In compliance with the Data Protection Acts 1998, and 2003 and the amended GDPR of 2018, the following policy explains how and why we collect personal information, how we use it and what we do to ensure it is secure at all times. It will also explain how you can access the information we hold on you, including how you can request this information be erased if you so wish.
Direct English is committed to the protection of all personal and sensitive data which it holds and the handling of such data.
All staff and students have been informed of the new and updated GDPR (25th May 2018). Changes to data protection legislation implemented in the school’s policy shall be monitored in order to remain compliant with all legal requirements.
All data within the school’s control shall be identified as personal, sensitive, or both to ensure that it is handled in compliance with legal requirements, and access to it does not breach the rights of the individuals to whom it relates.
What information do we collect from you and how do we collect it?
We will only collect personal information from and about you which is necessary to provide educational services to you or contact you for direct marketing purposes.
A lot of our initial contact with students will be either:
- Face-to-face (walk-ins)
- Online application through our website
- Phone Calls, letters, post, email and related correspondence
- Through agents, partner schools and organisations electronically.
We shall be transparent about the processing of data and communicate these intentions via notification to staff and students. All students are required to sign an application form with clearly stated Terms & Conditions which include information on personal data processing within the school according to the school’s policy and legal requirements. Enrolment of students under the age of 18 is possible only following their parents’ written consent (T&Cs), e.g. their signature on the application form.
Staff responsible for data protection are in the Management, Marketing, and Administration departments. However, all staff must treat all student information in a confidential manner and follow the guidelines as set out in this document. The school is also committed to ensuring that its staff are aware of data protection policies, legal requirements and adequate training is provided to them. The requirements of this policy are mandatory for all staff employed by the school and any third party contracted to provide services within the school.
How do we use data collected for employment purposes?
The school realises it is unlawful to publish or display an advertisement that shows an intention to discriminate; this includes social media, internet, leaflets, or any kind of advertisements. All jobs posted are in accordance with awarding body requirements and government legislation: https://www.djei.ie/en/
When a person applies for a position within our school, be it in the academic or administrative departments, we request an up-to-date CV, and a copy of any and all college transcripts and relevant qualifications. Contracts of employment are sent to the successful candidate by email. Appointees are required to accept their offer online prior to commencement and they must read and agree to the company policies before accepting the offer, which includes the updated GDPR policy, 2018. Candidate information will be screened only by those directly involved in the decision making process. Only the management team will view a potential candidate’s personal information.
Images of staff and pupils may be captured at appropriate times and as part of educational activities for use in school media only. Unless prior consent from students/parents/staff has been given, the school shall not utilise such images for publication or communication to external sources. It is the school’s policy that external parties may not capture images of staff or students without prior consent.
How do we store such information?
All electronic copies of CVs (which include name, address, email and phone numbers, Bank details, and PPS numbers) are stored in the HR folder on the DOS personal computer which is password protected. They are also stored in hard copy in the HR filing cabinet, which is kept locked at all times.
How long do we keep records of your data?
We will keep your data only for as long as necessary for the purpose for which it was collected and to provide you with services, to conduct legitimate business interests or where otherwise required by law.
Who has access to your data?
Data will only be shared with external parties in circumstances where it is a legal requirement to provide such information. Any proposed change to the processing of individual’s data shall first be notified to them.
What rights do you have pertaining to the information we store about you?
You have the right to ask to access your personal files, be they electronic or otherwise.
Any individual, whose data is held by us, has a legal right to request access to such data. Personal data about students will not be disclosed to third parties without their consent unless it is obliged by law, for example if the request is made by:
- Other schools
- Examination authorities
- Health authorities
- Police and courts
- Social workers and support agencies
- Educational divisions.
Where any personal data is no longer required for its original purpose, an individual can request that the personal data is deleted by the school.
How do we prevent the loss or misuse of your information?
Hard copy data, records and personal information are stored out of sight and in a locked cabinet. Sensitive or personal information and data should not be removed from the school site; however, some staff may need to transport data between the school and their home to access it for work.
The following guidelines are in place for staff in order to reduce the risk of personal data being compromised:
- Paper copies of data or personal information should not be taken off the school site. The information should not be on view in public places, or left unattended under any circumstances.
- Unwanted paper copies of data, sensitive information or student files should be shredded.
- Printouts of any personal or sensitive information are not left in printer trays or photocopiers.
- If information is being viewed on a PC, staff must ensure that the window and documents are properly shut down before leaving the computer unattended.
- Transporting data away from the school, it should be done on a USB stick.
These guidelines are clearly communicated to all school staff, and any person who is found to be intentionally breaching this conduct will be disciplined in line with the seriousness of their misconduct.
- Regular back up of computer systems
- Soft copy information is stored in a cabinet which is locked with a key at all times.
How do we dispose of data?
The school recognises that the secure disposal of redundant data is an integral element to compliance with legal requirements and an area of increased risk. All data held in any form of media (paper, tape, electronic) shall be properly destroyed meeting recognized national standards, e.g. shredding paper documents or disposing IT assets as required.