Higham Hall Policy – Data Protection
Useful link: [eNewsletter Unsubscribe]
As part of its function, Higham Hall is both a ‘controller’ and ‘processor’ of data collected on individuals. Compliance with any applicable regulation and law is deemed essential and therefore this policy outlines the principles of our approach.
General Data Protection Regulation (GDPR) (May 2018) is applied automatically to all our procedures, including:
- Gathering of data
- Storage of data
- Use of data
- Sharing of data
- Disposal of data
- Access to data
How we operate in compliance with regard to each of these areas is outlined below.
We ensure personal data is processed lawfully, transparently and for a specific purpose. Once that purpose is fulfilled and the data is no longer required, data will no longer be active. Higham has always respected the privacy of everybody and we strive to ensure that details about individuals is protected and used solely for the intended purpose.
Gathering of data
People submit their own details to us in order to transact with us.
A request for a brochure is simply fulfilled and not entered onto our database.
Storage of data
Anything else usually concerns a booking of a Course or Event and is regarded as an active, affirmative action by the data Subject and therefore data is collected and stored on our TERMS database:
Title, name, address, phone, email, special requirements (diet/ mobility/ notes)
Use of data
Aside from simply having one brochure mailed out to them (in which case name and address are written on an envelope to be posted), no one can book a course or event with us without being present on our TERMS database.
We do not assume a passive acceptance of anyone that they wish us to hold their data, but by entering into a contract for services, data is then stored by us for transactional purposes. Data collected, and freely given by a customer (usually a Student) is used ONLY for transacting with that individual concerning their bookings with Higham Hall.
The date stamp of when a person gave consent for their data to be given to us is present on every record on our database.
The date stamp of when an email was given permission to be used for transacting is also present on every record.
All card payments are registered securely through our Card Payment Provider (Worldpay) via one of two card machine terminals, depending upon whether VAT is applicable. We notify our compliance each year separately for each of these.
Our email (eNews) Database (about 1500 addresses) is managed separately on the secure cloud MailChimp system and there is always an ‘Unsubscribe’ facility on any message we send out. Ethically, we have always undertaken not to bombard people, merely to use the channel for interim group communication.
Sharing of data
NONE of our data is shared with any body outside of Higham Hall.
If a student requests a Tutor’s contact details, unless they are legally and publicly available on their web presence, or we have express permission from the Tutor, we forward student details on to the Tutor and ask them to get in touch.
For their time working for Higham Hall, Tutors are considered part of Higham Hall organisation and so can be given access to contact details of enrolled Students to discuss projects or materials needed for their courses. Any such communication is anticipated and stated in the initial Course Programme. Outside of that, Tutors sometimes email all individuals on their courses if they wish to give them their information (e.g. for specialist communications directly from the Tutor). Higham does not automatically provide information to any party.
Course attendance lists, given to Students when they arrive for a particular course contain names of their fellow students and town they come from. We have reviewed this practice and do not consider a need for any change,
Disposal of data
If someone requests we delete them from our database, that is actioned immediately and their address, contact details and any notes on their record are deleted.
However, past transactions for a Student ID and name have to kept for accounting purposes, and these are retained, but the individual’s record is deactivated and it is not possible to make further transactions or processes with them. Staff are instructed to honour archived records.
Access to data
Because all information is stored in our TERMS database, we are able to provide, on request, information stored about someone on their own request. We will not share any information with anyone else.
Confidentiality, personal privacy and data protection
In addition to compliance with legislation, regulations and in line with our Code of Conduct Policy, Higham recognises that all individuals have a right to protection from others knowing about things personal to them. We respect the privacy of both customers and Staff.
Issues of Complaints, Grievance and Discipline
These are covered in our separate Higham Hall Policy – Complaints & Disciplinary Procedures