Title Image

Introduction

Fettes Centre for Language and Culture (“FCLC”) is a subsidiary company of Fettes Enterprises Ltd with registration number SC311652. FCLC is a Data Controller for the purposes of Data Protection Law (the Data Protection Act 2018, the General Protection Regulation (EU) 2016/679 and any legislation that, in respect of the United Kingdom, replaces, or enacts into United Kingdom domestic law, the General Data Protection Union (EU) 2016/679, the proposed Regulation on Privacy and Electronic Communications or any other law relating to data protection), which means it determines how an individual’s personal data is processed and for what purposes.

Our purpose

Fettes Centre for Language and Culture aims to provided its students with the maximum opportunity to learn, develop and practice English whilst in a fun, motivating and safe environment.

Fettes Centre for Language and Culture is based within Fettes College, an independent boarding and day school. Some of the additional policies mentioned in this document relate to policies managed by Fettes College due to the nature of both organisations operating within the same grounds

About this Notice

This Notice is intended to provide information about how FCLC will use (or “process”) personal data about individuals including: its personnel, its current, past and prospective clients, guests, students and their parents.

This information is provided in accordance with the rights of individuals under Data Protection Law to understand how their data is used. FCLC’s personnel, clients, and guests are all encouraged to read his Privacy Notice and understand FCLC’s obligations to its entire community.

This Privacy Notice also applies in addition to FCLC’s other relevant notices and policies, including:

  • any contract between the FCLC and its clients;
  • FCLC’s policy on taking, storing and using images;
  • FCLC’s policy on the use of CCTV (managed by Fettes College);
  • FCLC’s retention of records policy;
  • FCLC’s Safeguarding and pastoral policies;
  • FCLC’s Health and Safety policy, including how concerns or incidents are recorded;
  • FCLC’s IT policies, including its Acceptable Use policy and Online Safety policy (managed by Fettes College)

Whose data we collect

We collect data for individuals who fall into one or more of the categories listed below. This list is not exhaustive and represents the current, former and prospective stages of each category in the list:

  • Students
  • Parents
  • Clients
  • Staff
  • Suppliers and contractors
  • Guests

Purposes for processing personal data

In order to carry out its ordinary duties to clients, staff, students and their parents, FCLC may process a wide range of personal data about individuals (including current, past and prospective staff, students or parents) as part of its daily operation.

Some of this activity FCLC will need to carry out in order to fulfil its legal rights, duties or obligations – including those under a contract with its staff, clients, parents and students.  Other uses of personal data will be made in accordance with the FCLC’s legitimate interests, or the legitimate interests of another, provided that these are not outweighed by the impact on data subjects and provided it does not involve special or sensitive types of data.  Examples of such interests are included below under “Examples of how we might use your information”.

In addition, FCLC may need to process special category personal data (concerning health, ethnicity, religion, biometric data or sexual life) or criminal records information (such as when carrying out PVG checks) in accordance with rights or duties imposed on it by law, including safeguarding and employment, or from time to time by explicit consent where required.  These may include:

  • To safeguard students’ welfare and provide appropriate pastoral (and where necessary, medical) care and to take appropriate action in the event of an emergency, incident or accident, including by disclosing details of an individual’s health to medical professionals where it is in the individual’s interests to do so.
  • To provide educational services in the context of any special educational needs of a pupil;
  • To provide clients/students with access to the technologies, e.g. online testing;
  • In connection with employment of its staff, for example PVG checks, welfare or pension plans;
  • For legal and regulatory purposes (for example child protection, diversity monitoring and health and safety) and to comply with its legal obligations and duties of care.

Examples of how we might use your information

The below is a list of FCLC’s processing activities that may fall within its, or a third party’s legitimate interest.  We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

How we might use your information to manage your contract with FCLC

  • To provide access to facilities and services offered by FCLC;
  • To safeguard students’ welfare and provide appropriate pastoral care;
  • To enable relevant authorities to monitor FCLC’s performance and assist with incidents as appropriate;
  • To process financial transactions to ensure the efficient and timely management of payment to use our facilities;
  • Where otherwise reasonably necessary for FCLC’s purposes, including to obtain appropriate professional advice and insurance for Fettes Enterprises Ltd.;
  • For security purposes, including CCTV in accordance with the School’s CCTV policy;
  • To send updates to clients about the FCLC’s activities that clients can get involved in or any other relevant news about FCLC;
  • Invitations to events;
  • To market FCLC to former clients or prospective clients where we have consent to do so

How we might use your information if you are a prospective, existing or former employee

  • To manage the recruitment process
  • Processing PVG application forms
  • Paying salaries, pension contributions and tax
  • For the purposes of management planning and forecasting, research and statistical analysis, including that imposed or provided for by law (such as diversity or gender pay gap analysis and taxation records);
  • Managing leave, disciplinary actions, grievance procedures
  • To provide a safe and secure working environment

What information we collect

We will only store relevant data that allows us to fulfil our purposes outlined above. Data is generally collected directly from individuals when they enter into a contract with FCLC. Additional data is collected during an individual’s relationship with FCLC. Examples of the data we store include:

    • Names, addresses, contact phone numbers, email addresses;
    • Familial relationships;
    • Bank details and financial transactions;
    • Where appropriate, information about individuals’ health and contact details for their next of kin;
    • Correspondence, attendance at meetings or events, meeting notes;
    • References given or received by FTV about staff or prospective staff or information provided by previous employers and/or other professionals or organisations;
    • Images and video footage of students and staff (and occasionally other individuals) engaging in FCLC activities and images captured by the School’s CCTV system (in accordance with the School’s policies on CCTV and Taking, Storing and Using Images of students);
    • Car details (about those who use our car parking facilities);
    • Information, such as CVs, relating to past, present and prospective FCLC personnel;
    • Higher education, profession, employment information;
    • Affinity, engagement;
    • Biometric data
    • Health/medical data
    • Criminal data

Where your information is stored

Data is stored both electronically and in hard copy format where necessary. There are strict access policies in place where only authorised personnel can access the information they require. Data storage locations may include:

    • Centralised administration databases
    • Shared internal hard drive
    • Individual hard drives
    • Emails
    • Personal laptops, phones and iPads – may contain temporary notes that will be transferred to a central location
    • Filing cabinets
    • Third parties (See below for more information on data that is shared with third parties)

How we keep your information secure

All those who have access to, and are associated with the processing of, personal data are legally obliged to respect the confidentiality of any data they need to access in order to carry out their work and are obliged to process data in accordance with our internal policies outlined in ‘About this Notice’.

How long we keep your data for

As per our internal Retention Policy, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Sharing data with third parties

We may need to share some of your data with a third-party provider to fulfil our purposes. When we share data with a third party we will always ensure that we have the necessary contracts in place to ensure the security of your data. We will only share special category data, securely, with a third party if it is our legal obligation or in order to provide onsite medical care. Examples of third party processors may include:

    • Administrative databases
    • Email marketing providers
    • Direct mail service providers
    • Educational service (including online) providers
    • HMRC
    • Local authorities
    • Pension providers
    • IT services including cloud storage providers
    • Appointed GP Practice
    • Consultancy organisations who may analyse our data
    • Professional advisors

Transfer of personal data outside of the EEA

Restrictions of data leaving the EEA are in place to ensure that the level of data protection available to individuals within the EEA is not compromised.

Some of our processes may require us to transfer data outside of the EEA. Generally, this occurs when we use a third-party processor who have servers based outside of the EEA. In these instances, we will ensure that the appropriate safeguards in place to ensure an individual’s data protection rights are met.

Getting in touch

If you would like to get in touch to update your information, amend your preferences, change the way we process your information or for any general data protection enquiries, you can do so by using the following means:

Email: [email protected]

Post: Fettes Centre for Language and Culture, Fettes College, Carrington Road, EH4 1QX

Phone: +44 (0) 131 297 5251

If you’re based in the EU/EEA and wish to contact us via our GDPR Representative, DataRep, you may do so by using the following means:

Email:  [email protected]

Website:  www.datarep.com/datarequest

Post:  DataRep, Calle de Manzanares 4, Madrid, 28005, SPAIN or contact us for the postal address of our representative in your country.

Complaints

If you feel your data has not been used in accordance with this policy, please notify us by using the contact details outlined above. We do hope that any matters of complaint may be resolved between the complainant and Fettes Enterprises Ltd, however, if you feel the need to leverage any complaint where there has been no satisfactory resolution in dealing directly with Fettes Enterprises Ltd, you may contact the ICO ico.org.uk/, who are the governing body for data protection information in the UK.

Your rights

Student data

The rights under Data Protection Law belong to the individual to whom the data relates. For the purposes of delivering our obligations under FCLC contract we will usually liaise with the parent and share student data with them relating to their child’s progress and behaviour, FCLC activities and the general wellbeing of their child.

Where a student seeks to raise concerns confidentially with a member of staff and expressly withholds their agreement to their personal data being disclosed to their parents, we may be under an obligation to maintain confidentiality unless, in our opinion, there is a good reason to do otherwise; for example, where the FCLC believes disclosure will be in the best interests of any student or is required by law.

How to find out if we are processing your data and request a copy of your information

You have the right to ask if your data is being processed by us and the right to ask for a copy of the data related to you that we are processing. A person with parental responsibility will generally be entitled to make a subject access request on behalf a child, but the information in question is always considered to belong to the individual to whom the data relates.  In Scotland, the law presumes that a child of 12 years or more has the capacity to exercise their rights under the Data Protection Law. A child of any age may ask a parent or other representative to make a subject access request on their behalf. Moreover (if of sufficient maturity) their consent or authority may need to be sought by the parent making such a request. Requests for data that are excessive or repetitive will be subject to a fee.

How to have your data amended or deleted

You have the right to have inaccurate data rectified or completed (if it is incomplete), or have your data erased. Some exceptions may apply where we have another lawful reason to continue to process your data.

How to stop us using your data for certain purposes

You have the right to object to certain processes, such as fundraising activities, as long as it does not interfere with contractual or lawful obligations that we still may need to fulfil.

How to transfer data

You have the right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

To act upon any of your rights outlined above please contact us using the details outlined on page six. Requests may be made verbally or in writing. We will aim to respond to any such requests within one month of receipt. We may need to take steps to confirm the identity of the requestor depending on the method in which the request was made. Some requests (or part thereof) may be refused and in such cases, we will respond outlining the reason for refusal.