Skip to the content

Privacy Notices

Privacy notices for the Witherslack Group

This notice is intended to provide information about how The Witherslack Group will use (or “process”) personal data about individuals including: our staff (applying, past and current) ;our current, past and prospective young people; their parents, carers or guardians (referred to in this policy as “parents”); and our contractors.

This Privacy Policy applies alongside any other information our sites(Schools and/or Children’s Homes) may provide about a particular use of personal data, for example when collecting data via an online or paper form or when signing in as visitors.

This Privacy Policy also applies in addition to our sites’ (Schools and/or Children’s Homes) other relevant terms and conditions and policies, including:

  • Data Retention Policy
  • Child Protection and Safeguarding Policies
  • Health and Safety Policy
  • Data Protection policy including, Bring Your Own Device (BYOD)
  • Cookie Policy
  • Safeguarding, pastoral, or health and safety policies, including as to how concerns or incidents are recorded; and
  • IT policies, including its E-Safety Policy, Acceptable Use Policies

For ease of reference and understanding, we have produced different Privacy Notices for the different categories of individuals We deal with. These can be accessed using the hyperlink list below.

Click on the below headings to be directed to the Privacy document you want.

Contact / web privacy notice

Staff Privacy Notice

Young people Privacy Notice

Registration for recruitment (Networx)

Job Applicant

Cookie Policy

 

Contact / Web Privacy Notice – How we use your information

Who are we

In this policy, whenever you see the words (‘We’, ‘Us’ or ‘Our’), it refers to Witherslack Group, Lupton Tower, Lupton, Cumbria, LA6 2PR. Registered with the Information Commissionaires Office ( ICO ) in England Company No: Z3410582. For the purposes of UK Data Protection Law, We are a data controller in respect of the personal information that We collect and process about you as described in this privacy notice.

Witherslack Group provides inspirational education and care to children and young people, resulting in life changing experiences and countless stories of success.

We are a leading provider of specialist education and care for children and young people with social, emotional and mental health needs, communication difficulties (autistic spectrum conditions, Asperger’s Syndrome, speech, language and communication needs) and complex learning needs.

Our focus on support, care and acceptance allows each young person to develop as an independent individual, equipped with the knowledge, experience and life skills to look to the future with increased confidence and aspiration.

Why do we collect and use your information

We lawfully process your information in accordance with Currentl Data Protection legislation (UK) General Data Protection regulation (GDPR) Article 6 (1) (a) (c) ( f ). This means We may process your personal data with your consent , as required in law, as part of a contract or for Our legitimate business interests. “Legitimate Interests” means the interests of Our company in conducting and managing Our business and providing you with the best services and products in the most secure way. These include:

  • To ensure that content from Our site is presented in the most effective manner for you and for your computer;
  • To provide you with information about Our services or offers that you request from Us or which we feel may interest you, where you have consented to be contacted for such purposes;
  • To contact you regarding your opinions on Our services which may be used for marketing, research and analysis, where you have consented to be contacted for such purposes.
  • To help Us identify you when you contact or visit Us.
  • For general administration purposes.
  • To help Us improve the quality of Our products and services
  • To help Us detect and prevent fraud and money laundering.
  • To carry out analysis and customer profiling.
  • When you communicate with us for customer service or other purposes (e.g., by emails, faxes, phone calls, tweets, etc.), we retain such information and our responses to you in the records of your account.
  • Collecting Payment for services delivered.
  • When We process your personal data for Our legitimate business interests We always ensure that We consider and balance any potential impact on you and your rights under data protection laws.

If you have any concerns about the processing described above, you have the right to object to this processing. For more information on your rights please see Your Rights section below.

Categories of Personal information that we collect, hold and share include:

For the above purposes We will only ever collect the information We need – including data that will be useful to help improve Our services.

We may collect and process the following data about you:

  • Name
  • Address
  • Email
  • Telephone number
  • Cookies (not linked to the above data)
  • IP addresses
  • Financial data

You may be directed to a third party processor to obtain banking details in relation to an event.

They will be contracted to provide ensure they act as outlined below.

Collecting your information

We may collect and process the following data about you:

Personal information (such as name, postal address, phone number, email address, financial info) that you provide by filling in forms

  • on Our web site (witherslackgroup.co.uk), when signing up for a newsletter or completing the referral / question section.
  • in Our schools and homes and when you contact Us via telephone, in person or by letter

This will also include information volunteered by you when you;

  • subscribe to receive one of Our e-communications;
  • order a brochure;
  • enquire about a specific service, school or home;
  • request information via telephone;
  • request a call back;
  • respond to a campaign;
  • enter a competition or promotion;
  • submit a question to Us or provide Us with feedback.
  • Booking a service / event

We also process data from details of your visits to Our site including but not limited to,

  • IP addresses (the location of the computer on the internet),
  • pages accessed and
  • files downloaded.
  • Cookies
  • This is statistical data about Our users’ browsing actions and patterns, and does not identify any individual. It simply allows Us to monitor and improve Our service.

This helps Us to determine

  • How many people use Our sites,
  • How many people visit on a regular basis, and How popular Our pages are.

Our site uses cookies to distinguish you from other users of Our site. This helps Us to provide you with a good experience when you browse our site and allows Us to improve Our site. For detailed information on the cookies We use and the purpose for which We use them please see cookie policy. If you want to disable cookies please refer to your browser help.

In order to comply with Current Data Protection Legislation including the (UK) General Data Protection Regulation, we will inform you whether you are required to provide information to us or if you have a choice in this. Whenever the processing of your personal data requires your consent then you will be given the opportunity to opt-in or opt-out to having your contact details used as set out above, at the time your details are submitted.

For example, when you request information, you can tell Us when you provide your details if you do not want to receive any other information from Us or Our partners, or you can let Us know how best to get in touch with you with information that may be of interest.

If you do not wish Us to use your data as set out above, or to pass your details on to third parties for marketing purposes, please leave the relevant boxes, situated on the form which We used to collect your data, blank/unticked.

At any time if you no longer wish to receive marketing emails or other promotional materials from Us, you may opt-out of receiving these communications at any time by one of the following methods:

  • by replying to the email address listed on the web page;
  • by writing to the data protection officer at Witherslack Group, Lupton Tower, Carnforth, LA6 2PR;
  • by calling the data protection officer on 015395 66081.
  • By E-mailing the data protection officer on dataprotection@Witherslackgroup.co.uk 

Storing your information

Information is stored by Us on computers located in the UK. We may transfer the information to other reputable third-party organisations as explained below – they may be situated inside or outside the European Economic Area however we will only share if they provide appropriate assurances as to security and management of the data. We may also store information in paper files.

We have security protocols and policies in place to manage and record your data privacy and preferences correctly and that your data is stored securely to protect against its loss, misuse and alteration. Documentation can be supplied on request from our Data Protection Officer who is contactable on dataprotection@witherslackgroup.co.uk.

We take steps to ensure that any organisations that we share your data with will have security protocols and policies in place to manage and record your data privacy and preferences correctly and that your data is stored correctly.

Unfortunately, the transmission of data across the internet is not completely secure and whilst We do Our best to try to protect the security of your information We cannot ensure or guarantee that loss, misuse or alteration of data will not occur whilst data is being transferred. To mitigate this risk all emails from the Witherslack Group with personal information on are sent encrypted.

We will keep your information only for as long as We need it to provide you with the services or information you have required, to administer your relationship with Us, to comply with the law, or to ensure We do not communicate with people that have asked Us not to. When We no longer need information, We will always dispose of it securely, using specialist companies if necessary to do this work for Us.

We will hold your records securely until

  • Name, DOB, telephone numbers submitted through the web site will be reviewed within two years. You will be contacted for you to consider extending this for a further two years.
  • Any notes relevant to identified young people or staff will be transferred to their file and retained in accordance with legislation.
  • All emails sent to Us or from Us will be retained for a period of 3 months with relevant information relating to young people or staff transferred to the appropriate file and retained in accordance with our statutory requirements.

Third-party service providers will also store information however there are strict conditions as to security, retention and sharing which enable us to control your information held by them. This is to ensure that the above and your preferences with us are replicated with the third-party service providers. They will hold your information for Our purposes only.

Who do we share your information with

There are strict controls on who can see your information. We will not share your data if you have advised us that you do not want it shared unless we are legally required to do so.

We may also disclose your personal information to third parties, if We are under a duty to disclose or share your personal data for legal or regulatory purposes, in relation to existing or future legal proceedings, for the prevention of fraud/loss or to protect the rights, property, safety of Our Group, Our customers or others.

We have robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether We release data to third parties are subject to a strict approval process and based on our detailed assessment of:

  • who is requesting the data
  • the purpose for which it is required
  • the level and sensitivity of data requested: and
  • the arrangements in place to store and handle the data
  • arrangements for return / destruction
  • ability to facilitate a subject access request
  • Below is a table of the third-party service providers and business partners to whom we may disclose your data.

Why we share your information

Just like most other organisations, We work with third-party service providers which provide important functions to us that allow us to be easier, faster, and friendlier in the way we deliver Our services. We need to disclose user data to them from time to time, for any of the purposes set out above, so that the services can be performed.

As previously highlighted We do not share your information with anyone without your consent or unless the law and our policies allow us to do so.

Below are the authorities under which we share your data and with whom we share:

Who we share with Why we share What is shared
Eventbrite To arrange for payment for events etc. Payment made through Eventbrite link on the web You provide contact details and banking details. In turn Eventbrite share your E-mail contact with Us
Department for Education Information in relation to referrals or enquiries may be shared Contact details of parents / young peoples and carers as well as attainment information for young peoples
Local authorities Information in relation to referrals or enquiries may be shared Contact details of parents / young peoples and carers as well as previous family circumstances
IPSEA (Independent Parental Special Education Advice) Information at your request to provide support from Independent Parental Special Education Advice Name and contact details to facilitate initial contact then your data is managed by IPSEA as a Controller.

 

Your Rights

Under data protection legislation, parents and young people have the right to request access to information about them that we hold. You can do this free of charge and the information will be considered and then provided within a month of request. You should be aware that the right of access is limited to your own personal data, and certain data is exempt from the right of access. This will include information which identifies other individuals (and parents need to be aware this may include their own children, in certain limited situations – please see further below), or information which is subject to legal privilege (for example legal advice given to or sought by Us, or documents prepared in connection with a legal action).

Young people can make subject access requests for their own personal data, provided that, in Our reasonable opinion, they have sufficient maturity to understand the request they are making. A young people of any age may ask a parent or other representative to make a subject access request on his/her behalf. Indeed, while a person with parental responsibility will generally be entitled to make a subject access request on behalf of a young person, the law still considers the information in question to be the child’s: for more mature young people, the parent making the request may need to evidence their child’s authority for the specific request.

WG believe that Young People aged 13 and above are generally assumed to have this level of maturity, although this will depend on both the child and the personal data requested, including any relevant circumstances at home. Slightly younger children may however be sufficiently mature to have a say in this decision, depending on the child and the circumstances.

All information requests from, on behalf of, or concerning young people – whether made under subject access or simply as an incidental request – will therefore be considered on a case by case basis.

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations

If you wish to exercise any of these rights please contact the Data Protection Officer

  • by writing to the data protection officer at Witherslack Group, Lupton Tower, Carnforth, LA6 2PR;
  • by calling the data protection officer on 015395 66081.
  • By E-mailing the data protection officer on dataprotection@Witherslackgroup.co.uk OR
  • Speak to any member of staff

Queries and Complaints

If you believe that We have not complied with this policy or acted otherwise than in accordance with Data Protection Legislation, you should notify The Data Protection Officer on dataprotection@Witherslackgroup.co.uk. You can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with The Witherslack Group directly before involving the regulator.

For more information about your rights under the Data Protection Act contact the Information Commissioner’s Office https://ico.org.uk/ 

Back to top

 

Staff Privacy Notice – How we use your information

Who are we

In this policy, whenever you see the words (‘We’, ‘Us’ or ‘Our’), it refers to Witherslack Group, Lupton Tower, Lupton, Cumbria, LA6 2PR. Registered with the Information Commissionaires Office ( ICO ) in England Company No: Z3410582. For the purposes of UK Data Protection Law, We are a data controller in respect of the personal information that We collect and process about you as described in this privacy notice.

Witherslack Group provides inspirational education and care to children and young people, resulting in life changing experiences and countless stories of success.

We are a leading provider of specialist education and care for children and young people with social, emotional and mental health needs, communication difficulties (autistic spectrum conditions, Asperger’s Syndrome, speech, language and communication needs) and complex learning needs.

Our focus on support, care and acceptance allows each young person to develop as an independent individual, equipped with the knowledge, experience and life skills to look to the future with increased confidence and aspiration.

Why do we collect and use staff information

We lawfully process your information in accordance with current, Data Protection Legislation, including (UK) General Data Protection Regulation (GDPR) Article 6 (a) (b) (c) (f) . We may process your personal data with your consent, in law, as part of your employment contract and or for Our legitimate business interests or in law. “Legitimate Interests” means the interests of Our company in conducting and managing Our business and providing you with the best services and products in the most secure way. These interests include:

  • To contact you regarding your opinions on Our services which may be used for marketing, research and analysis, where you have consented to be contacted for such purposes.
  • For general administration purposes.
  • To help Us improve the quality of Our products and services
  • To help Us detect and prevent fraud and money laundering.
  • To help Us recover debts.
  • To carry out analysis and staff profiling.
  • Performance records
  • To support learning and CPD
  • To comply with law in relation to Safeguarding
  • Safeguarding Young people,
  • Providing Education and Care,

When We process your personal data for Our legitimate business interests We always ensure that We consider and balance any potential impact on you and your rights under data protection laws.

If you have any concerns about the processing described above, you have the right to object to this processing. For more information on your rights please see Your Rights section below.

In Law there are also requirements in relation to safeguarding and employment

  • DBS checks
  • Employment rights
  • PAYE
  • Pension provision
  • Right to work
  • Safeguarding

Categories of Personal information that we collect, hold and share include:

We will only ever collect the information We need – including data that will be useful to help improve Our services.

  • We may collect and process the following data about you:
  • Personal information to support employment and safeguarding requirements in Law (such as name, postal address, phone number, E-mail address, NI number, driving licence details, photo, PAYE details, Passport, Bank details, utility provider details, Marriage certificate, birth certificate. Employee no., vehicle details,)
  • Special Categories of personal information to support you in the workplace (such as trade union membership, health data)
  • Criminal convictions as required in law to ensure safeguarding
  • Vehicle details in premises with ANPR provision as security measure.

Collecting your information

We may collect and process the following data about you:

Personal information (such as name, postal address, phone number, email address,NI number, driving licence details, photo, PAYE details, Passport, Bank details, utility provider details, Marriage certificate, birth certificate. Employee no., vehicle details,) that you provide by filling in forms

  • Through recruitment process (HR) (see separate Privacy doc for more detail of unsuccessful candidates)
  • Through finance P.A.Y.E dept
  • Through personal development portfolios.
  • CCTV (visual profile and vehicle registrations)
  • ANPR vehicle details
  • Obtained through training providers

Special Categories of personal data processed (such as health processed through GDPR Article 9 (2) (h) (OHU and fitness for work)

  • Obtained through sickness reporting
  • Obtained through recruitment (HR )
  • Obtained through self-certification
  • Through finance P.A.Y.E

As governed by Our Data Protection policy which includes Appendix Bring Your Device Policy ( BYOD ) and also your employment contract.

We also process data from details of your visits to Our WIFI including but not limited to,

  • IP addresses (the location of the computer on the internet),
  • Pages accessed and
  • Files downloaded.
  • Cookies

In order to comply with Current Data Protection Legislation including the (UK) General Data Protection Regulation, we will inform you whether you are required to provide information to us or if you have a choice in this. Whenever the processing of your personal data requires your consent then you will be given the opportunity to opt-in and then to opt-out if you so desire.

Storing your information

Information is stored by Us on computers located in the UK. We may transfer the information to other reputable third-party organisations as explained below – they may be situated inside or outside the European Economic Area however we will only share if they provide appropriate assurances as to security and management of the data. We may also store information in paper files.

We have security protocols and policies in place to manage and record your data privacy and preferences correctly and that your data is stored securely to protect against its loss, misuse and alteration. Documentation can be supplied on request from our Data Protection Officer who is contactable on dataprotection@witherslackgroup.co.uk.

We take steps to ensure that any organisations that we share your data with will have security protocols and policies in place to manage and record your data privacy and preferences correctly and that your data is stored correctly.

Unfortunately, the transmission of data across the internet is not completely secure and whilst We do Our best to try to protect the security of your information We cannot ensure or guarantee that loss, misuse or alteration of data will not occur whilst data is being transferred. To mitigate this risk all emails from the Witherslack Group with personal information on are sent encrypted.

We will keep your information only for as long as We need it to provide you with the services or information you have required, to administer your relationship with Us, to comply with the law, or to ensure We do not communicate with people that have asked Us not to. When We no longer need information, We will always dispose of it securely, using specialist companies if necessary to do this work for Us. We ensure that your preferences with us are replicated with the third-party service providers. They will hold your information for Our purposes only.

We will hold your staff records securely as outlined below

  • Job applicants; As a staff member your application records will be transferred to your staff file. (for more info see separate WG privacy policy for registration and job applicants
    • Personal information about unsuccessful candidates
      • External candidate ; will be destroyed or deleted. ( see below table ) Their details will remain with third party provider to enable us to search against future jobs. (see separate Privacy notice for Job Applicants for more detail)
      • Internal candidate; reference will be retained on the staff file in accordance with Current employee retention.
    • Successful candidates / employee Once a person has taken up employment with Us, We will compile a file relating to their employment. Current employee.
  • Current employee ; Information is maintained on both computer and on paper. In both cases the information contained will be kept secure and will only be used for purposes directly relevant to that person’s employment. There is secure storage, encrypted transmission and controlled access relevant to the staff position held.
  • Former employee Once their employment with Us has ended, We will retain the file in accordance with the requirements of Our retention schedule and then delete it. We will retain personal data securely and only in line with how long it is necessary to keep for a legitimate business and lawful reason. Typically, the legal recommendation for how long to keep ordinary staff and young people personnel files is up to 7 years following departure from The School. However, incident reports and safeguarding files will need to be kept much longer, in accordance with specific legal requirements. Files will be kept securely electronically and / or in hard copy. All transmissions and storage will be encrypted and with access controls in place.
  • Agency Staff or Sole trader.
    • Current Information is maintained on both computer and on paper. In both cases the information contained will be kept secure and will only be used for purposes directly relevant to that person’s employment. There is secure storage, encrypted transmission and controlled access relevant to the staff position held.
    • Former Once their employment with Us has ended, We will retain the file in accordance with the requirements of Our retention schedule and then delete it. We will retain personal data securely and only in line with how long it is necessary to keep for a legitimate and lawful reason. Typically, the legal recommendation for how long to keep ordinary staff and young people personnel files is up to 7 years following departure from The School. However, incident reports and safeguarding files will need to be kept much longer, in accordance with specific legal requirements. There is secure storage, encrypted transmission and controlled access relevant to the staff position held.

WG have a retention document within their policies.

Who do we share your information with

There are strict controls on who can see your information. We will not share your data if you have advised us that you do not want it shared unless we are legally required to do so or there is a recognised legitimate business interest.

We may also disclose your personal information to third parties, if We are under a duty to disclose or share your personal data for legal or regulatory purposes, in relation to existing or future legal proceedings, for the prevention of fraud/loss or to protect the rights, property, safety of Our Group, Our customers or others.

We have robust processes to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether We release data to third parties are subject to a strict approval process and based on our detailed assessment of:

  • who is requesting the data
  • the purpose for which it is required
  • the level and sensitivity of data requested: and
  • the arrangements in place to store and handle the data
  • arrangements for return / destruction
  • ability to facilitate a subject access request

We share information with the following (See table below in why we share our information for more detail.)

Why we share your information

Just like most other organisations, We work with third-party service providers which provide important functions to us that allow us to be easier, faster, and friendlier in the way we deliver Our services. We need to disclose user data to them from time to time, as part of our legal obligations and legitimate business interests, so that the services can be performed.

As previously highlighted We do not share your information with anyone without your consent unless the law and our policies allow us to do so.

Below are the authorities under which we share your data and with whom we share:

Who we share with Article 6 basis Why we share What is shared
HMRC tax office In law PAYE and TAX Name, dob, address. NI number ; pay, bank details
Accountants Thomas Armstrong In Law PAYE managers Name, dob, address. NI number ; pay, bank details; hours worked expenses
Networx Legitimate business Recruitment portal Full CV details, name, dob, address, telephone, email, previous employment references, salary, equality and diversity, criminal convictions, gender, previous address, education attainment history.
Occupational Health ; Dura Diamond Employment Contract   Name, employee number, health, gender, address, telephone, E-mail address
Find My shift Legitimate business interest Shift organiser Names, shifts, hours, location
Capita Employment contract DBS check Completed by the subject in the first instance. Consensual to provide the detail to DBS service. Witherslack Group receive an update form the service with minimal information on. Names, convictions, dob, address and previous address
DH licence checks Legitimate business interest To ensure legal obligations in relation to provision of company vehicles and authorised drivers. Driving licence checks Name, dob, driving licence details
Happiness Index Legitimate Business interest Staff survey to improve provision of services to staff in the workplace Name, age bracket, work E-mail, location, role
Scottish Widows In Law Pension provider Name, salary, dob, address, E-mail, NI number
Training providers Legitimate Business interest Provision of training in relation to team teach, first aid, health and safety etc. Name, email, d.o.b, site, role
Medicash Legitimate business interest Contact details Name ;contact
Local Authorities In Law Requirement of provision of care and education (e.g EHCP) Name, role

 

Your Rights

Under data protection legislation, you have the right to request access to information about you that we hold. You can do this free of charge and the information will be considered and then provided within a month of request.

You should be aware that the right of access is limited to your own personal data, and certain data is exempt from the right of access. This will include (but is not limited to) information which identifies other individuals, information concerning a reference supplied by the Witherskack Group or information which is subject to legal privilege (for example legal advice given to or sought by The Witherslack Group or documents prepared in connection with a legal action). Each application will be assessed on a case to case basis.

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations

If you wish to exercise any of these rights please contact the Data Protection Officer;

  • by writing to the data protection officer at Witherslack Group, Lupton Tower, Carnforth, LA6 2PR;
  • by calling the data protection officer on 015395 66081.
  • By E-mailing the data protection officer on data.protection@Witherslackgroup.co.uk OR
  • Speak to any member of staff

Queries and Complaints

If you believe that We have not complied with this policy or acted otherwise than in accordance with Data Protection Legislation, you should notify The Data Protection Officer on dataprotection@Witherslackgroup.co.uk. You can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with The Witherslack Group directly before involving the regulator.

For more information about your rights under the Data Protection Act contact the Information Commissioner’s Office https://ico.org.uk/

Back to top

 

Privacy Notice – How we use young people’s information

Who are we

In this policy, whenever you see the words (‘We’, ‘Us’ or ‘Our’), it refers to Witherslack Group, Lupton Tower, Lupton, Cumbria, LA6 2PR. Registered with the Information Commissionaires Office (ICO) in England Company No: Z3410582. For the purposes of UK Data Protection Law, We are a data controller in respect of the personal information that We collect and process about you as described in this privacy notice.

Witherslack Group provides inspirational education and care to children and young people, resulting in life changing experiences and countless stories of success.

We are a leading provider of specialist education and care for children and young people with social, emotional and mental health needs, communication difficulties (autistic spectrum conditions, Asperger’s Syndrome, speech, language and communication needs) and complex learning needs.

Our focus on support, care and acceptance allows each young person to develop as an independent individual, equipped with the knowledge, experience and life skills to look to the future with increased confidence and aspiration.

Why do we collect and use young people’s information

We lawfully process your information in accordance with General Data Protection regulation (GDPR) Article 6 (a) (c) (f) . We may process your personal data with your consent, authorised in Law or for Our legitimate business interests. “Legitimate Interests” means the interests of Our company in conducting and managing Our business and providing you with the best care and education in the most secure way. These interests include:

  • For the purpose of placement selection
  • Provision of safe care.
  • to support young people’s learning including but not limited to musical education, physical education, spiritual development, career services, trips, computer skills.
  • to monitor and report on young person’s progress
  • to provide appropriate pastoral care
  • to provide effective communication with parents / carers
  • to provide effective communication with staff
  • for management and planning
  • to assess the quality of our services
  • to comply with the law regarding data sharing
  • to support you to decide what to do after you leave home or school

Categories of a young person’s information that we collect, hold and share include:

Personal information (such as name, unique pupil number and emergency contact details and family background information – this will include parent/carer contact details )

  • Characteristics (such as ethnicity, language, nationality, country of birth)
  • Attendance information (such as sessions attended, number of absences and absence reasons)
  • National curriculum assessment results
  • Special educational needs information
  • Relevant medical information
  • Internet usage

Collecting a young person’s information

We may collect and process the following data about you:

Personal information (such as name, postal address, phone number, E-mail address, pupil number, photo, Passport, Bank details, birth certificate, family information) through

  • Local Authority referral process
  • Information provided by you
  • Multiagency meetings
  • From parents / carers
  • CCTV (visual profile)
  • Photographs as part of learning programme and safeguarding

Special Categories of personal data processed (such as health processed through GDPR Article 9 (2)(a)(h)(f)(g) . In summary this means that your personal data is used to support and protect you in your education and care. There will be occasion when your data is processed with your consent (or that of an appropriate adult representing you). Where this is the case you will have the right to change your mind.

There will also be cases when the processing is required to protect you and keep you safe. Where possible you will be informed of this processing but on occasion data may be processed / shared with others to safeguard the young people.

  • Medical information from health service
    • SEN details from Local authority
    • Gender and religion through local authority or parents or from subject

As governed by Our Data Protection Legislation including Appendix – Our Bring Your Device Policy ( BYOD ) and also the employment contract We also process data from details of your visits to Our WIFI including but not limited to,

IP addresses (the location of the computer on the internet),

  • Pages accessed and
  • Files downloaded.
  • Cookies

In order to comply with current Data Protection Legislation the General Data Protection Regulation, we will inform you whether you are required to provide information to us or if you have a choice in this. Whenever the processing of your personal data requires your consent then you will be given the opportunity to opt-in and then to opt-out if you so desire.

Storing a young person’s information

Information is stored by Us on computers located in the UK. We may transfer the information to other reputable third-party organisations as explained below – they may be situated inside or outside the European Economic Area however we will only share if they provide appropriate assurances as to security and management of the data. We may also store information in paper files.

We have security protocols and policies in place to manage and record your data privacy and preferences correctly and that your data is stored securely to protect against its loss, misuse and alteration. Documentation can be supplied on request from our Data Protection Officer who is contactable on dataprotection@witherslackgroup.co.uk.

We take steps to ensure that any organisations that we share your data with will have security protocols and policies in place to manage and record your data privacy and preferences correctly and that your data is stored correctly. We will not share your data if you have advised us that you do not want it shared unless it is the only way we can make sure you stay safe and healthy or we are legally required to do so.

Unfortunately, the transmission of data across the internet is not completely secure and whilst We do Our best to try to protect the security of your information We cannot ensure or guarantee that loss, misuse or alteration of data will not occur whilst data is being transferred. To mitigate this risk all e-mails from the WItherslack Group containing personal information are sent encrypted.

We will keep your information only for as long as We need it to provide you with the services or information you have required, to administer your relationship with Us, to comply with the law, or to ensure We do not communicate with people that have asked Us not to. When We no longer need information, We will always dispose of it securely, using specialist companies if necessary to do this work for Us. We ensure that your preferences with us are replicated with the third-party service providers. They will hold your information for Our purposes only.

We keep information about you on computer systems and also sometimes on paper.

  • Current young people . Information is maintained on both computer and on paper. In both cases the information contained will be kept secure and will only be used for purposes directly relevant to that person’s employment. Storage and transmissions are encrypted and access controls are in place.
  • Young People who have left have their records archived in accordance with the requirements of Our retention schedule. We will retain personal data securely and only in line with how long it is necessary to keep for a legitimate business need or and lawful reason. Currently for looked after children this is until they are 75years of age. Files will be kept securely electronically and / or in hard copy. Storage and transmissions are encrypted and access controls are in place.
  • Where a young person moves school. Education and safeguarding information is provided to the new school and then the files area archived in accordance with the requirements of Our retention schedule. We will retain personal data securely and only in line with how long it is necessary to keep for a legitimate and lawful reason. Education files are retained until the you are 28 years of age. Currently for looked after children this is until they are 75years of age. Files will be kept securely electronically and / or in hard copy.

Care and education records are stored and retained in compliance with the appropriate Law and Regulations governing the activity. WG have a retention document within their policies.

Who do we share a young person’s information with

We routinely share a young person’s information with:

  • Schools or colleges that the young people attend after leaving Us
  • The local authority and their commissioned providers of local authority services
  • The Department for Education (DfE)
  • The joint council for qualifications (JCQ)
  • OFSTED
  • Regulatory Inspection visitors
  • Health and safety executive
  • Staff in homes and schools
  • Clinical staff
  • Parents / carers
  • LADO
  • Police
  • Quality Assurance Visits
  • Multi agency forums around (LAC and PEP)

Why we share a young person’s information

Just like most other organisations, We work with third-party service providers which provide important functions to us that allow us to be easier, faster, and friendlier in the way we deliver Our services. We need to disclose user data to them from time to time, as part of our legal obligations and legitimate business interests, so that the services can be performed.

As previously highlighted We do not share your information with anyone without your consent unless the law and our policies allow us to do so. We have robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data.

Decisions on whether We release data to third parties are subject to a strict approval process and based on a detailed assessment of:

  • who is requesting the data
  • the purpose for which it is required
  • the level and sensitivity of data requested: and
  • the arrangements in place to store and handle the data
  • arrangements for return / destruction
  • ability to facilitate a subject access request

Below are authorities under which we share your data and with whom we share:

Who we share with

Article 6 basis Why we share What is shared
Schools or colleges that the young people attend after leaving us In law To further the education provision Educational records
The local authority and their commissioned providers of local authority services In law Provision of care and education for young people with SEN and Looked after Children Educational record, Education Health Care Plan, Looked after children notes, multi-agency forum notes,  personal education plans
The Department for Education (DfE) In Law Educational attainment policy and monitoring; The National Young people Database (NPD). Provision of young people record number. https://www.gov.uk/education/data-collection-and-censuses-for-schools ; name of young people
The joint council for qualifications ( JCQ ) Legitimate business interest Currently signed for on a JCQ consent form however the detail is provided to them by Us as a legitimate business interest.   Attendance for the exam is consensual. Name, dob, any health considerations to enable reasonable adjustments to take the exam
OFSTED In Law Ensuring a monitored and accountable service provision is in place All relevant personal or sensitive information (restricted by purpose of visit to minimise data) reported upon anonymously
Regulatory Inspection visitors In Law Ensuring a monitored and accountable service provision is in place All data of staff residents and young peoples as deemed appropriate by the inspector
Health and safety executive In law Safety in the work place …. Safety in the schools and homes. Consideration as to the level of safeguarding needed on each site which is commensurate with the behavioural / risk posed. Environmental information and personal information. Behaviour, health.
Staff in homes and schools Legitimate business interest Maintaining a safe environment for the provision of necessary care and specialist education. Pastoral support and safeguarding. Behaviour reports, personal contact details , multiagency reports
Clinical Consent , Legitimate business interest Provision of support for Special Educational needs Personal data name. dob, family circs , behaviour, risk assessment, EHCP, and health data
Parents / carers Legitimate business interest , law To enable the provision of educational support at home. In general, We will assume that a young person consent is not required for ordinary disclosure of their personal data to their parents, e.g. for the purposes of keeping parents informed about the young person’s activities, progress and behaviour, and in the interests of the young person’s welfare. That is unless, in The School or Home’s opinion, there is a good reason to do otherwise.

 

However, where a young person seeks to raise concerns confidentially with a member of staff and expressly withholds their agreement to their personal data being disclosed to their parents, The School or Home may be under an obligation to maintain confidentiality unless, in The School or Home’s opinion, there is a good reason to do otherwise; for example where The School or Home believes disclosure will be in the best interests of the young person or other young people, or if required by law.

Ongoing reports and communication in relation to behaviour and achievement.
LADO In Law Keeping Children safe in education All relevant personal or sensitive information (restricted by circumstance minimise data)
Police In Law Keeping children safe in education All relevant personal or sensitive information (restricted by circumstance to minimise data)
Quality assurance visits Legitimate business interest Ensuring that the service provision is of the highest standard and compliant with regulation / Law All relevant personal or sensitive information (restricted by purpose of visit to minimise data) reported upon anonymously
External education support providers   (processors educational support attainment) Legitimate Business interest software support for learning which the young person logs onto to, They normally log on with a consent to the web site however the requirement is made by Our staff hence the decision to use legitimate Business interest … the provision of learning as article 6 basis. Names. Logon E-mail , cookie data ,
External education providers Consent, Legitimate business interest Provision of external educational support to further develop the young person Name , dob, address and potentially health data to support the learning plan

 

Your Rights

Under data protection Legislation you and in some cases your parent/guardian have the right to request access to information about you that we hold. You should be aware that the right of access is limited to your own personal data, and certain data is exempt from the right of access. This will include information which identifies other individuals (and parents need to be aware this may include their own children, in certain limited situations), some safeguarding, or information which is subject to legal privilege (for example legal advice given to or sought by Us, or documents prepared in connection with a legal action).

We are also not required to disclose any examination marks ahead of any ordinary publication

You may ask a parent or other representative to make a subject access request on your behalf.

Indeed, while a person with parental responsibility will generally be entitled to make a subject access request on behalf of a young person, the law still considers the information in question to be yours:

Young people can make subject access requests for their own personal data, provided that, in Our reasonable opinion, they have sufficient maturity to understand the request they are making. A young people of any age may ask a parent or other representative to make a subject access request on his/her behalf. Indeed, while a person with parental responsibility will generally be entitled to make a subject access request on behalf of a young person, the law still considers the information in question to be the child’s: for more mature young people, the parent making the request may need to evidence their child’s authority for the specific request.

WG believe that Young People aged 13 and above are generally assumed to have this level of maturity, although this will depend on both the child and the personal data requested, including any relevant circumstances at home. Slightly younger children may however be sufficiently mature to have a say in this decision, depending on the child and the circumstances.

All information requests from, on behalf of, or concerning young people – whether made under subject access or simply as an incidental request – will therefore be considered on a case by case basis.

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations

If you wish to exercise any of these rights please contact the Data Protection Officer;

  • by writing to the data protection officer at Witherslack Group, Lupton Tower, Carnforth, LA6 2PR;
  • by calling the data protection officer on 015395 66081.
  • By E-mailing the data protection officer on dataprotection@Witherslackgroup.co.uk OR
  • Speak to any member of staff

Queries and Complaints

If you believe that We have not complied with this policy or acted otherwise than in accordance with Data Protection Law, you should notify The Data Protection Officer on dataprotection@Witherslackgroup.co.uk. You can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with The Witherslack Group directly before involving the regulator.

For more information about your rights under the Data Protection Act contact the Information Commissioner’s Office https://ico.org.uk/

Back to top

 

Registration for Recruitment Privacy Notice for the Witherslack Group

This notice is intended to provide information to individuals who are registering with Networx as possible candidates for employment vacancies within The Witherslack Group. (‘We’ , ‘Our’, ‘Us’). It explains how We will Use (or “process”) your personal data during Our recruitment Process.

Who are We

In this policy, whenever you see the words (‘We’, ‘Us’ or ‘Our’), it refers to Witherslack Group, Lupton Tower, Lupton, Cumbria, LA6 2PR. Registered with the Information Commissioner’s Office (ICO) in England Company No: Z3410582. For the purposes of UK Data Protection Law, We are a Data Controller in respect of the personal information that We collect and process about you as described in this privacy notice.

The recruitment software We Use via this Website is supplied by Net-Worx (2001) Ltd (trading as networx) and they are defined as a Data Processor under the GDPR. They will only process your data, on Our behalf, in accordance with Our written instructions.

Why do We collect and Use your information

We will typically collect and Use this information for the following purposes:

Assess the prospective candidates suitability for employment with Us.

  • Communicate with you in relation to suitable vacancies.
  • Keep records related to Our recruitment processes.
  • For the purposes of Our legitimate interests to assess your suitability for upcoming posts, but only if Our interests are not overridden by your interests, rights or freedoms. As part of our commitment to balance your rights and freedoms against our legitimate interests you will be afforded the opportunity to delete your data prior to any specific applications
  • To carry out analysis anonymised data is retained. We will use this information about race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.

If you have any concerns about the processing described above, please refer to Your Rights section below.

Categories of Personal information that We Process (collect, hold and share) include:

We may collect the following information, provided by you, up to and including the specific application stage of the recruitment process:

  • Your name and contact details (i.e. address, home and mobile phone numbers, email address);
  • Details of your qualifications, experience, employment history (including job titles, salary and working hours) and interests;
  • Details of your referees.

We may collect and process the following ‘special category’ data

  • Whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process
  • Your racial or ethnic origin, sex and sexual orientation, religious or similar beliefs; This is immediately anonymised

For the above purposes We will only ever collect the information We need. We have in place an appropriate policy documents and safeguards which we are required by law to maintain when processing such data.

Collecting your information

In this process We will process personal data collected;

  • directly from you either on submission or in reply to Our contacts.
  • from a third party Agency initially submitted for a previous job application.
  • In order to comply with the General Data Protection Regulation, whenever the processing of your personal data requires your consent then you will be given the opportunity to opt-in (consent prior to processing) and then to opt-out if you so desire.

Storing your information

We will keep your information only for as long as We need it to provide you with the recruitment services, to administer your relationship with Us, or to ensure We do not communicate with people that have asked Us not to. When We no longer need information, We will always dispose of it securely. We ensure that your preferences with Us are replicated with the third-party service providers. They will hold your information for Our purposes only.

You will be sent a reminder after 23 months of inactivity on the Networx system. You will at all times have the option to request that your data is deleted. This will be considered against the lawful retention at the time.

We will retain your personal information for a period of 2 years after you Were last active on the Networx system.

After 2 years of inactivity on Networx, We will securely destroy your personal information. Any remaining data will be anonymised for statistical purposes and will not be identifiable to you.

Who do We share your information with

We will not share your data with any additional third parties, unless your application for employment is successful and We make you an offer of employment. We will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks.

Why We share your information

We have robust processes in place to ensure the confidentiality of Our data is maintained and there are policies and stringent controls in place regarding access and Use of the data.

Decisions on whether We release data to third parties are subject to a strict approval process and based on a detailed assessment of:

  • who is requesting the data
  • the purpose for which it is required
  • the level and sensitivity of data requested: and
  • the arrangements in place to store and handle the data
  • arrangements for return / destruction
  • ability to facilitate a subject access request

Your Rights

Accessing your personal data

We are dedicated to providing reasonable access to users who wish to review the personal information retained when they register via Networx and correct any inaccuracies it may contain. Users who choose to register may access their profile, correct and update their details, or withdraw their details at any time. To do this, users can access their personal profile by Using their secure login. In all cases We will treat requests to access information or change information in accordance with applicable legal requirements.

Under data protection you have the right to request access to information about you that We hold. You should be aware that the right of access is limited to your own personal data, and certain data is exempt from the right of access. This will include information which identifies other individuals, or information which is subject to legal privilege (for example legal advice given to or sought by Us, or documents prepared in connection with a legal action).

You may ask a representative to make a subject access request on your behalf.

You also have the right to:

  • object to processing of personal data however, in these circumstances the right to object is not absolute and you must give specific reasons why you are objecting to the processing of your data.
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations

If you wish to exercise any of these rights please contact the Data Protection Officer (DPO);

  • in writing to data protection officer at Witherslack Group, Lupton Tower, Carnforth, LA6 2PR;
  • by calling the data protection officer on 015395 66081.
  • By E-mailing the data protection officer on dataprotection@Witherslackgroup.co.uk OR
  • Speak to any member of staff

Queries and Complaints

If you believe that We have not complied with this policy or acted otherwise than in accordance with Data Protection Law, you should notify Our DPO on dataprotection@Witherslackgroup.co.uk. You can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with The Witherslack Group directly before involving the regulator. For more information about your rights under the Data Protection Act contact the Information Commissioner’s Office https://ico.org.uk/

Back to top

Job Applicant Privacy Notice for the Witherslack Group

This notice is intended to provide information to individuals who are applying for employment vacancies with Witherslack Group (‘We’ , ‘Our’, ‘Us’) via Net-worx. It explains how We will Use (or “process”) your personal data during Our selection and recruitment Process. If subsequently employed by WG the staff Privacy Notice will then apply.

Who are We

In this policy, whenever you see the words (‘We’, ‘Us’ or ‘Our’), it refers to Witherslack Group, Lupton Tower, Lupton, Cumbria, LA6 2PR. Registered with the Information Commissioner’s Office (ICO) in England Company No: Z3410582. For the purposes of UK Data Protection Law, We are a Data Controller in respect of the personal information that We collect and process about you as described in this privacy notice.

The recruitment software We Use via this Website is supplied by Net-Worx (2001) Ltd (trading as networx) and they are defined as a Data Processor under the GDPR. They will only process your data, on Our behalf, in accordance with Our written instructions.

Why do We collect and Use your information

We will typically collect and Use this information for the following purposes:

  • Assess the prospective candidates suitability for employment with Us.
  • Keep records related to Our recruitment processes.
  • to take steps to enter into a contract;
  • for compliance with a legal obligation (e.g. Our obligation to check that you are eligible to work in the United Kingdom);
  • for the purposes of Our legitimate interests, but only if these are not overridden by your interests, rights or freedoms.
  • To carry out analysis anonymised data is retained.
  • Criminal convictions are required to be processed to meet our legal obligations under Keeping Children safe in Education Legislation.
  • We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.

If you have any concerns about the processing described above, please refer to Your Rights section below.

Categories of Personal information that We Process (collect, hold and share) include:

We may collect the following information up to and including the shortlisting stage of the recruitment process:

  • Your name and contact details (i.e. address, home and mobile phone numbers, email address);
  • Details of your qualifications, experience, employment history (including job titles, salary and working hours) and interests;
  • Details of your referees.
  • Criminal convictions (these are not disclosed to any reviewers until post shortlisting)

We may collect the following information after the shortlisting stage, and before employing you.

  • Information about your previous academic and/or employment history, including details of any conduct, grievance or performance issues, appraisals, time and attendance, from references obtained about you from previous employers and/or education providers;
  • Information regarding your academic and professional qualifications;
  • Information regarding your criminal record;
  • Your nationality and immigration status and information from related documents, such as your passport or other identification and immigration information;

We may collect and process the following ‘special category’ data

  • Whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process
  • Your racial or ethnic origin, sex and sexual orientation, religious or similar beliefs; This is immediately anonymised

We may collect and process the following data about third party references.

  • the information you have provided on your CV, including name, title, address, telephone numbers, personal email address.
  • any information you provide to Us during an interview.

For the above purposes We will only ever collect the information We need. We have in place an appropriate policy documents and safeguards which we are required by law to maintain when processing such data.

Collecting your information

In this process We will process personal data collected;

  • directly from you either on submission or in reply to Our contacts.
  • from a third party recruitment Agency.
  • If successful in interview We may also collect personal data about you from third parties, such as references supplied by former employers.
  • If successful in interview We may also collect personal data about you From external Disclosure Barring service (DBS) checks
  • If successful in interview We may also collect personal data about you from Teaching regulation Agency (in the case of teachers)

Storing your information

We will keep your information only for as long as We need it to provide you with the recruitment services, to administer your relationship with Us, or to ensure We do not communicate with people that have asked Us not to. When We no longer need information, We will always dispose of it securely. We ensure that your preferences with Us are replicated with the third-party service providers. They will hold your information for Our purposes only.

If your application is unsuccessful We will retain your personal information for a period of 2 years after you Were last active on the Networx system.

Any interview notes will be securely retained and then destroyed 6 months after the date of the interview.

You will be sent a reminder after 23 months of inactivity on the Networx system. You will at all times have the option to request that your data is deleted. This will be considered against the lawful retention at the time.

After 2 years of inactivity on Networx, We will securely destroy your personal information. Any remaining data will be anonymised for statistical purposes and will not be identifiable to you.

Who do we share your information with

During the on boarding recruitment process We may share information with:

  • SAGE Our HR software provider (if offered employment)
  • Disclosure and Barring services (DBS) checks (if offered employment)
  • In case of teachers the Teaching Regulation Agency (if offered employment)

We will not share your data with the above third parties, unless your application for employment is successful and We make you an offer of employment. We will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks.

Why We share your information

We have robust processes in place to ensure the confidentiality of Our data is maintained and there are policies and stringent controls in place regarding access and Use of the data.

Decisions on whether We release data to third parties are subject to a strict approval process and based on a detailed assessment of:

  • who is requesting the data
  • the purpose for which it is required
  • the level and sensitivity of data requested: and
  • the arrangements in place to store and handle the data
  • arrangements for return / destruction
  • ability to facilitate a subject access request

Your Rights

Accessing your personal data

We are dedicated to providing reasonable access to users who wish to review the personal information retained when they apply via Our Website site and correct any  inaccuracies it may contain. Users who choose to register may access their profile, correct and update their details, or withdraw their details at any time. To do this, users can access their personal profile by Using their secure login. In all cases We will treat requests to access information or change information in accordance with applicable legal requirements.

Under data protection you have the right to request access to information about you that We hold. You should be aware that the right of access is limited to your own personal data, and certain data is exempt from the right of access. This will include information which identifies other individuals, or information which is subject to legal privilege (for example legal advice given to or sought by Us, or documents prepared in connection with a legal action).

You may ask a representative to make a subject access request on your behalf.

You also have the right to:

  • object to processing of personal data however, in these circumstances the right to object is not absolute and you must give specific reasons why you are objecting to the processing of your data. It can apply when we are relying on legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations

If you wish to exercise any of these rights please contact the Data Protection Officer (DPO);

  • in writing to data protection officer at Witherslack Group, Lupton Tower, Carnforth, LA6 2PR;
  • by calling the data protection officer on 015395 66081.
  • By E-mailing the data protection officer on dataprotection@Witherslackgroup.co.uk OR
  • Speak to any member of staff

Queries and Complaints

If you believe that We have not complied with this policy or acted otherwise than in accordance with Data Protection Law, you should notify Our DPO on dataprotection@Witherslackgroup.co.uk. You can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with The Witherslack Group directly before involving the regulator. For more information about your rights under the Data Protection Act contact the Information Commissioner’s Office https://ico.org.uk/ 

Back to top