Royal Hospital School Enterprises Ltd. (RHSEL) is the trading arm of The Royal Hospital School (RHS). RHS is an Independent Boarding/Day School operating as part of the part of the Greenwich Hospital Crown Charity.
This Privacy Notice is intended to cover all data processing in relation to RHSEL activities, which include:
· Commercial and community support lettings
· The Minor Counties Cricket Festival (MCCF)
· The Graham Napier Cricket Academy (GNCA)
Under Data Protection Law RHSEL is designated a ‘Data Controller’, with a responsibility for procedures and privacy notices related to the control and processing of personal data. RHSEL is registered separately from the School with the UK data protection regulating authority – the Information Commissioner’s Office (ICO). Notwithstanding its status as a data controller in its own right, RHSEL and its staff will observe the overarching RHS policies and supervision related to data protection.
This notice is intended to provide information about how the RHSEL will use and hold ("process") the personal data of its clients.
This information is provided in accordance with the rights of individuals under Data Protection Law to understand how their data is used.
All individuals have a level of responsibility towards the protection of their own data and that of others.
The School has appointed the Director of Finance and Operations (Bursar), who is also the Company Secretary of RHSEL, as the Privacy and Compliance Officer. He/she will deal with any requests and enquiries concerning RHSEL’s use of your personal data (see section on Your Rights below) and endeavour to ensure that all personal data is processed in compliance with this Privacy Notice.
In specific relation to RHSEL management of data protection, the processing of any personal and special category data is the responsibility of the Operations & Lettings Manager and the Deputy Bursar (Finance).
RHSEL has identified a ‘legitimate interest’ legal basis for the processing of personal data necessary for the administration and safety of its activities. In addition, RHSEL may need to process special category personal data (e.g. concerning health information) or criminal records information (in relation to DBS checks) in accordance with the rights or duties imposed on it by statutory guidance or law, including as regards safeguarding and employment, or from time to time by explicit consent where required.
RHSEL clients are asked to complete a `Hire Agreement as part of the School’s procedures prior to hire of the Schools premises/facilities. This states that all adults involved in the activity being held at the School and in contact with children taking part in that activity, have been suitably checked as per statutory guidance.
GDPR places particular emphasis on protecting the personal data of children. Any required consent will be obtained in accordance with ICO GDPR guidance on age and data protection procedures.
Personal data collected by RHSEL will remain within RHSEL, and will only be processed by appropriate individuals in accordance with School access and security procedures. No personal data will be forwarded/exported beyond those processors without the specific consent of the relevant individual.
RHSEL will retain client data on file for a minimum of 6 years beyond the duration of the business relationship.
Any individual wishing to access or amend their personal data, or wishing it to be transferred to another person or organisation, or who has some other objection to how their personal data is used, should put their request to the Privacy and Compliance Officer in writing at firstname.lastname@example.org
Any comments or queries in relation to this notice should be directed to the Privacy and Compliance Officer at email@example.com If an individual believes that RHSEL has not complied with this notice or acted otherwise than in accordance with Data Protection legislation, they should notify the Privacy and Compliance Officer firstname.lastname@example.org
RHSEL can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter before involving the regulator.