Under data protection law, individuals have a right to be informed about how Haringey Education Partnership [HEP] uses any personal data that we hold about them. We comply with this right by providing ‘privacy notices’ (sometimes called ‘fair processing notices’) to individuals where we are processing their personal data.
This privacy notice explains how we collect, store and use personal data about partners and stakeholders.
We, HEP, are the ‘data controller’ for the purposes of data protection law.
We are a not for profit, limited by guarantee company and as such are not required to name a Data Protection Officer (DPO). Our Lead for Data Protection is Sophie Plimley, Operations Manager and EA to the CEO.
Legal basis for processing information:
We only collect and use personal data when the law allows us to. Most commonly, we process it where it has been provided to us on a voluntary basis or under contractual agreements:
• We need it to comply with a contract that specifies our role in collecting, processing and sharing data in line with our goals to support HEP members and improve outcomes for pupils
• We need to comply with a legal obligation
• We need it to perform an official task in the public interest
Less commonly, we may also process pupils’ personal data in situations where:
• We have obtained consent to use it in a certain way
• We need to protect the individual’s vital interests (or someone else’s interests)
Where we have obtained consent to use personal data, this consent can be withdrawn at any time. We will make this clear when we ask for consent, and explain how consent can be withdrawn.
Some of the reasons listed above for collecting and using personal data overlap, and there may be several grounds which justify our use of this data such as:
• to provide our customers with the appropriate level of service: we will process Personal Data
in order to effectively communicate and deliver our services to all users.
• assess the quality of our services: we will process Personal Data so that we may reflect on our own practices to help us improve and provide the highest quality services that we can to all users.
• to review data relating to our customers’ subjects: Under contractual arrangements with our customers, and in our capacity as data processors, we will process data provided by our customers. This data may include, but not be limited to, personal data and information relating to members of school staff, pupils in our customers’ schools or Early Years settings and other members of the school community including parents and governors. We will only process data
for the purposes specified by the contractor.
Categories of data we collect:
Personal data that we may collect, use, store and share (when appropriate) about members, partners and stakeholders includes, but is not restricted to:
• their name and contact details
• their organisation name and contact details
• details of their roles – for example staff professional role in a school or setting or governors’
membership of school governing boards, trust boards and committees
• information arising from participation in HEP projects and programmes, for example training courses
• pupil data, where required for service delivery under commission from schools and the Local Authority
Why we use this data
We use this data to:
• Help us to provide school improvement services
• Understand our members and stakeholders needs to provide the services that they ask for or need
• Support pupil learning
• Deliver and/or support projects aimed at improving pupil outcomes
• Manage and deliver projects and programmes on behalf of the Local Authority, under
regulations set by the Department for Education and/or Ofsted, for example moderation of schools’ assessment of pupil attainment
• Ask opinions about our services
• Carry out research
• Comply with the law regarding data sharing
Collecting this information
Whenever we seek to collect information we make it clear whether providing it is mandatory or optional. If it is mandatory, we will explain the possible consequences of not complying.
How we store this data
We keep personal information about members, stakeholders and pupils while the projects and activities requiring them are live and in progress. We may also keep it beyond the end of such activities. If this is necessary in order to comply with our legal obligations. Our information retention and management policy sets out how long we keep information about stakeholders and pupils. You can request a copy of our information retention policy by emailing
The information in our email communication is confidential. The contents may not be disclosed or used by anyone other than the addressee. If you are not the addressee, please tell us by using the reply facility in your email software as soon as possible. HEP cannot accept any responsibility for the accuracy or completeness of this message as it has been transmitted over a public network. If you suspect that the message may have been intercepted or amended please tell us as soon as possible.
We do not share information about service users, partners and stakeholders (including pupils at member schools) with any third party without consent unless the law and our policies allow us to do so.
Where it is legally required, or necessary (and it complies with data protection law) we may share personal information about service users, partners and stakeholders (including pupils at member schools) with:
• Our local authority – to meet our legal obligations to share certain information with it, such as safeguarding concerns and exclusions
• The Department for Education
• Educators and examining bodies, for example assessment & moderation information
• Education and children’s service regulators, for example Ofsted
• Suppliers and service providers – to enable them to provide a service we have contracted them for
• Financial organisations, where we need to identify individuals in order to pay stakeholder organisations in relation to services and projects
• Central and local government
• Survey and research partner organisations
• Internet Security organisations
• Professional advisers and consultants
• Professional bodies
Transferring data internationally
We do not routinely transfer staff personal data overseas but when this is necessary, we ensure that we have appropriate safeguards in place.
Service users, partners and stakeholders rights regarding personal data
Individuals have a right to make a ‘subject access request’ to gain access to personal information that HEP holds about them.
If you make a subject access request, and if we do hold information that relates to the application, we will:
• Give the person a description of it
• Tell them why we are holding and processing it, and how long we will keep it for
• Explain where we got it from, if not from the person
• Tell you who it has been, or will be, shared with
• Let you know whether any automated decision-making is being applied to the data, and any consequences of this
• Give you a copy of the information in an intelligible form
Individuals also have the right for their personal information to be transmitted electronically to another organisation in certain circumstances.
If you would like to make a request, please contact our data protection lead, Sophie Plimley on firstname.lastname@example.org
Under data protection law, individuals have certain rights regarding how their personal data is used and kept safe, including the right to:
• Object to the use of personal data if it would cause, or is causing, damage or distress
• Prevent it being used to send direct marketing
• Object to decisions being taken by automated means (by a computer or machine, rather than by a person)
• In certain circumstances, have inaccurate personal data corrected, deleted or destroyed, or restrict processing
• Claim compensation for damages caused by a breach of the data protection regulations
To exercise any of these rights, please contact our data protection lead.
We take any complaints about our collection and use of personal information very seriously.
If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance.
To make a complaint, please contact our data protection officer. Alternatively, you can make a complaint to the Information Commissioner’s Office:
• Report a concern online at https://ico.org.uk/concerns/
• Call 0303 123 1113
• Or write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
If you have any questions, concerns or would like more information about anything mentioned in this privacy notice, please contact our data protection lead, Sophie Plimley: (email@example.com)