Alumni, donors and the wider community
The Haileybury community is extremely important to us, and this Privacy Notice explains how the Development Department and Partnerships Office collects, stores, manages and protects alumni, parents, staff and other members of the School’s wider community data. It outlines the types of data that we hold and how we use it to provide services to our alumni, parents, staff and other members of the School’s wider community. We aim to be clear when we collect your personal information, and not do anything you wouldn’t reasonably expect.
Should you wish to discuss data use, or would like further information, please contact the Director of Development via email@example.com or on +44 (0)1992 706447. You have the right to withdraw consent, where given, or otherwise object to direct marketing or fundraising at any time. However, the School may need nonetheless to retain some of your details, not least to ensure that no more communications are sent to that particular address, email or telephone number.
Why we collect
In order to carry out its work for the benefit of current and former staff, current and former pupils and their parents, the Development Department and Partnerships Office may process a wide range of personal data about individuals as part of its daily operation.
Some of this activity the Development Department and Partnerships Office will need to carry out in order to fulfil its legal rights, duties or obligations.
Other uses of personal data will be made in accordance with the Development Department and Partnerships Office’s legitimate interests, or the legitimate interests of another, provided that these are not outweighed by the impact on the rights of individuals, and provided it does not involve special or sensitive types of data.
The Development Department and Partnerships Office expects that the following uses may fall within that category of its (or its community’s) “legitimate interests”:
- Promoting the objects and interests of the School;
- sending updates, newsletters and invitations to events;
- maintaining relationships with alumni, donors, parents and other members of the School’s wider community;
- keeping users of the Haileybury Connect networking, engagement and mentoring platform updated about the activities of the School, or events of interest;
- for the purposes of donor due diligence, and to confirm the identity of prospective donors and their background;
- making use of photographic images of pupils in Development and/or Alumni publications, on the School website and (where appropriate) on the School's social media channels in accordance with the School's policy on taking, storing and using images of children.
In addition, the Development Department and Partnerships Office will process personal data by explicit consent where required. This will include:
- Sharing personal data about parents and/or alumni, as appropriate, with organisations set up to help establish and maintain relationships with the School community, such as the Haileybury Parents Association;
- contacting staff, parents, alumni and/or supporters in order to promote and raise funds for the School, and where appropriate, other worthy causes;
- making use of photographs or videos for our website, local news and social media channels;
- making use of photographic images which clearly identify an individual;
- providing career networking and mentoring opportunities.
How the Development Department and Partnerships Office collects data
Generally, the Development Department and Partnerships Office receives personal data from the individual directly. This may be via a paper or online form, survey, during the sign-up process for Haileybury Connect, or simply in the ordinary course of interaction or communication (letter, email, telephone, business card).
However in some cases personal data may be supplied by third parties or collected from publicly available resources such as published material, websites, internet searches and social media. Third parties include:
- Blackbaud data services for address validation, Telephone Preference Service (TPS) and Mail Preference Service (MPS) compliance;
- everydayhero to collect gift and personal information relating to donations and fundraising pages created through the everydayhero crowdfunding website;
- Charities Aid Foundation (CAF) to collect gift and personal information relating to donations processed through CAF;
- Buffalo Fundraising Consultants Ltd to conduct a PIF (Personal Information Form) campaign to verify and capture personal, education, employment, relationship, contact and engagement information.
- Aluminati Network Group Ltd to provide the Haileybury Connect networking, engagement and mentoring platform. This service is operated under contract by Aluminati Network Group Ltd. (Aluminati) acting under instruction as our Data Processor under the Data Protection Acts 1998 and 2018. Aluminati will process personal data strictly for the purposes of operating this service. Aluminati is registered with the Information Commissioner under membership number Z8393842.
We do not use the School Management Information System (MIS), iSAMS, to collect data, however, we do utilise iSAMS to conduct research and assist in the compilation of briefing notes for staff attending Development and Alumni events.
We ask pupils leaving the School to join Haileybury Connect and as part of joining the platform to update their contact details and submit their consent and communication preferences.
We sometimes use third parties to handle personal information on our behalf. The following is an example:
- We use third party "cloud computing" services to store some information rather than the information being stored on the School's servers, such as the Raiser’s Edge database and Haileybury Connect platform.
If you have any concerns about the above, please speak to the Director of Development.
What we collect
This will include but not limited to:
- Contact details, e.g. addresses, telephone numbers, e-mail addresses and other contact details;
- personal details, e.g. title, names, gender, date of birth, marital status;
- relationship details, e.g. other family/relationship links;
- employment details, e.g. employment status, organisation name, industry, position, committee positions, trusteeships, directorships, volunteer and charity positions;
- event information, e.g. attendance, willingness to host an event or provide a venue;
- bank details and other financial information, e.g. donations, gifts-in-kind, pledges, tributes, legacies, standing orders, direct debits;
- educational history, e.g. house, when attended, co-curricular activities and interests, positions of responsibility, university, degree, subject of study;
- notes, e.g. letter and email communications, biographical information;
- attributes, e.g. willingness to offer career advice, internships, placements;
- images of individuals engaging in Development Department activities (in accordance with the School's policy on taking, storing and using images of children).
Personal data of alumni, parents, staff and other stakeholders is stored by the Development Department and Partnerships Office in a propriety cloud-based database supplied by Blackbaud, Inc. called Raiser’s Edge (RE) under a contract for service. RE is hosted by Blackbaud on their servers located in the EEA. This database is protected by multi-level authentication and access is restricted to individuals who need to see the data to carry out their duties at Haileybury. The rights of these individuals is also restricted so that only the data that is necessary and required to complete their role is accessible. All access is reviewed on a regular basis. Blackbaud, Inc. do not permit their staff to have access to the personal data stored in RE.
Where the Development Department and Partnerships Office is relying on consent as a means to process personal data, any person may withdraw this consent at any time. Please be aware that the Development Department and Partnerships Office may have another lawful reason to process the personal data in question even without your consent.
That reason will usually have been asserted under this Privacy Notice, or may otherwise exist under some form of contract or agreement with the individual, e.g. because a purchase of goods or services has been requested.
How long we keep personal data
The Development Department and Partnerships Office will retain personal data securely and only in line with how long it is necessary to keep for a legitimate and lawful reason. Typically, we might contact you to request that you update your consent and communication preferences every two years.
You may change your marketing preferences or update the information we hold about you so that we keep this up to date at any time by informing the Development Department or Partnerships Office. You also have the right to have your data removed under the GDPR legislation, again please contact the Director of Development in the first instance otherwise you may also get in touch with the Privacy and Compliance Officer on +44 (0)1992 706200. The School has appointed the Bursar as the Privacy and Compliance Officer who will deal with all your requests and enquiries concerning the School’s use of your personal data and endeavour to ensure that all personal data is processed in compliance with this policy and Data Protection Law.
If you request to leave the Haileybury Connect platform, we will hold your data for three months in case you change your mind. If, after three months, you do not change your mind all data supplied via the platform will be deleted.
If you have any specific queries about how this policy is applied, please refer to our data retention policy which can be found at: www.haileybury.com/my-haileybury/information-parents-pupils/policies-publications/haileybury-data-retention-policy
This service is operated under contract by Aluminati Network Group Ltd. (Aluminati) acting under instruction as our Data Processor under the Data Protection Acts 1998 and 2018. Aluminati will process personal data strictly for the purposes of operating this service.
Aluminati is registered with the Information Commissioner under membership number Z8393842.
Haileybury Connect Social Sign In: Privacy Notice
This privacy notice provides you with details of how we (Aluminati Network Group Ltd) collect, process and store your personal data when you access the Aluminate service (the ‘Service’) via this third-party application (‘App’).
LAWFUL BASIS AND PURPOSE OF PROCESSING
Aluminati processes your data in order to perform its contract, with the institution or organisation, to provide you with the Service. We will process your information for the following purposes;
- To verify your details in order to provide you with access to the Service
- To improve your onboarding experience onto the Service
- To increase your accessibility to the Service
We will only use your personal data for the purposes listed above unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground of processing. We may process your personal data without your knowledge or consent where this is required or permitted by law.
If you are unhappy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (www.ico.org.uk) however we would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
Email: firstname.lastname@example.org Tel: 01638 676 232
WHAT PERSONAL DATA WE COLLECT
Personal data is any information capable of identifying an individual and does not include anonymised data. We may ask you to provide us with or automatically collect certain personally identifiable information that can be used to contact or identify you, including:
- Identity & Contact Data may include your first name and last name
- Contact Data may include your email address
- Technical Data may include your cookie data, information such as your device's internet protocol address (e.g., IP address), browser type, browser version, the time and date of your visit, unique device identifiers and other diagnostic data
We do not collect any sensitive data about you including details about your race or ethnicity, religious beliefs, sexual orientation, political opinions, trade union membership, health, criminal convictions and offences.
For data processed under the lawful basis of ‘performance of a contract’, you;
- DO have the right to; be informed, request access, data portability, data rectification, restriction processing, erasure if there is no overriding ‘legitimate interest’ for continuing to process the data
- DO NOT have the right to object
To exercise these rights please email email@example.com. We will likely have to request information from you to confirm your identity in order to ensure we are following instructions from the actual data subject concerned. No fee is payable for the exercise of these rights unless the request is clearly unfounded, repetitive or excessive in which case we may also legally refuse your request.
For more information on individual rights under the GDPR, go to the following site: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr
You have the right to lodge a complaint to the supervisory authority (the Information Commissioners Office); if you believe we are processing your data unfairly.
DISCLOSURES OF YOUR PERSONAL DATA
We may have to share your personal data with third parties including:
- Our service providers who provide IT, hosting and system administration services
- Professional advisers including lawyers, bankers, auditors, insurers, financial advisers and corporate finance advisers who provide consultancy, banking, legal, insurance, accounting and financial services
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances
- Third parties to whom we sell, transfer, or merge parts of our business or our assets
- We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
We make active efforts to engage in service providers who are based within the European Economic Area (EEA). Where this is not possible, we may need to engage service providers resulting in your personal data being transferred outside the EEA. Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
- Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
In addition to the above, your data may be temporarily transferred outside of the EEA during the course of our staff travelling abroad with personal data (for example meeting contact information and emails). There are appropriate safeguards in place to ensure the protection of your data - including encryption rendering the data unreadable in the case of loss or theft.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain personal data for as long as we need to fulfil the specified purposes we have collected it for as well as for satisfying legal, accounting, audit, or reporting requirements.
By law, for tax purposes, we have to keep certain data about our customers for six years after they cease being customers.
COOKIES & THIRD PARTY LINKS
Links from our website or other communications may link to third-party destinations over whom we have no control and do not take responsibility for their privacy statements or behaviours. Please read the privacy notice of these sites to understand their data policies.
Name and contact details of the data controller and data protection officer
Data Controller: Aluminati Network Group Ltd.
Address: Hyperion House, The Oaks, Newmarket, Suffolk, CB8 7XN
Data Protection Officer: Daniel Watts
Contact Details: firstname.lastname@example.org