|Date last updated ||03122018 |
|Last updated by ||Pippa Blackstone 3 December 2018 |
Tonbridge Grammar School (TGS, the School) maintains a Community Relationships database (TGS Connections) of students, parents, alumni students, alumni staff, friends and supporters, volunteers, business connections, local organisations and charitable trusts. The database enables the School to stay in touch with our community and keep you informed and updated about school news and developments, events, careers initiatives, school business development, and fundraising activities.
Some of our database (but not all) choose to join our online community by registering on the database website and creating an online profile. In both instances (individuals with offline database records and individuals with online profiles), we collect and store personal information (or “data”) about you. We are committed to protecting and respecting your privacy and this Policy sets out what information we collect about you, where and how we use (“process”) it.
We may change this Policy from time to time. If we make any significant changes we will advertise this on the website and on TGS Connections or contact you directly with the information. Please check this page occasionally to make sure you are happy with any changes.
If you have any questions about this Policy or concerning your personal information, please contact Pippa Blackstone TGS Director of Development and Alumni Relations at email@example.com
or otherwise our Data Protection Officer Craig Stilwell (LLB Hons, LPC), Head of Data Services, Judicium Consulting Ltd.
For the purposes of the General Data Protection Regulations (GDPR) and any subsequent UK legislation covering data protection, the Data Controller is Tonbridge Grammar School. What type of personal information we collect
The information we have about you depends on where we collect it, but may include:
Where we collect information from
- First name
- Last name
- Contact telephone / mobile
- Date of birth
- Family relationships
- Years at the School
- Interests and passions, teams, clubs, service to the School
- School qualifications
- Destination on leaving TGS and attainment (Sixth Form, higher education, gap year, work experience, work (if known)
- Offer and availability to volunteer (time, days, type of help offered), and volunteering activity
- Work details (job title, employer)
- Expertise and offers of expertise
- Participation in our events, emails, competitions, surveys and other activities
- Careers support schemes (peer to peer amongst signed up members, and for supporting students) through mentoring, work experience and internship opportunities
- Your relationships with other TGS alumni, donors, friends and supporters
- Donations made to Tonbridge Grammar School e.g. cash cheque, account transfer, standing order, via payroll, and wealth assessment information
- A record of payments made via the website (but we do not store your credit/ debit card details as these are processed securely externally by a third-party payment provider) which could include event tickets, shop purchases or online donations
- Consent options and communication preferences (includes adherence to PECR rules)
- Content (such as announcements, stories, photographs, documents, comments, events, jobs) that you post on this website or provide to us by other means.
- Log-ins and activity on the website (including geo-location data - your geographical location based on your IP address)
We collect personal information when you:
- Attend the School (student, parents and carers). Basic contact data is regularly updated from the school SIMS via a secure mechanism called WONDE, enabling communications to use real time data for current school contacts
- Visit this website
- Create or update your online profile
- Post content on to this website or other websites and social media sites managed by Tonbridge Grammar School
- Take part in an event
- Attend a meeting with us and provide us with information
- Respond to requests for information
- Contact us in any way including online, email, phone, SMS, social media or post
- Leave the School. We transfer some basic details about you from the main school database in to the TGS Connections database. Year 13 leaver emails are collected from students with their consent prior to leaving
We supplement this data with information that is available in the public domain, typically but not exclusively via social and professional platforms such as LinkedIn, twitter, facebook, press, google. How we use your information
The data is accessed only by data users with authorisations relevant to the specific data they are using. Your personal data is used in a number of ways, always with a legal basis for processing it. These may include:
- Providing you with the information or updates that you have asked for
- Sending you communications (with your consent if required) that may be of interest, including invites to events, newsletters and fundraising campaigns
- Delivering our obligations under any contract between us
- Seeking your views on the services or activities we carry out, so that we can make improvements
- Updating our database records and ensuring we know how you prefer to be contacted
- Analysing your engagement with our website and other content to help us improve our services for you
- Running and monitoring our mentoring and careers programme/ club activities/ reunion events/ sports fixtures
We may use photographs or videos of you for the School’s website and social media sites or prospectus to advertise the School. More often than not, photographs we use do not tag you so you are unidentifiable. However sometimes we would like to tag names. The School adheres strictly to photographic consent preferences both on the main school database and on TGS Connections. You can change your consent at any time by going into the ‘Consent’ settings on your profile. Our legal basis for processing your information
The use of your information for the purposes set out above is lawful because one or more of the following applies:
Updating your consent preferences
- You have given us your consent for the information to be used
- It is necessary for us to hold and use your information to carry out our obligations under a contract entered into with you
- It is necessary for our legitimate interests to hold and use your information and we are not impacting your privacy by doing so
If you have an online profile on TGS Connections you can update your consent options by logging-in and clicking on “My Settings” in your profile. Scroll down to find your ‘Consent options’ where you will see a list of consents and the options “opt-in”, “opt-out” and “unspecified”.
Via ‘My Settings’ you can also choose to hide your profile from Google, limit access to your profile so that it’s only viewable to your connections and adjust some of the automatic notifications that you receive from this website. Please note that your name (but not
full profile) may appear in various places around the community website, such as a ‘Recent Joiners’ box and in ‘Search’ results irrespective of the privacy settings you have selected.
If we are using consent as our legal basis for processing your data, we must have an explicit “opt-in” from you for this specific type of processing.
If we are using legitimate interests as our legal basis for processing your data, we will process your data responsibly in a way that you would reasonably expect, and you can opt-out at any stage.
If you click ‘unsubscribe’ at the bottom of one of our emails sent you will be automatically opted-out of these types of email communications in the future.
If you want to contact us about your consent preferences, please contact Pippa Blackstone TGS Director of Development and Alumni Relations at firstname.lastname@example.org
/ 01732 365125. How we keep your information safe
We understand the importance of keeping your personal information secure and take appropriate steps to safeguard it.
Your data is stored on a dedicated, secure cloud server hosted by Amazon Web Services (AWS) in the EU and managed by our website provider, ToucanTech
. Industry standard firewalls, anti-virus, encryption and back-up methods are in place, as well as strict data handling protocols.
We always ensure only authorised persons have access to your information, which means only our approved employees and contractors, and that everyone who has access is appropriately trained in data management.
If you have an online profile for this website you are responsible for keeping your login details (email and password) confidential and we ask that you do not share your password with anyone.
No data transmission over the internet can be guaranteed to be completely secure. So, whilst we strive to safeguard your information, we cannot guarantee the security of any information you provide online and you do this at your own risk. Who may have access to your information?
- Third parties who provide services for us, for example a mailing house for sending mailings. We select our third-party service providers with care. We provide these third parties with the information that is necessary to provide the service and we will have an agreement in place that requires them to operate with the same care over data protection as we do
- Third parties if we run an event in conjunction with them. We will let you know how your data is used when you register for any event
- Web hosting, email hosting, analytics and search engine providers that enable us to run our community database and improve our website and its use
- Third parties in connection with restructuring or reorganisation of our operations, for example if we merge with another business. In such event, we will take steps to ensure your privacy rights will be protected by the third party
We do not purchase external services used in wealth screening, data matching and tele-appending your personal data.
ToucanTech does not transfer the personal data of EU customers outside of the EEA
Other than this, we will not share your information with other organisations without your consent. Keeping your information up to date
Please would you let us know if your contact details change. Online members can update your details directly by logging-in to the website and clicking on ‘My Settings’ under your profile. You can also update your details by contacting Pippa Blackstone TGS Director of Development and Alumni Relations at email@example.com
/ 01732 365125 Cookies
The law states that we can store cookies on your machine if they are essential to the operation of the website, but that for all others we need your permission to do so.
The list below explains the cookies we use and why:
Opting out of cookies
|Cookie Description ||Name ||Purpose |
|Session Cookie ||Tonbridge Grammar School_Member_Code |
Tonbridge Grammar School_PyroCMS
|Used to remember you as you travel from page to page in a single session (without leaving the website) in order to provide a continuous and unified experience |
|Functional Cookie ||Tonbridge Grammar School_Identify ||Used to remember your login details when you return to the website after previously logging out, by storing them in your browser. This cookie is turned off by default and is only activated when you select the ‘Remember Me’ check box during login. |
If you do not wish to receive cookies from us or any other website, you should be able to turn cookies off on your web browser: please follow your browser provider’s instruction in order to do so. Unfortunately, we cannot accept liability for any malfunctioning of your computer or its installed web browser as a result of any attempt to turn off cookies.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org
. Use of aggregated data
Where data can be aggregated and anonymised, our website provider (ToucanTech) might use this for research purposes without restriction. For example, they may monitor traffic patterns, site usage, response rates and data trends to help make improvement to the website software. They are entitled to do this because the resulting data will not personal identify you and will therefore no longer constitute personal data for the purposes of data protection laws.
We do not process personally identifiable data for any research/ benchmarking/ usage analysis. How long we keep your information for
We will keep your data for as long as you wish to continue your relationship and communication with the School and with TGS Connections.
Where we rely on your consent to contact you for direct email marketing/ fundraising purposes, we will treat your consent as lasting only for as long as it is reasonable to do so. This will usually be for [two] years. We may periodically ask you to renew your consent.
If you ask us to stop contacting you, we will keep a record of your contact details and limited information needed to ensure we comply with your request. If you ask us to remove your personal data from our database we will delete all the information we hold out apart from:
- your name and years of entry and leaving alongside your request to remove your data. We will retain this information to prevent you from being inadvertently contacted in the future.
- information needed to comply with statutory requirements, but only for as long as those statutory requirements specify (e.g. Gift Aid declarations)
- a coded reference may be attributed to you for reporting and accounting purposes concerning any events attended or donations made.
You have the right to request details of how we use your personal information through making a subject access request by contacting our Data Protection Officer Craig Stilwell (LLB Hons, LPC), Head of Data Services, Judicium Consulting Ltd, 72 Cannon Street, London, EC4N 6AE firstname.lastname@example.org
You also have the following rights:
- to request rectification of information that is inaccurate or out of date;
- to erasure of your information (the “right to be forgotten”);
- to restrict the way in which we are dealing with and using your information;
- to request that your information be provided to you in a format that is secure and suitable for re-use (the “right to portability”);
- in relation to automated decision making and profiling.
All of these rights are subject to certain safeguards and limits or exemptions. To exercise any of these rights, you should contact our Data Protection Officer Craig Stillwell at Judicium Consulting Ltd.
If you are not happy with the way in which we have processed or dealt with your information you also have the right to make a complaint at any time to the Information Commissioner’s office, the UK supervisory authority for data protection issues at https://ico.org.uk/concerns
Mrs Pippa Blackstone
Director of Development and Alumni Relations