subject to certain exemptions and limitations under the Act): please see above. The company will take appropriate technical and organisational steps to ensure the security of personal data about individuals, including guidelines around use of technology and devices. Staff will be made aware of these guidelines and their duties under Data Protection law, and receive relevant training.
Queries And Complaints
Any comments or queries on these guidelines should be directed to the company’s DPO. If an individual believes that the company has not complied with the guidelines or acted otherwise than in accordance with Data Protection law, they should utilise the company’s complaints / grievance procedure and should also notify the DPO. A referral can also be made to, or a complaint lodged with, the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with the company before involving the regulator.
May 2018