This Privacy Notice sets out: the types of personal data that we collect about you; how and why we use it; how long we will keep it for; when, why and with whom we will share it; the legal basis for us using your personal data and your rights under Article 13 and/or 14 of the General Data Protection Regulation.Article 13 / 14.It also explains how we may contact you and how you can contact us.
STAR ASCEND UK LIMITED('Star Ascend" ) is committed to protecting your privacy and we aim to respect your personal data you share with us.Your personal information will be held and process by Star Ascend. We are registered as a data controller with the ICO in the United Kingdom for the purposes of the Data Protection legislation and General Data Protection Regulation (GDPR).Our registered address is 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. We collect a wide range of personal information depending upon the nature of our relationship with you as the data subject.
Our website might include links to other companies' websites, however, Star Ascend is not responsible for the privacy practices of others and we encourage you to read their privacy notices. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
COLLECTION OF PERSONAL INFORMATION
We collect and process your personal Information mainly to provide you with access to our services and products, to help us improve our offerings to you and for certain other purposes explained below.
LEGISLATION AND GUIDANCE
The General Data Protection Regulation (GDPR) governs how information about people (Personal Data) should be treated. It also gives rights to individuals whose data is held. The Regulation came into force on 25 May 2018 and applies to all personal data collected at any time whether held on computer or manual record. The Regulation is enforced by the Information Commissioner. The GDPR makes a distinction between personal data and "sensitive" personal data. Sensitive personal data is subject to stricter conditions of processing.
DATA PROTECTION PRINCIPLES
The GDPR contains 6 principles for processing personal data with which organisations must comply. Personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to the data subject('lawfulness, fairness and transparency')
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes ('purpose limitation');
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ('data minimisation');
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay('accuracy');
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject ('storage limitation');
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures ('integrity and confidentiality').
WHAT INFORMATION WILL WE COLLECT ABOUT YOU
We collect and process personal data from our personnel including your name, job titles. email address, address, telephone number, CV, identification and right to work documents, educational records, work history, job boards, employment and references, Disclosure and Barring Service (DBS),reference, date of birth, driving license; bank account details and national insurance number. Other information may also be held on the individual's CV. These are collected fulfil our legal obligations as an employer and only names are ever disclosed to customers or suppliers during the performance of our various contracts. Additionally we obtain personnel data in relation to photos and gender as a means of identification. The basis for processing this sensitive data is established by the use of a consent form. We are also required to undertake an enhanced DBS check of personnel who work with children or vulnerable adults (Education, Health and Care Plans can be in place until the student is 25). The data required to fulfil this check is provided to a third party who complete the DBS check on our behalf and in accordance with strict contractual terms and conditions. Prior to undertaking the DBS application, consent to do so will be sought from our personnel and the results of the check limited to the Management Team of Star Ascend and to relevant customers. With regards to our customers, potential customers and suppliers, we will again collect and process names, addresses, email addresses, phone numbers and bank account details which we use in the following ways:
- In the performance of our or their contractual obligations or as part of our legal obligations.
- With a legitimate interest in maintaining a professional relationship with potential customers (taking into consideration their individual rights and freedoms).We may also on occasion collect witness or third party names, addresses and phone numbers as part of our insurance obligations.
Additionally, we may collect non-personal information such as geographical location, details pertaining to processes, documents and arrangements. These are collected as part of the services we provide and are not held for any other purpose. You cannot be identified from this information and it is only used to assist us in providing an effective service. We will use your personal and non-personal information only for the purposes for which it was collected or agreed with you, for example:
- To confirm and verify your identity or to verify that you are an authorised customer for security purposes;
- To carry out our obligations arising from any contracts entered into between you and us;
- To notify you about changes to our service;
- For the detection and prevention of fraud, crime, or other malpractice;
- To conduct market or customer satisfaction research or for statistical analysis;
- For audit and record keeping purposes;
- In connection with legal proceedings;
- We will also use your personal information to comply with legal and regulatory requirements or industry codes to which we subscribe or which apply to us, or when it is otherwise allowed by law;
- Collect information about the device you are using to view the Star Ascend website, such as your IP address or the type of internet browser or operating system you are using;
- To respond to your queries or comments
DATA ON CHILDREN,YOUNG PEOPLE,ADULTS AT RISK AND FAMILIES
We collect data on children, young people and families and share include but are not limited to:
- Most data we hold about children, young people and adults at risk has been received from other organisations, including special schools, children residential home and local authorities-Exclusion information/ National curriculum assessment results
- Safeguarding information (such as court orders and professional involvement)
- Relevant medical information and administration (such as doctors information, child/young person/adult at risks health, allergies, medication and dietary requirements
- Personal information (such as name and address ,parent's national insurance number).
- Contact details and preference (contact telephone numbers, email addresses, addresses)
- Characteristics (such as ethnicity, religion, language, nationality, country of birth and free school meal eligibility)
- Attendance information(such as tuition, mentoring sessions attended, number of absences and absence reasons)
- Assessment information (such as information given by the data controller)
- Special educational needs(including identified needs in order of priority such as EHCP's, CAMHS reports, tuition/mentoring referral forms, care or support plans)
- Personal information, special category information, assessment results and SEN information from special schools/residential homes that you previously attended
- Behavioural information (such as exclusions and any relevant alternative provision put in place).
- Photographs (with specific consent only).
WHY WE COLLECT AND USE THIS INFORMATION
We use the children, young people, adults at risk and parent data:
- to provide the best possible support and advice to the school, setting or parents/carers
- support children, young people, adults at risk learning
- to monitor and report on children, young people, adults at risk progress
- for safeguarding purposes
- to assess the quality of our services
- to comply with the law regarding data sharing
STORING PUPIL DATA
We hold pupil and family data whilst Star Ascend is involved with the child/person. When the assignment is ended and we no longer work with the child or the family, the information is all transferred to the data controller who has commissioned the work (usually the school or local authority) and we delete all data after 3 months unless told otherwise. We will always check with the data controller before deletion of data. We have data protection policies and procedures in place, including strong organisational and technical measures, which are regularly reviewed. Further information can be found on our website.
WHO DO WE SHARE PUPIL INFORMATION WITH?
We do not share information about our pupils with anyone without consent unless the law and our policies require us to do so. We are required to share information about any safeguarding concerns if we feel that a child is at risk of harm. We will report any such concerns to the Safeguarding lead of the data controller who has commissioned our services or, if necessary, to the relevant local authority social services.
WHO WILL WE SHARE CANDIDATES INFORMATION WITH?
TRANSFERRING INFORMATION OUTSIDE THE EEA
The personal data and sensitive data identified above is only processed by us in the UK. We do not generally transfer your data out of the EEA. However, Third parties may on occasion have access to personal data only when they are under contract and following the signature of a non-disclosure agreement and only in line with the services, these third parties are contracted to do so in order for Star Ascend to function as a business.Subject to the two exceptions below your data will not be processed outside of the European Economic Area (EEA).
Your data will only be processed outside of the European Economic Area (EEA) in the following circumstances:
- In this situation data is transferred outside of the EEA on the basis that our service provider has signed up to the EU-US Privacy Shield Framework. More information about the Privacy Shield Framework can be found here: PRIVACY SHIELD
- Where we need to obtain reference information where the referee is not based within the EEA this will require basic data transfer outside of the EEA. In this situation you will have provided the relevant contact details for the referee.
WILL WE PROCESS SPECIAL CATEGORIES OF PERSONAL DATA AND CRIMINAL CONVICTIONS?
We avoid processing special categories of data (these are sensitive personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership) and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation. However, by taking copies of passports or ID it may be that racial or ethnic origin can be revealed. Processing this data is necessary for us to comply with employment law obligations and the data is only used for this specific purpose. We are under an obligation to ensure that the candidates we submit to clients are suitable. As part of our registration process we require individuals to disclose any unspent convictions and may need to make further enquiries if necessary.
HOW LONG WILL WE KEEP YOUR PERSONAL INFORMATION?
Star Ascend operates in compliance with a very comprehensive Control of Records procedure which sets out the maximum duration for each type of record held, unless you exercise your rights highlighted below. Of course, if there is no contract of employment, provision of services to or by Star Ascend, then we will look to retain records for no longer than is necessary. We are legally bound to hold certain data for prescribed lengths of time, including:
- If you have not registered with us, your data will be retained for 12 months from when it was added to our database or from when you were last contacted. You can request to have your record deleted.
- If you do register with us, your data will be retained for 3 years from the last contact or activity on your record. You can request to have your record deleted
- If we place you in a temporary assignment or permanent role we will be required to keep certain information for specific lengths of time up to a maximum of 6 years. The purpose of keeping this information is to comply with our legal obligations.
- Client contact details are retained for 3 years. You can request to have your record deleted.
WILL WE CONTACT YOU FOR MARKETING PURPOSES?
We do not collect personal data for marketing purposes, but with a legitimate interest in maintaining and developing a professional relationship with potential customers (taking into consideration their individual rights and freedoms). We will only send you direct marketing emails that promote our company or services if you have opted in to this. You will have the option to opt in when you are provided with a copy of our Privacy Notice. You can also manage your direct marketing preferences by contacting a Star Ascend consultant, updating your preferences or clicking the unsubscribe link on an email. To clarify, contacting you about specific job opportunities is not marketing because we are not advertising or marketing our services.
We also publish news and updates from time to time and simply post these on our website and/or on social media sites to assist and generate interest in our business. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Of course, we also use personal data as part of our service delivery, procurement management and to best manage our very valuable human resource.
WHAT ARE YOUR DATA SUBJECT ACCESS RIGHTS?
You have the following rights as a Data Subject:
- Right to access - you have the right to request a copy of all data we hold about you;
- Right to rectification - where any data we hold is incorrect, you have the right to ensure it is correct;
- Right to be forgotten - if you no longer wish for us to hold your data, we will delete it;
- Right to portability - you can ask us to provide your data to a third party in machine-readable formats;
- Right to restrict processing- since we only use this to contact you, there is no processing to restrict, we would simply delete the information wherever possible and in keeping with our own obligations.
Parents/Carers can make a request with respect to their child's data where the child is not considered mature enough to understand their rights over their own data (usually under the age of 13 but can be older under the Mental Capacity Act, or where the child has provided consent. If a parent/carer make a subject access request, and if we do hold information about you or your child, we will:
- Give you a description of it
- Tell you why we are holding and processing it, and how long we will keep it for
- Explain where we got it from, if not from you or your child
- Tell you who it has been, or will be, shared with
- Give you a copy of the information in an intelligible form
If at any point you believe the information we process on you is incorrect, you may request to see this information and even have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner's Office.
COOKIES & LINKS TO EXTERNAL WEBSITES
We use IP addresses to analyse trends, administer the site, track user's movements, and to gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.
Our company takes every precaution to protect our users' information. Only employees who need the information to perform a specific job (for example, consultants, our accountants or a marketing assistant) are granted access to your information. We use all reasonable efforts to safeguard your personal information. However, you should be aware that the use of email/the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal information which is transferred from you or to you via email/the internet. If you share a device with others we recommend that you do not select the "remember my details" function when that option is offered. If you have any questions about the security of our website, you can email firstname.lastname@example.org
COMPLAINTS OR QUERIES
Complaints about Star Ascend's processing of personal data and rights under the General Data Protection Regulation will be dealt with in accordance with this Policy. Complaints will be fully dealt with after a formal review. The clarification and review procedure contained in the school's Freedom of Information and Environmental Requests Policy and Procedures should be used when dealing with reviews under this policy (Data Protection) and for Freedom of Information and Environmental Information requests. Individuals have a right to request that the Information Commissioner make an assessment of compliance of particular circumstances with the General Data Protection Regulation. If individuals are not happy about how we have handled their information they can contact the ICO via the following means:
Information Commissioner's Office
Alternatively visit their website - at ICO or contact them by phone on 0303123111
We will respond promptly and fully to any request for information about data protection compliance made by the Information Commissioner.
- The responsibility for implementation of this policy rests with Star Ascend. We will ensure that:
- Everyone managing and/or handling personal information understands that they are contractually responsible for following good data protection practice.
- Everyone managing and/or handling personal information is appropriately trained to do so.
- Everyone managing and/or handling personal information is appropriately supervised.
- Anyone wanting to make enquiries about handling personal information, whether a member of staff or a member of the public, is given advice as necessary
- Queries about handling personal information are promptly and courteously dealt with.
- Methods of handling personal information are regularly assessed and evaluated.
- Performance with handling personal information is regularly assessed and evaluated.
- Employees are aware of the action required in the event of a Data Breach.
HOW DO I CONTACT YOU?
If you would like to enact your rights, make a complaint or contact our Data Controller, you can do so by submitting a request to
Postal Address:71-75,Shelton Street, Covent Garden, London, WC2H 9JQ
This policy will be reviewed annually. If there are any changes prompted by legislation or case law, it will be reviewed to ensure compliance.
DATE OF POLICY: 08/2021
REVIEW DATE: 08/2022