Royal Hospital
School Enterprises Ltd. (RHSEL) is the trading arm of The Royal Hospital School
(RHS). RHS is an Independent Boarding/Day School operating as part
of the part of the Greenwich Hospital Crown Charity.
This Privacy
Notice is intended to cover all data processing in relation to RHSEL
activities, which include:
·
Commercial and community support lettings
·
The Minor Counties Cricket Festival (MCCF)
·
The Graham Napier Cricket Academy (GNCA)
Under Data Protection Law RHSEL is designated a ‘Data Controller’, with a responsibility for procedures and privacy notices related to the control and processing of personal data. RHSEL is registered separately from the School with the UK data protection regulating authority – the Information Commissioner’s Office (ICO). Notwithstanding its status as a data controller in its own right, RHSEL and its staff will observe the overarching RHS policies and supervision related to data protection.
This notice is intended to provide information about how the RHSEL will use and hold ("process") the personal data of its clients.
This information is provided in accordance with the rights of individuals under Data Protection Law to understand how their data is used.
All individuals
have a level of responsibility towards the protection of their own data and
that of others.
The School has
appointed the Director of Finance and Operations (Bursar), who is also the
Company Secretary of RHSEL, as the Privacy and Compliance Officer. He/she will
deal with any requests and enquiries concerning RHSEL’s use of your personal
data (see section on Your Rights below) and endeavour to ensure that all
personal data is processed in compliance with this Privacy Notice.
In specific
relation to RHSEL management of data protection, the processing of any personal
and special category data is the responsibility of the Operations &
Lettings Manager and the Deputy Bursar (Finance).
RHSEL has
identified a ‘legitimate interest’ legal basis for the processing
of personal data necessary for the administration and safety of its activities.
In addition, RHSEL may need to process special category personal data (e.g. concerning health information) or criminal records information (in relation to
DBS checks) in accordance with the rights or duties imposed on it by statutory
guidance or law, including as regards safeguarding and employment,
or from time to time by explicit consent where required.
RHSEL clients are
asked to complete a `Hire Agreement as part of the School’s procedures prior to
hire of the Schools premises/facilities. This states that all adults involved
in the activity being held at the School and in contact with children taking
part in that activity, have been suitably checked as per statutory guidance.
GDPR places
particular emphasis on protecting the personal data of children. Any required
consent will be obtained in accordance with ICO GDPR guidance on age and data
protection procedures.
Personal data
collected by RHSEL will remain within RHSEL, and will only be processed by
appropriate individuals in accordance with School access and security
procedures. No personal data will be forwarded/exported beyond
those processors without the specific consent of the relevant individual.
RHSEL will retain
client data on file for a minimum of 6 years beyond the duration of the
business relationship.
Any individual
wishing to access or amend their personal data, or wishing it to be transferred
to another person or organisation, or who has some other objection to how their
personal data is used, should put their request to the Privacy and Compliance
Officer in writing at bursar@royalhospitalschool.org
Any comments or queries in relation to this notice should be directed to
the Privacy and Compliance Officer at bursar@royalhospitalschool.org If an individual believes that RHSEL has not
complied with this notice or acted otherwise than in accordance with Data
Protection legislation, they should notify the Privacy and Compliance Officer bursar@royalhospitalschool.org
RHSEL can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter before involving the regulator.