Privacy notices for the Witherslack Group

This notice is intended to provide information about how The Witherslack Group will use (or “process”) personal data about individuals including: our staff (applying, past and current) ;our current, past and prospective young people; their parents, carers or guardians (referred to in this policy as “parents”); and our contractors.

This Privacy Policy applies alongside any other information our sites(Schools and/or Children’s Homes) may provide about a particular use of personal data, for example when collecting data via an online or paper form or when signing in as visitors.

This Privacy Policy also applies in addition to our sites’ (Schools and/or Children’s Homes) other relevant terms and conditions and policies, including:

For ease of reference and understanding We have produced different Privacy Notices for the different categories of individuals We deal with. These can be accessed using the hyperlink list below.

Click on the below headings to be directed to the Privacy document you want.

Contact / web privacy notice

Staff Privacy Notice

Young people Privacy Notice

Registration for recruitment (Networx)

Job Applicant

Cookie Policy

 

Contact / Web Privacy Notice – How we use your information

Who are we

In this policy, whenever you see the words (‘We’, ‘Us’ or ‘Our’), it refers to Witherslack Group, Lupton Tower, Lupton, Cumbria, LA6 2PR. Registered with the Information Commissionaires Office ( ICO ) in England Company No: Z3410582. For the purposes of UK Data Protection Law, We are a data controller in respect of the personal information that We collect and process about you as described in this privacy notice.

Witherslack Group provides inspirational education and care to children and young people, resulting in life changing experiences and countless stories of success.

We are a leading provider of specialist education and care for children and young people with social, emotional and mental health needs, communication difficulties (autistic spectrum conditions, Asperger’s Syndrome, speech, language and communication needs) and complex learning needs.

Our focus on support, care and acceptance allows each young person to develop as an independent individual, equipped with the knowledge, experience and life skills to look to the future with increased confidence and aspiration.

Why do we collect and use your information

We lawfully process your information in accordance with Currentl Data Protection legislation (UK) General Data Protection regulation (GDPR) Article 6 (1) (a) (c) ( f ). This means We may process your personal data with your consent , as required in law, as part of a contract or for Our legitimate business interests. “Legitimate Interests” means the interests of Our company in conducting and managing Our business and providing you with the best services and products in the most secure way. These include:

If you have any concerns about the processing described above, you have the right to object to this processing. For more information on your rights please see Your Rights section below.

Categories of Personal information that we collect, hold and share include:

For the above purposes We will only ever collect the information We need – including data that will be useful to help improve Our services.

We may collect and process the following data about you:

You may be directed to a third party processor to obtain banking details in relation to an event.

They will be contracted to provide ensure they act as outlined below.

Collecting your information

We may collect and process the following data about you:

Personal information (such as name, postal address, phone number, email address, financial info) that you provide by filling in forms

This will also include information volunteered by you when you;

We also process data from details of your visits to Our site including but not limited to,

This helps Us to determine

Our site uses cookies to distinguish you from other users of Our site. This helps Us to provide you with a good experience when you browse our site and allows Us to improve Our site. For detailed information on the cookies We use and the purpose for which We use them please see cookie policy. If you want to disable cookies please refer to your browser help.

In order to comply with Current Data Protection Legislation including the (UK) General Data Protection Regulation, we will inform you whether you are required to provide information to us or if you have a choice in this. Whenever the processing of your personal data requires your consent then you will be given the opportunity to opt-in or opt-out to having your contact details used as set out above, at the time your details are submitted.

For example, when you request information, you can tell Us when you provide your details if you do not want to receive any other information from Us or Our partners, or you can let Us know how best to get in touch with you with information that may be of interest.

If you do not wish Us to use your data as set out above, or to pass your details on to third parties for marketing purposes, please leave the relevant boxes, situated on the form which We used to collect your data, blank/unticked.

At any time if you no longer wish to receive marketing emails or other promotional materials from Us, you may opt-out of receiving these communications at any time by one of the following methods:

Storing your information

Information is stored by Us on computers located in the UK. We may transfer the information to other reputable third-party organisations as explained below – they may be situated inside or outside the European Economic Area however we will only share if they provide appropriate assurances as to security and management of the data. We may also store information in paper files.

We have security protocols and policies in place to manage and record your data privacy and preferences correctly and that your data is stored securely to protect against its loss, misuse and alteration. Documentation can be supplied on request from our Data Protection Officer who is contactable on dataprotection@witherslackgroup.co.uk.

We take steps to ensure that any organisations that we share your data with will have security protocols and policies in place to manage and record your data privacy and preferences correctly and that your data is stored correctly.

Unfortunately, the transmission of data across the internet is not completely secure and whilst We do Our best to try to protect the security of your information We cannot ensure or guarantee that loss, misuse or alteration of data will not occur whilst data is being transferred. To mitigate this risk all emails from the Witherslack Group with personal information on are sent encrypted.

We will keep your information only for as long as We need it to provide you with the services or information you have required, to administer your relationship with Us, to comply with the law, or to ensure We do not communicate with people that have asked Us not to. When We no longer need information, We will always dispose of it securely, using specialist companies if necessary to do this work for Us.

We will hold your records securely until

Third-party service providers will also store information however there are strict conditions as to security, retention and sharing which enable us to control your information held by them. This is to ensure that the above and your preferences with us are replicated with the third-party service providers. They will hold your information for Our purposes only.

Who do we share your information with

There are strict controls on who can see your information. We will not share your data if you have advised us that you do not want it shared unless we are legally required to do so.

We may also disclose your personal information to third parties, if We are under a duty to disclose or share your personal data for legal or regulatory purposes, in relation to existing or future legal proceedings, for the prevention of fraud/loss or to protect the rights, property, safety of Our Group, Our customers or others.

We have robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether We release data to third parties are subject to a strict approval process and based on our detailed assessment of:

Why we share your information

Just like most other organisations, We work with third-party service providers which provide important functions to us that allow us to be easier, faster, and friendlier in the way we deliver Our services. We need to disclose user data to them from time to time, for any of the purposes set out above, so that the services can be performed.

As previously highlighted We do not share your information with anyone without your consent or unless the law and our policies allow us to do so.

Below are the authorities under which we share your data and with whom we share:

Who we share with Why we share What is shared
Eventbrite To arrange for payment for events etc. Payment made through Eventbrite link on the web You provide contact details and banking details. In turn Eventbrite share your E-mail contact with Us
Department for Education Information in relation to referrals or enquiries may be shared Contact details of parents / young peoples and carers as well as attainment information for young peoples
Local authorities Information in relation to referrals or enquiries may be shared Contact details of parents / young peoples and carers as well as previous family circumstances
IPSEA (Independent Parental Special Education Advice) Information at your request to provide support from Independent Parental Special Education Advice Name and contact details to facilitate initial contact then your data is managed by IPSEA as a Controller.

 

Your Rights

Under data protection legislation, parents and young people have the right to request access to information about them that we hold. You can do this free of charge and the information will be considered and then provided within a month of request. You should be aware that the right of access is limited to your own personal data, and certain data is exempt from the right of access. This will include information which identifies other individuals (and parents need to be aware this may include their own children, in certain limited situations – please see further below), or information which is subject to legal privilege (for example legal advice given to or sought by Us, or documents prepared in connection with a legal action).

Young people can make subject access requests for their own personal data, provided that, in Our reasonable opinion, they have sufficient maturity to understand the request they are making. A young people of any age may ask a parent or other representative to make a subject access request on his/her behalf. Indeed, while a person with parental responsibility will generally be entitled to make a subject access request on behalf of a young person, the law still considers the information in question to be the child’s: for more mature young people, the parent making the request may need to evidence their child’s authority for the specific request.

WG believe that Young People aged 13 and above are generally assumed to have this level of maturity, although this will depend on both the child and the personal data requested, including any relevant circumstances at home. Slightly younger children may however be sufficiently mature to have a say in this decision, depending on the child and the circumstances.

All information requests from, on behalf of, or concerning young people – whether made under subject access or simply as an incidental request – will therefore be considered on a case by case basis.

You also have the right to:

If you wish to exercise any of these rights please contact the Data Protection Officer

Queries and Complaints

If you believe that We have not complied with this policy or acted otherwise than in accordance with Data Protection Legislation, you should notify The Data Protection Officer on dataprotection@Witherslackgroup.co.uk. You can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with The Witherslack Group directly before involving the regulator.

For more information about your rights under the Data Protection Act contact the Information Commissioner’s Office https://ico.org.uk/

Back to top

 

Staff Privacy Notice – How we use your information

Who are we

In this policy, whenever you see the words (‘We’, ‘Us’ or ‘Our’), it refers to Witherslack Group, Lupton Tower, Lupton, Cumbria, LA6 2PR. Registered with the Information Commissionaires Office ( ICO ) in England Company No: Z3410582. For the purposes of UK Data Protection Law, We are a data controller in respect of the personal information that We collect and process about you as described in this privacy notice.

Witherslack Group provides inspirational education and care to children and young people, resulting in life changing experiences and countless stories of success.

We are a leading provider of specialist education and care for children and young people with social, emotional and mental health needs, communication difficulties (autistic spectrum conditions, Asperger’s Syndrome, speech, language and communication needs) and complex learning needs.

Our focus on support, care and acceptance allows each young person to develop as an independent individual, equipped with the knowledge, experience and life skills to look to the future with increased confidence and aspiration.

Why do we collect and use staff information

We lawfully process your information in accordance with current, Data Protection Legislation, including (UK) General Data Protection Regulation (GDPR) Article 6 (a) (b) (c) (f) . We may process your personal data with your consent, in law, as part of your employment contract and or for Our legitimate business interests or in law. “Legitimate Interests” means the interests of Our company in conducting and managing Our business and providing you with the best services and products in the most secure way. These interests include:

When We process your personal data for Our legitimate business interests We always ensure that We consider and balance any potential impact on you and your rights under data protection laws.

If you have any concerns about the processing described above, you have the right to object to this processing. For more information on your rights please see Your Rights section below.

In Law there are also requirements in relation to safeguarding and employment

Categories of Personal information that we collect, hold and share include:

We will only ever collect the information We need – including data that will be useful to help improve Our services.

Collecting your information

We may collect and process the following data about you:

Personal information (such as name, postal address, phone number, email address,NI number, driving licence details, photo, PAYE details, Passport, Bank details, utility provider details, Marriage certificate, birth certificate. Employee no., vehicle details,) that you provide by filling in forms

Special Categories of personal data processed (such as health processed through GDPR Article 9 (2) (h) (OHU and fitness for work)

As governed by Our Data Protection policy which includes Appendix Bring Your Device Policy ( BYOD ) and also your employment contract.

We also process data from details of your visits to Our WIFI including but not limited to,

In order to comply with Current Data Protection Legislation including the (UK) General Data Protection Regulation, we will inform you whether you are required to provide information to us or if you have a choice in this. Whenever the processing of your personal data requires your consent then you will be given the opportunity to opt-in and then to opt-out if you so desire.

Storing your information

Information is stored by Us on computers located in the UK. We may transfer the information to other reputable third-party organisations as explained below – they may be situated inside or outside the European Economic Area however we will only share if they provide appropriate assurances as to security and management of the data. We may also store information in paper files.

We have security protocols and policies in place to manage and record your data privacy and preferences correctly and that your data is stored securely to protect against its loss, misuse and alteration. Documentation can be supplied on request from our Data Protection Officer who is contactable on dataprotection@witherslackgroup.co.uk.

We take steps to ensure that any organisations that we share your data with will have security protocols and policies in place to manage and record your data privacy and preferences correctly and that your data is stored correctly.

Unfortunately, the transmission of data across the internet is not completely secure and whilst We do Our best to try to protect the security of your information We cannot ensure or guarantee that loss, misuse or alteration of data will not occur whilst data is being transferred. To mitigate this risk all emails from the Witherslack Group with personal information on are sent encrypted.

We will keep your information only for as long as We need it to provide you with the services or information you have required, to administer your relationship with Us, to comply with the law, or to ensure We do not communicate with people that have asked Us not to. When We no longer need information, We will always dispose of it securely, using specialist companies if necessary to do this work for Us. We ensure that your preferences with us are replicated with the third-party service providers. They will hold your information for Our purposes only.

We will hold your staff records securely as outlined below

WG have a retention document within their policies.

Who do we share your information with

There are strict controls on who can see your information. We will not share your data if you have advised us that you do not want it shared unless we are legally required to do so or there is a recognised legitimate business interest.

We may also disclose your personal information to third parties, if We are under a duty to disclose or share your personal data for legal or regulatory purposes, in relation to existing or future legal proceedings, for the prevention of fraud/loss or to protect the rights, property, safety of Our Group, Our customers or others.

We have robust processes to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether We release data to third parties are subject to a strict approval process and based on our detailed assessment of:

We share information with the following (See table below in why we share our information for more detail.)

Why we share your information

Just like most other organisations, We work with third-party service providers which provide important functions to us that allow us to be easier, faster, and friendlier in the way we deliver Our services. We need to disclose user data to them from time to time, as part of our legal obligations and legitimate business interests, so that the services can be performed.

As previously highlighted We do not share your information with anyone without your consent unless the law and our policies allow us to do so.

Below are the authorities under which we share your data and with whom we share:

Who we share with Article 6 basis Why we share What is shared
HMRC tax office In law PAYE and TAX Name, dob, address. NI number ; pay, bank details
Accountants Thomas Armstrong In Law PAYE managers Name, dob, address. NI number ; pay, bank details; hours worked expenses
Networx Legitimate business Recruitment portal Full CV details, name, dob, address, telephone, email, previous employment references, salary, equality and diversity, criminal convictions, gender, previous address, education attainment history.
Occupational Health ; Dura Diamond Employment Contract Name, employee number, health, gender, address, telephone, E-mail address
Find My shift Legitimate business interest Shift organiser Names, shifts, hours, location
Capita Employment contract DBS check Completed by the subject in the first instance. Consensual to provide the detail to DBS service. Witherslack Group receive an update form the service with minimal information on. Names, convictions, dob, address and previous address
DH licence checks Legitimate business interest To ensure legal obligations in relation to provision of company vehicles and authorised drivers. Driving licence checks Name, dob, driving licence details
Happiness Index Legitimate Business interest Staff survey to improve provision of services to staff in the workplace Name, age bracket, work E-mail, location, role
Scottish Widows In Law Pension provider Name, salary, dob, address, E-mail, NI number
Training providers Legitimate Business interest Provision of training in relation to team teach, first aid, health and safety etc. Name, email, d.o.b, site, role
Medicash Legitimate business interest Contact details Name ;contact
Local Authorities In Law Requirement of provision of care and education (e.g EHCP) Name, role

 

Your Rights

Under data protection legislation, you have the right to request access to information about you that we hold. You can do this free of charge and the information will be considered and then provided within a month of request.

You should be aware that the right of access is limited to your own personal data, and certain data is exempt from the right of access. This will include (but is not limited to) information which identifies other individuals, information concerning a reference supplied by the Witherskack Group or information which is subject to legal privilege (for example legal advice given to or sought by The Witherslack Group or documents prepared in connection with a legal action). Each application will be assessed on a case to case basis.

You also have the right to:

If you wish to exercise any of these rights please contact the Data Protection Officer;

Queries and Complaints

If you believe that We have not complied with this policy or acted otherwise than in accordance with Data Protection Legislation, you should notify The Data Protection Officer on dataprotection@Witherslackgroup.co.uk. You can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with The Witherslack Group directly before involving the regulator.

For more information about your rights under the Data Protection Act contact the Information Commissioner’s Office https://ico.org.uk/

Back to top

 

Privacy Notice – How we use young people’s information

Who are we

In this policy, whenever you see the words (‘We’, ‘Us’ or ‘Our’), it refers to Witherslack Group, Lupton Tower, Lupton, Cumbria, LA6 2PR. Registered with the Information Commissionaires Office (ICO) in England Company No: Z3410582. For the purposes of UK Data Protection Law, We are a data controller in respect of the personal information that We collect and process about you as described in this privacy notice.

Witherslack Group provides inspirational education and care to children and young people, resulting in life changing experiences and countless stories of success.

We are a leading provider of specialist education and care for children and young people with social, emotional and mental health needs, communication difficulties (autistic spectrum conditions, Asperger’s Syndrome, speech, language and communication needs) and complex learning needs.

Our focus on support, care and acceptance allows each young person to develop as an independent individual, equipped with the knowledge, experience and life skills to look to the future with increased confidence and aspiration.

Why do we collect and use young people’s information

We lawfully process your information in accordance with General Data Protection regulation (GDPR) Article 6 (a) (c) (f) . We may process your personal data with your consent, authorised in Law or for Our legitimate business interests. “Legitimate Interests” means the interests of Our company in conducting and managing Our business and providing you with the best care and education in the most secure way. These interests include:

Categories of a young person’s information that we collect, hold and share include:

Personal information (such as name, unique pupil number and emergency contact details and family background information – this will include parent/carer contact details )

Collecting a young person’s information

We may collect and process the following data about you:

Personal information (such as name, postal address, phone number, E-mail address, pupil number, photo, Passport, Bank details, birth certificate, family information) through

Special Categories of personal data processed (such as health processed through GDPR Article 9 (2)(a)(h)(f)(g) . In summary this means that your personal data is used to support and protect you in your education and care. There will be occasion when your data is processed with your consent (or that of an appropriate adult representing you). Where this is the case you will have the right to change your mind.

There will also be cases when the processing is required to protect you and keep you safe. Where possible you will be informed of this processing but on occasion data may be processed / shared with others to safeguard the young people.

As governed by Our Data Protection Legislation including Appendix – Our Bring Your Device Policy ( BYOD ) and also the employment contract We also process data from details of your visits to Our WIFI including but not limited to,

IP addresses (the location of the computer on the internet),

In order to comply with current Data Protection Legislation the General Data Protection Regulation, we will inform you whether you are required to provide information to us or if you have a choice in this. Whenever the processing of your personal data requires your consent then you will be given the opportunity to opt-in and then to opt-out if you so desire.

Storing a young person’s information

Information is stored by Us on computers located in the UK. We may transfer the information to other reputable third-party organisations as explained below – they may be situated inside or outside the European Economic Area however we will only share if they provide appropriate assurances as to security and management of the data. We may also store information in paper files.

We have security protocols and policies in place to manage and record your data privacy and preferences correctly and that your data is stored securely to protect against its loss, misuse and alteration. Documentation can be supplied on request from our Data Protection Officer who is contactable on dataprotection@witherslackgroup.co.uk.

We take steps to ensure that any organisations that we share your data with will have security protocols and policies in place to manage and record your data privacy and preferences correctly and that your data is stored correctly. We will not share your data if you have advised us that you do not want it shared unless it is the only way we can make sure you stay safe and healthy or we are legally required to do so.

Unfortunately, the transmission of data across the internet is not completely secure and whilst We do Our best to try to protect the security of your information We cannot ensure or guarantee that loss, misuse or alteration of data will not occur whilst data is being transferred. To mitigate this risk all e-mails from the WItherslack Group containing personal information are sent encrypted.

We will keep your information only for as long as We need it to provide you with the services or information you have required, to administer your relationship with Us, to comply with the law, or to ensure We do not communicate with people that have asked Us not to. When We no longer need information, We will always dispose of it securely, using specialist companies if necessary to do this work for Us. We ensure that your preferences with us are replicated with the third-party service providers. They will hold your information for Our purposes only.

We keep information about you on computer systems and also sometimes on paper.

Care and education records are stored and retained in compliance with the appropriate Law and Regulations governing the activity. WG have a retention document within their policies.

Who do we share a young person’s information with

We routinely share a young person’s information with:

Why we share a young person’s information

Just like most other organisations, We work with third-party service providers which provide important functions to us that allow us to be easier, faster, and friendlier in the way we deliver Our services. We need to disclose user data to them from time to time, as part of our legal obligations and legitimate business interests, so that the services can be performed.

As previously highlighted We do not share your information with anyone without your consent unless the law and our policies allow us to do so. We have robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data.

Decisions on whether We release data to third parties are subject to a strict approval process and based on a detailed assessment of:

Below are authorities under which we share your data and with whom we share:

Who we share with

Article 6 basis Why we share What is shared
Schools or colleges that the young people attend after leaving us In law To further the education provision Educational records
The local authority and their commissioned providers of local authority services In law Provision of care and education for young people with SEN and Looked after Children Educational record, Education Health Care Plan, Looked after children notes, multi-agency forum notes,  personal education plans
The Department for Education (DfE) In Law Educational attainment policy and monitoring; The National Young people Database (NPD). Provision of young people record number. https://www.gov.uk/education/data-collection-and-censuses-for-schools ; name of young people
The joint council for qualifications ( JCQ ) Legitimate business interest Currently signed for on a JCQ consent form however the detail is provided to them by Us as a legitimate business interest.   Attendance for the exam is consensual. Name, dob, any health considerations to enable reasonable adjustments to take the exam
OFSTED In Law Ensuring a monitored and accountable service provision is in place All relevant personal or sensitive information (restricted by purpose of visit to minimise data) reported upon anonymously
Regulatory Inspection visitors In Law Ensuring a monitored and accountable service provision is in place All data of staff residents and young peoples as deemed appropriate by the inspector
Health and safety executive In law Safety in the work place …. Safety in the schools and homes. Consideration as to the level of safeguarding needed on each site which is commensurate with the behavioural / risk posed. Environmental information and personal information. Behaviour, health.
Staff in homes and schools Legitimate business interest Maintaining a safe environment for the provision of necessary care and specialist education. Pastoral support and safeguarding. Behaviour reports, personal contact details , multiagency reports
Clinical Consent , Legitimate business interest Provision of support for Special Educational needs Personal data name. dob, family circs , behaviour, risk assessment, EHCP, and health data
Parents / carers Legitimate business interest , law To enable the provision of educational support at home. In general, We will assume that a young person consent is not required for ordinary disclosure of their personal data to their parents, e.g. for the purposes of keeping parents informed about the young person’s activities, progress and behaviour, and in the interests of the young person’s welfare. That is unless, in The School or Home’s opinion, there is a good reason to do otherwise.

However, where a young person seeks to raise concerns confidentially with a member of staff and expressly withholds their agreement to their personal data being disclosed to their parents, The School or Home may be under an obligation to maintain confidentiality unless, in The School or Home’s opinion, there is a good reason to do otherwise; for example where The School or Home believes disclosure will be in the best interests of the young person or other young people, or if required by law.

Ongoing reports and communication in relation to behaviour and achievement.
LADO In Law Keeping Children safe in education All relevant personal or sensitive information (restricted by circumstance minimise data)
Police In Law Keeping children safe in education All relevant personal or sensitive information (restricted by circumstance to minimise data)
Quality assurance visits Legitimate business interest Ensuring that the service provision is of the highest standard and compliant with regulation / Law All relevant personal or sensitive information (restricted by purpose of visit to minimise data) reported upon anonymously
External education support providers   (processors educational support attainment) Legitimate Business interest software support for learning which the young person logs onto to, They normally log on with a consent to the web site however the requirement is made by Our staff hence the decision to use legitimate Business interest … the provision of learning as article 6 basis. Names. Logon E-mail , cookie data ,
External education providers Consent, Legitimate business interest Provision of external educational support to further develop the young person Name , dob, address and potentially health data to support the learning plan

 

Your Rights

Under data protection Legislation you and in some cases your parent/guardian have the right to request access to information about you that we hold. You should be aware that the right of access is limited to your own personal data, and certain data is exempt from the right of access. This will include information which identifies other individuals (and parents need to be aware this may include their own children, in certain limited situations), some safeguarding, or information which is subject to legal privilege (for example legal advice given to or sought by Us, or documents prepared in connection with a legal action).

We are also not required to disclose any examination marks ahead of any ordinary publication

You may ask a parent or other representative to make a subject access request on your behalf.

Indeed, while a person with parental responsibility will generally be entitled to make a subject access request on behalf of a young person, the law still considers the information in question to be yours:

Young people can make subject access requests for their own personal data, provided that, in Our reasonable opinion, they have sufficient maturity to understand the request they are making. A young people of any age may ask a parent or other representative to make a subject access request on his/her behalf. Indeed, while a person with parental responsibility will generally be entitled to make a subject access request on behalf of a young person, the law still considers the information in question to be the child’s: for more mature young people, the parent making the request may need to evidence their child’s authority for the specific request.

WG believe that Young People aged 13 and above are generally assumed to have this level of maturity, although this will depend on both the child and the personal data requested, including any relevant circumstances at home. Slightly younger children may however be sufficiently mature to have a say in this decision, depending on the child and the circumstances.

All information requests from, on behalf of, or concerning young people – whether made under subject access or simply as an incidental request – will therefore be considered on a case by case basis.

You also have the right to:

If you wish to exercise any of these rights please contact the Data Protection Officer;

Queries and Complaints

If you believe that We have not complied with this policy or acted otherwise than in accordance with Data Protection Law, you should notify The Data Protection Officer on dataprotection@Witherslackgroup.co.uk. You can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with The Witherslack Group directly before involving the regulator.

For more information about your rights under the Data Protection Act contact the Information Commissioner’s Office https://ico.org.uk/

Back to the top

 

Registration for Recruitment Privacy Notice for the Witherslack Group

This notice is intended to provide information to individuals who are registering with Networx as possible candidates for employment vacancies within The Witherslack Group. (‘We’ , ‘Our’, ‘Us’). It explains how We will Use (or “process”) your personal data during Our recruitment Process.

Who are We

In this policy, whenever you see the words (‘We’, ‘Us’ or ‘Our’), it refers to Witherslack Group, Lupton Tower, Lupton, Cumbria, LA6 2PR. Registered with the Information Commissioner’s Office (ICO) in England Company No: Z3410582. For the purposes of UK Data Protection Law, We are a Data Controller in respect of the personal information that We collect and process about you as described in this privacy notice.

The recruitment software We Use via this Website is supplied by Net-Worx (2001) Ltd (trading as networx) and they are defined as a Data Processor under the GDPR. They will only process your data, on Our behalf, in accordance with Our written instructions.

Why do We collect and Use your information

We will typically collect and Use this information for the following purposes:

Assess the prospective candidates suitability for employment with Us.

If you have any concerns about the processing described above, please refer to Your Rights section below.

Categories of Personal information that We Process (collect, hold and share) include:

We may collect the following information, provided by you, up to and including the specific application stage of the recruitment process:

We may collect and process the following ‘special category’ data

For the above purposes We will only ever collect the information We need. We have in place an appropriate policy documents and safeguards which we are required by law to maintain when processing such data.

Collecting your information

In this process We will process personal data collected;

Storing your information

We will keep your information only for as long as We need it to provide you with the recruitment services, to administer your relationship with Us, or to ensure We do not communicate with people that have asked Us not to. When We no longer need information, We will always dispose of it securely. We ensure that your preferences with Us are replicated with the third-party service providers. They will hold your information for Our purposes only.

You will be sent a reminder after 23 months of inactivity on the Networx system. You will at all times have the option to request that your data is deleted. This will be considered against the lawful retention at the time.

We will retain your personal information for a period of 2 years after you Were last active on the Networx system.

After 2 years of inactivity on Networx, We will securely destroy your personal information. Any remaining data will be anonymised for statistical purposes and will not be identifiable to you.

Who do We share your information with

We will not share your data with any additional third parties, unless your application for employment is successful and We make you an offer of employment. We will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks.

Why We share your information

We have robust processes in place to ensure the confidentiality of Our data is maintained and there are policies and stringent controls in place regarding access and Use of the data.

Decisions on whether We release data to third parties are subject to a strict approval process and based on a detailed assessment of:

Your Rights

Accessing your personal data

We are dedicated to providing reasonable access to users who wish to review the personal information retained when they register via Networx and correct any inaccuracies it may contain. Users who choose to register may access their profile, correct and update their details, or withdraw their details at any time. To do this, users can access their personal profile by Using their secure login. In all cases We will treat requests to access information or change information in accordance with applicable legal requirements.

Under data protection you have the right to request access to information about you that We hold. You should be aware that the right of access is limited to your own personal data, and certain data is exempt from the right of access. This will include information which identifies other individuals, or information which is subject to legal privilege (for example legal advice given to or sought by Us, or documents prepared in connection with a legal action).

You may ask a representative to make a subject access request on your behalf.

You also have the right to:

If you wish to exercise any of these rights please contact the Data Protection Officer (DPO);

Queries and Complaints

If you believe that We have not complied with this policy or acted otherwise than in accordance with Data Protection Law, you should notify Our DPO on dataprotection@Witherslackgroup.co.uk. You can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with The Witherslack Group directly before involving the regulator. For more information about your rights under the Data Protection Act contact the Information Commissioner’s Office https://ico.org.uk/

Back to the top

Job Applicant Privacy Notice for the Witherslack Group

This notice is intended to provide information to individuals who are applying for employment vacancies with Witherslack Group (‘We’ , ‘Our’, ‘Us’) via Net-worx. It explains how We will Use (or “process”) your personal data during Our selection and recruitment Process. If subsequently employed by WG the staff Privacy Notice will then apply.

Who are We

In this policy, whenever you see the words (‘We’, ‘Us’ or ‘Our’), it refers to Witherslack Group, Lupton Tower, Lupton, Cumbria, LA6 2PR. Registered with the Information Commissioner’s Office (ICO) in England Company No: Z3410582. For the purposes of UK Data Protection Law, We are a Data Controller in respect of the personal information that We collect and process about you as described in this privacy notice.

The recruitment software We Use via this Website is supplied by Net-Worx (2001) Ltd (trading as networx) and they are defined as a Data Processor under the GDPR. They will only process your data, on Our behalf, in accordance with Our written instructions.

Why do We collect and Use your information

We will typically collect and Use this information for the following purposes:

If you have any concerns about the processing described above, please refer to Your Rights section below.

Categories of Personal information that We Process (collect, hold and share) include:

We may collect the following information up to and including the shortlisting stage of the recruitment process:

We may collect the following information after the shortlisting stage, and before employing you.

We may collect and process the following ‘special category’ data

We may collect and process the following data about third party references.

For the above purposes We will only ever collect the information We need. We have in place an appropriate policy documents and safeguards which we are required by law to maintain when processing such data.

Collecting your information

In this process We will process personal data collected;

Storing your information

We will keep your information only for as long as We need it to provide you with the recruitment services, to administer your relationship with Us, or to ensure We do not communicate with people that have asked Us not to. When We no longer need information, We will always dispose of it securely. We ensure that your preferences with Us are replicated with the third-party service providers. They will hold your information for Our purposes only.

If your application is unsuccessful We will retain your personal information for a period of 2 years after you Were last active on the Networx system.

Any interview notes will be securely retained and then destroyed 6 months after the date of the interview.

You will be sent a reminder after 23 months of inactivity on the Networx system. You will at all times have the option to request that your data is deleted. This will be considered against the lawful retention at the time.

After 2 years of inactivity on Networx, We will securely destroy your personal information. Any remaining data will be anonymised for statistical purposes and will not be identifiable to you.

Who do we share your information with

During the on boarding recruitment process We may share information with:

We will not share your data with the above third parties, unless your application for employment is successful and We make you an offer of employment. We will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks.

Why We share your information

We have robust processes in place to ensure the confidentiality of Our data is maintained and there are policies and stringent controls in place regarding access and Use of the data.

Decisions on whether We release data to third parties are subject to a strict approval process and based on a detailed assessment of:

Your Rights

Accessing your personal data

We are dedicated to providing reasonable access to users who wish to review the personal information retained when they apply via Our Website site and correct any  inaccuracies it may contain. Users who choose to register may access their profile, correct and update their details, or withdraw their details at any time. To do this, users can access their personal profile by Using their secure login. In all cases We will treat requests to access information or change information in accordance with applicable legal requirements.

Under data protection you have the right to request access to information about you that We hold. You should be aware that the right of access is limited to your own personal data, and certain data is exempt from the right of access. This will include information which identifies other individuals, or information which is subject to legal privilege (for example legal advice given to or sought by Us, or documents prepared in connection with a legal action).

You may ask a representative to make a subject access request on your behalf.

You also have the right to:

If you wish to exercise any of these rights please contact the Data Protection Officer (DPO);

Queries and Complaints

If you believe that We have not complied with this policy or acted otherwise than in accordance with Data Protection Law, you should notify Our DPO on dataprotection@Witherslackgroup.co.uk. You can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with The Witherslack Group directly before involving the regulator. For more information about your rights under the Data Protection Act contact the Information Commissioner’s Office https://ico.org.uk/

Back to the top

 

COOKIE POLICY Use of cookies by the Witherslack Group

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

The table below explains the cookies we use and why.

witherslackgroup.co.uk:

Cookie Description Duration Type
campaignMonitorViewedIds This cookie is used to check a Campaign Monitor integrated form for status. Session Other
__stripe_mid This cookie is set by Stripe payment gateway. This cookie is used to enable payment on the website without storing any payment information on a server. 11 months Necessary
__stripe_sid This cookie is set by Stripe payment gateway. This cookie is used to enable payment on the website without storing any payment information on a server. 30 minutes Necessary
_ga This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. 2 years Analytics
_gid This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form. 1 day Analytics
_gat This cookies is installed by Google Universal Analytics to throttle the request rate to limit the collection of data on high traffic sites. 1 minute Performance
GPS This cookie registers a unique ID on mobile devices to enable tracking based on geographical GPS location. 1 day Necessary
IDE This cookie is used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. 1 year Necessary
loglevel (value: WARN) This cookie is used to enable certain video player functionalities associated with Vimeo. Necessary
m This cookie is set by Stripe payment gateway. This cookie is used to enable payment on the website without storing any payment information on a server. 10 years Necessary
muxData This cookie is used to enable certain video player functionalities associated with Vimeo. 19 years Necessary
Various (cookie uses school name, e.g. dovetree-school) These cookies have been added specifically for Witherslack Group on our schools’ websites to prevent partner schools’ messages showing every time some visits a school site. No personal information is stored. Session or 1 year depending on user choice Necessary
VISITOR_INFO1_LIVE This cookie ties to estimate the users’ bandwidth on pages with integrated YouTube videos. 179 days Necessary
vuid This cookie is used to enable certain video player functionalities associated with Vimeo. 2 years Necessary
YSC This cookie registers a unique ID to keep statistics of what videos from YouTube the user has seen. Session Necessary
cookie_notice_accepted This cookie is used to determine whether to show the cookie notice. 1 month Necessary

 

witherslackgroupjobs.co.uk:

Cookie Description Duration Type
_ga This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. 2 Years Analytics
_gid This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form. 1 day Analytics
_gat This cookies is installed by Google Universal Analytics to throttle the request rate to limit the collection of data on high traffic sites. 1 minute Performance
vuid This cookie is used to enable certain video player functionalities associated with Vimeo. 2 years Necessary
loglevel (value: WARN) This cookie is used to enable certain video player functionalities associated with Vimeo. Necessary
gaoop_hide_info This cookie is used to determine whether to show the cookie notice. Expires 01/01/2100 Necessary
ga-disable-xxxx This cookie is used to prevent collection of Google Analytics Expires 01/01/2100 Necessary

 

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.

To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

YouTube cookies

We embed videos from our official YouTube channel using YouTube’s privacy-enhanced mode. This mode may set cookies on your computer once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode. To find out more please visit YouTube’s embedding videos information page.

Back to the top

Processing...
Thank you! Your subscription has been confirmed. You'll hear from us soon.
Subscribe to our mailing list
ErrorHere