WHO PROCESSES INFORMATION?
We are Global Schools Forum (GSF), registered in England as a company limited by guarantee (number 13076524) whose registered office is at 17th Floor, 21-24 Millbank, London, SW1P 4QP. For the full GSF data protection policy or if you have any questions about this privacy notice, please email us email@example.com.
We may change this policy from time to time, so do check our website for the most up-to-date version.
All personal data is held in compliance with UK Data Protection legislation, the UK General Data Protection Regulation and with all other laws concerning the protection of personal information, including the Privacy & Electronic Communications Regulations 2003.
The personal data we process may be shared with third parties, where it is necessary for us to do so and we have a lawful basis to do so.
- User privacy and data protection are human rights.
- We care about you and your data and have a duty to ensure both are safe!
- We will only collect and process your data when necessary to provide our services and support, as part of our legitimate interests as an organisation.
- We will never sell, rent or distribute your personal information.
WHAT LEGISLATION IS RELEVANT
We ensure that our systems and website comply with the following data protection legislation:
Our compliance with the above legislation means that it is likely that we are compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you have any questions about this, please contact us on firstname.lastname@example.org.
HOW DO WE COLLECT INFORMATION FROM YOU?
We obtain information about you when you contact us directly, register for membership or register to receive our newsletter. We might also meet you at an event or be connected with you by one of our partners, members or contacts.
If we are collecting personally identifiable information through our website, we will do so using forms that clearly explain what we intend to do with it.
WHAT TYPE OF INFORMATION IS COLLECTED?
5.1 Personal information
The personal information we collect might include your name, contact number, email address (the other information we collect is organisational rather than personal). This information is necessary for us to conduct our business and to provide you with the services you are signing up for or have requested. In these situations, you know what information you are giving us and why we need the information as you are requesting us to use your information to fulfil your request. For event registration, we may collect information about your food preferences and emergency contact details. These will be used for the purpose of the event only.
We will only collect sensitive personal data, “special categories” as defined by UK Data Protection Act 2018 (DPA), for GSF staff and consultants so that we can fulfil our commitment to providing equal opportunities.
Data we hold will be used confidentially, and to help us run our services and keep you informed - for example, to collect subscriptions, mail out publications and let you know about conferences and events; or to fulfil legal or regulatory requirements if necessary.
5.2 Organisational information
Information you provide us through our membership sign-up form, event registration forms and annual census is, in the main, about your organisation rather than personal. This information allows us to deliver services to you, make decisions about your membership status and develop and improve our membership offer. This information is used internally by the GSF team.
In addition, we use aggregated data from the annual census to generate and publish statistics about our members and therefore the non-state education sector to stakeholders, partners and interested parties. These statistics will not include any information that could personally identify you or your organization. For example we might say: ‘40% of our members run over 20 schools in low and middle income countries’.
5.3 Your activity on our Collaboration Platform
Only members have access to our collaboration platform. If you are a member, everything you do or contribute on this platform can be seen by all other members of Global Schools Forum aside from private messaging, which is only seen by those included in the conversation. You are able to delete your posts at any time and request for your profile to be deactivated by the GSF team.
By becoming a member of GSF and accessing the collaboration platform, your name, role, organisation and email address will be made available to all other members of GSF for the legitimate business interest of facilitating collaboration.
HOW DO WE USE YOUR INFORMATION?
We will use your information to:
- Carry out our obligations in relation to your organisation’s membership status with GSF including the legitimate interest of keeping an appropriate record of communications entered into with members and keeping up-to-date member records
- Seek your views and comments on our services
- Notify you of changes to our services
- Send you communications that you have requested or those relating to membership necessary for the delivery of services
- Process and respond to your request
- Register you for an event we are running and communicate with you about it
- Keep you updated on what GSF is up to and other relevant sector news and opportunities.
The lawful basis for processing personal data by GSF are:
- Article 6 1(a) of the UK GDPR which allows processing with your consent;
- Article 6 1(b) of the UK GDPR which allows processing that is necessary for the performance of a contract;
- Article 6 1(c) of the UK GDPR which allows processing that is necessary to comply with a legal obligation;
- Article 6 1(f) of the UK GDPR which allows processing that is in our legitimate interests.
We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any contracts we enter into with you.
Only authorised employees and data processors (software suppliers and those working on behalf of GSF to deliver our products and services) will have access to your data. All parties who have access to your data are required to process/use that data in accordance with the provisions of current data protection legislation and GSF’s Data Protection Policy.
Personal data is processed using a combination of cloud-based information management systems, cloud storage and sharing facilities, on local file servers and in paper copies. In accordance with data protection legislation, it is only retained for as long as is necessary to fulfil the purposes for which it was obtained, and not kept indefinitely.
Transfer outside of the European Economic Area (EEA)
We do not normally transfer your information to a different country outside the EEA. However, some of our external third-party support partners are based outside the EEA so their processing of personal data will involve a transfer of data outside the EEA. Whenever we transfer personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented, including:
- We will only transfer personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe and/ Standard Contractual Clauses.
WHAT ABOUT THIRD PARTY DATA PROCESSORS?
We use a number of other data processors to help us deliver our services to you. These are called ‘third party data processors’. Each of them have their own data protection and privacy policies that you should be aware of. We only use third party data processors that are compliant with the highest data protection legislation ensuring secure data storage and transfer. Where data is stored outside of the EU, third party processors will have relevant technical and organisational measures in place, established using Standard Contractual Clauses. Please be reassured that we will not sell, trade, rent, exchange or otherwise share your personal information to third parties for them to use for their own purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
7.1 We use:
- YourMembership (owned by Community Brands) for our contact database, online forms, event registration, group emails, website and our member only collaboration platform through GSFpedia
- Facebook for social media
- Google to provide Google Forms for people to complete and Google Drive for our documents
- Microsoft SharePoint for document storage.
- Outlook for our work emails
- Microsoft Teams for internal calls
- Zoom for webinars
- Twitter for social media
- LinkedIn for connecting with individuals and organisations
7.2 Social buttons
Visitors may use these to bookmark or share our web pages. There are buttons for: Twitter Share, Facebook Share and LinkedIn Share. These work using scripts from domains outside of Globalschoolsforum.org and it is likely those sites will collect their own information about what you are doing. You should review the policies of each of these sites to see how they use your information and to find out how to opt out, or delete, such information.
7.3 Links to other websites
Our website also contains links to other websites that may be of interest to our visitors. However, once you have used these links to leave our site, this privacy statement no longer applies and we cannot be responsible for the protection and privacy of any information which you provide whilst visiting those sites - such sites are not governed by this privacy statement. Again, please check the respective policies of any such sites that you chose to visit.
HOW CAN YOU ACCESS AND UPDATE YOUR INFORMATION?
You can request a copy of the information we have about you at any time and we will provide you with a full copy within one calendar month free of charge. If you change any of your contact details, and would like these to by updated on our system, please email email@example.com and we will make the changes.
You can withdraw consent at any time for your data to be processed and used by GSF. In this situation we will advise you of the implications of this and if you are a member, how this will affect your membership status with us. At your request your data will then be deleted from all our systems in line with our data retention schedule.
WHAT WILL WE DO IF THERE IS A DATA BREACH?
If there is a data breach, Our Data Protection Officer will investigate and where it is deemed to be likely there is a risk to the rights or freedoms of data subjects, you will be contacted, in addition to contacting the Information Commissioner’s Office.
WHAT ARE YOUR RIGHTS WITH REGARDS TO YOUR DATA THAT WE HOLD?
Data subjects have the right to do the following with regards to their own data:
- Ask us for a copy of the information we have about you. This is called a ‘subject access request’.
- Ask us to correct any information we have about if you think it is wrong.
- Ask us to erase information about you (although we may have good reasons why we cannot do this).
- Ask us to limit what we are doing with your information.
- Object to what we are doing with your information.
- Ask us to transfer your information to another organisation in a format that makes it easy for them to use.
If you make a subject access request, and if we do hold information about you, we will:
- Give you a description of it.
- Tell you why we are holding and processing it, and how long we will keep it for.
- Explain where we got it from, if not from you.
- Tell you who it has been, or will be, shared with.
- Let you know whether any automated decision-making is being applied to the data, and any consequences of this.
- Give you a copy of the information in an accessible format.
- More information about your rights is available in our data protection policy. To request a copy, email us at firstname.lastname@example.org.
WHO SHOULD YOU CONTACT IF YOU HAVE ANY QUESTIONS OR CONCERNS?
Global Schools Forum aims to comply fully with its obligations under the GDPR. If you have any questions or concerns regarding management of personal data including your data subject rights, please contact us on email@example.com.
If you feel that your questions / concerns have not been dealt with adequately on any data protection matter, please get in touch with us and the matter will be escalated to our Chief Executive. If you remain unhappy with our response or if you need any advice you can contact the Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Tel: 030 123 113 (local rate) or 01625 545 745 if you prefer to use a national rate number. Please visit their website (www.ico.org.uk/concerns) for information on how to make a data protection complaint.
WHAT IF WE CHANGE OUR PRODUCTS AND SERVICES OR THIS POLICY?
As our products and services change and also as national and international policy and law change, we may need to update this policy. For members we will post any updates on our collaboration platform. For other users of our sites, our updated policy will be available on our website. Please check this policy regularly to ensure you understand how we use your information.
It is a condition of using the sites and our services that you agree to this policy and how we use your data for legitimate purposes as described in more detail above.
Written – 3 November 2017
Published – 4 December 2017
Updated – 7 March 2018
Updated – 22 May 2018
Updated – 04 June 2018
Updated – 22 March 2019
Updated – 20 October 2020
Updated – 12 August 2021