Privacy Policy GDPR

  • Home
  • Privacy Policy GDPR
  • About

    DOLLAR ACADEMY a registered charity registered in Scotland with SC009888 and whose registered office is at 23 West Burnside, Dollar, FK14 7DZ (the “School”) is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. The categories of data collected / processed Data processing means the collecting, storing, sharing and destroying of personal data.

    We process data on the following categories of people:

    • Children, and their parents, who apply for a place at Dollar Academy
    • Current pupils
    • Parents of current pupils
    • Former pupils
    • Members of staff
    • Former members of staff
    • The governors of the school

    For prospective pupils and parents, please refer to our Admissions Privacy Policy. For Former Pupils, please refer to our Alumni Privacy Policy.

  • Why the data is collected

    The purposes of processing data are to:

    • provide our pupils with an education
    • ensure the health, safety and security of everyone in the Dollar Academy community
    • to maintain an historical record of the school
    • to ensure compliance with key legislation, particularly in regard to child protection

  • How the data is used (processed)

    We obtain pupil information via data collection forms at the start of each academic year. In addition, when a child joins us from another school we receive a secure file containing relevant information. Pupil data is essential for the school’s operational use. Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis (through actively given with informed consent). In order to comply with GDPR we will inform you at the point of collection, whether you are required to provide certain pupil information to us or if you have a choice in this.

  • The lawful basis for processing the data (where applicable)

    Under Article 6 of GDPR (‘Lawfulness of processing’) there are six ways in which data can be lawfully processed.

    • When consent has been given for one or more specific reasons
    • Consent is given to hold personal data through the data collection forms at the start of the academic year
    • For the performance of a contract Collecting data about a pupil’s academic performance
    • Complying with legal obligations The provisions of the Children and Young People (Scotland) Act 2014
    • To protect the vital interests of a data subject
    • Medical information is gathered to ensure that pupils are safe and healthy
    • For tasks carried out in the public interest CCTV is used to protect our community and our historically listed buildings
    • For legitimate interests of Dollar Academy Holding records of achievement for our historical archive

    Article 9

    Article 9 of GDPR (‘Processing of special categories of personal data’) states that “processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.” At Dollar we use biometric data (fingerprinting) for payment in the canteen. We only collect information about ethnic origin to ensure that we are an equal opportunities employer. If we find it necessary to process any other special category of data we will ask for explicit consent to do so.

    Please note: the majority of our processing will not be done on the basis of consent. Consent is not relied upon for any processing essential for educating our pupils. Where we process rare data on the basis of consent (for example – use of pupil photos on websites, social media) we will explicitly ask for this, and chiefly through our contract with parents.

  • How the data is stored and how long for, and how security is ensured

    We conduct a full data audit and review this each term. For details about categories of data, retention and security please read our retention policy.

  • Who / which organisations data is shared with and why

    We share data with external bodies to assist with wider educational purposes. For example, we provide anonymised data for census information. The bodies we work with annually are:

    • Clackmannanshire Council
    • Education Scotland
    • The Scottish Council of Independent Schools
    • The Independent Schools Council
    • The Headmasters’ and Headmistresses’ Conference
    • The Electoral register
    • The National Health Service

    We use on-line third party organisations to support the business of the school. These services are contracted and approved for use by the school. We take great care to ensure that all third parties hold data within the EEA.

  • What those organisations will do with the data

    These organisations store the data we provide them with and do not share them with other bodies. The data will never be used for automated decision making.

  • Individuals rights over data (including right of access)

    You have the right to:
    • object to processing of personal data that is likely to cause, or is causing, damage or distress
    • prevent processing for the purpose of direct marketing
    • object to decisions being taken by automated means
    • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed
    • a right to seek redress, either through the ICO, or through the courts

  • Accessing your data

    f you would like to make a Subject Access Request, or raise a query in regard to your data, please contact:
    Mr Robin Macpherson (Assistant Rector)
    Dollar Academy
    Dollar
    FK14 7DU
    01259 742511
    dataprotection@dollaracademy.org.uk

    Once we have received a written request for data we will respond within 30 days.

  • Making a complaint

    You have the right to complain to the ICO if you feel that we have breached any aspect of GDPR. If you feel that we have not resolved your complaint sufficiently you may contact the ICO via their concerns page here.