Welcome to our website, www.maloreesschools.com. If you continue to browse and use this website (our Site) you are agreeing to comply with and be bound by the following terms and conditions of use.
- The content of the pages of this website is for your general information and use only. It is subject to change without notice.
- This website contains material which is owned by or licensed to us. This material includes, but is not limited to, the design, layout, look, appearance and graphics. Reproduction is prohibited other than in accordance with the copyright notice, which forms part of these terms and conditions.
- Unauthorised use of this website may give rise to a claim for damages and be a criminal offence.
- From time to time this website may also include links to other websites. These links are provided for your convenience to provide further information. They do not signify that we endorse the website. We have no responsibility for the content of the linked website(s).
Your use of this website and any dispute arising out of such use of the website is subject to the laws of England and Wales.
Thank you for visiting our website, (the Site). This Policy set outs the basis on which any personal data provided to us by you, or received by us from third parties, will be used by Malorees Infant & Juniors Schools. Please read this Policy carefully and ensure that you understand your rights and responsibilities under it.
We, Malorees Infant & Junior Schools are data controllers of personal data provided to us and are registered as data controllers with the Information Commissioners Office (ICO) under registration numbers: Z4989989 (Malorees Infant School) & A8298518 (Malorees Junior School).
Malorees Infant & Junior Schools have a Data Protection Officer who is responsible for addressing data protection matters, including any questions you may have in relation to this Policy. You can contact Steve Walters, the Data Protection Officer (DPO) for Malorees Infant & Junior Schools, Email: DPO.Walters@bsp.London
Full details are set out in the relevant sections of this Policy below, but in summary:
- we generally receive personal data relating to you directly from you. For example, we will receive that data if you contact us through the Site or by other means of communication, or if we deal with you in our operations;
- personal data may occasionally be provided to us by third parties with whom each of you and us have some form of relationship. For example, if we deal with your employer in relation to a project which involves you, then they might provide us with your contact details;
- we use your data to improve our Site, conduct our operations, keep appropriate records and meet our legal obligations;
- we only provide your personal data to third parties for our limited purposes or as permitted by law. We don’t share your data with third party advertisers;
- we store data for specified periods for our limited purposes;
- you have certain rights, prescribed by law, in relation to the processing of your data, such as rights to request access, rectification or deletion of your personal data;
- you can contact us to enquire about any of the contents of this Policy.
Importantly, this Policy does not apply to our workforce, children or parents. We have provided information to those individuals separately to explain how we handle and use their personal information. This information is available at www.maloreesschools.com under Workforce Privacy Notice, Children’s Privacy Notice, Parent/Carer Privacy Notice and Recruitment Privacy Notice.
Our Use of Personal Data
The section of our Policy describes:
(a) the kinds of personal data that we may collect, use, store and transfer. We have grouped that data together into different categories based on its subject matter;
(b) our purposes in processing that data; and
(c) in each case, the legal basis of our processing. The legal basis means one of the permitted bases for processing set out in Article 6 of the General Data Protection Regulation (GDPR). We are required by law to identify this legal basis to you.
Personal Data We Obtain From You
If you correspond or communicate with us, whether through the Site, by email, telephone or other methods of communication, then we may process personal data which is contained in, or which relates to the communication (e.g. content of communication, your contact details or job title). We process 'communications data' for the purposes of communicating with you.
If we deal with you or your organisation, (e.g. as a supplier, customer, collaborator or commercial partner), then we may process personal data such as your contact details for the purposes of setting up an account in our systems or otherwise administering our relationship with you. We may also process personal data within all related correspondence and documents such as proposals or contracts, whether created by us or provided to us. We process ‘account data' for the purposes of purchasing products and services and administering our dealings with others.
We may process personal data relating to transactions, such as bank account details, contact details or transaction data in relation to payments made by us to you or by you to us. This may include your contact details, any bank account or sort code information provided for the purposes of making or receiving payment, and the transaction details (such as purchase orders or invoices). We process ‘transaction data' for the purpose of making and receiving payments.
We may process personal data relating to any visit you make to our premises, such as your vehicle registration number, contact details, role, the purpose of your visit or your movements around our sites. We might also ask you to sign certain waivers or acknowledgements in order to access certain areas of our premises. We will process ‘visitor data’ for the purposes of ensuring your visit is properly recorded and is safe.
We have CCTV systems on both school sites. We may process stills or footage which contain images of individuals. The schools’ CCTV Policy describes the use of CCTV on the Malorees Infant & Juniors Schools’ sites.
We may process ‘technical data’ about your use of the Site, such as your browser type and version, operating system, time zone setting and location, referral source, length of visit, or navigation around the Site (for instance, which pages are viewed and how long for). This data is aggregated and anonymised in such a way that it contains no information relating to any identifiable individual at all. We process ‘technical data’ for the purpose of improving our Site.
Personal Data We Obtain From Others
Your personal data may be provided to us by someone other than you: for example, by your employer, by an organisation with whom you and we are both dealing. Normally this data will be communications data or account data as described above and will be processed by us for the purposes described above.
Our Other Processing
We may also process any of the data described above:
(a) for the purposes of record-keeping, back-up and restoration of our systems;
(b) as required by law or in connection with legal claims.
Our Legal Basis of Processing
We will process personal data only on lawful bases as identified in Article 6 GDPR:
Article 6(1)(b) - for the performance of a contract with you, or to take steps at your request prior to entering into a contract with you. This may be our basis for processing communications data, account data, transaction data or visitor data;
Article 6(1)(c) - when processing is necessary for compliance with a legal obligation to which the schools as data controllers are subject.
Article 6(1)(e) - in performing our public functions. This may be our basis for processing any of the personal data identified above if we do so in connection with carrying out specific tasks in the public interest (e.g. in our teaching or governance activities).
If we process personal data in carrying out activities unrelated to our public functions, then we do so on one of the lawful bases set out below.
Article 6(1)(f) - for our legitimate interests. This may be our basis for processing:
i) correspondence, account and visitor data (as we have an interest in properly administering our business and communications, and in developing our relationships with interested parties);
ii) transaction data (as we have an interest in making and receiving payments promptly);
iii) any personal data identified in this Policy where necessary in connection with legal claims (as we have an interest in being able to conduct and defend legal claims to preserve our rights);
iv) CCTV data (as we have an interest in the security of our premises and site);
v) any personal data identified in this Policy in connection with backups of any element of our IT systems or databases containing that personal data (as we have an interest in ensuring the resilience of our IT systems and the integrity and recoverability of our data).
Disclosures of Your Personal Data
We may disclose your personal data to our suppliers or contractors in connection with the uses described above. For example, we may disclose:
(a) any personal data in our possession to suppliers which host the servers on which the schools' data is stored;
(b) transaction data to the schools' financial committees; and
(c) account data to contractors who help us administer our operations.
We do not allow our suppliers or contractors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions and applicable law.
We may disclose your personal data as necessary to comply with law (e.g. to Government or law enforcement).
We may disclose your personal data to our legal or professional advisors in order to take advice but will do so under obligations of confidentiality.
If any part of our operations is transferred to, or integrated with, another organisation (or if we enter into negotiations for those purposes), your personal data may be disclosed to that organisation.
Transfers Outside the EEA
Some of the third parties to whom we may transfer your personal data, discussed above, may be located outside the EEA or may transfer your personal data to their own service providers located outside the EEA. If so, then we will ensure that transfers by our appointed data processors will only be made lawfully (e.g. to countries in respect of which the European Commission has made an "adequacy decision”, or with appropriate safeguards such as the use of standard clauses approved by the European Commission, or the use of the EU-US Privacy Shield.)
We take appropriate technical and organisational security measures to prevent your personal data from being lost, used, accessed, altered or disclosed by accident or without authorisation. If we become aware of any personal data breach, then we will notify you and the ICO as required by law. The schools’ Data Breach Notification Policy outline the procedures the schools will take if a personal data breach occurs.
Retention and Deletion of Your Data
We will only process your personal data as long as is needed for the purposes for which we process it and will be deleted afterwards. In particular:
(a) technical data which is anonymised (and therefore not personal data) may be retained by us indefinitely (but is deleted within a few months);
(b) communications data which relates only to enquiries and not to a business relationship will be retained for the period of the enquiry or chain of correspondence and then deleted after twelve months;
(c) account, transaction, and/or communications data relating to our business relationship with you, will be subject to the schools’ Retention Policy.
We may retain your personal data longer where necessary to comply with law.
Your Legal Rights Under GDPR
You have the right to request access to personal data that we hold about you, subject to a number of exceptions. To make a request for access to your personal data, you should contact: Steve Walters, Data Protection Officer (DPO) for Malorees Infant & Junior Schools, Email: DPO.Walters@bsp.London Please also refer to our Data Protection Policy for further details on making requests for access to your personal data.
We have summarized below the rights that you have under data protection law. You have:
(a) the right to access: if requested, we must confirm what personal data of yours we process, and must provide you with access to that data and further information about our processing;
(b) the right to rectification: if requested, we must correct or complete any inaccurate or incomplete personal data of yours;
(c) the right to erasure: you can request that we erase your personal data in limited circumstances. This is not an absolute right and we may be entitled to retain your data where necessary (e.g. to comply with law);
(d) the right to restrict processing: you can request that we restrict the processing of your personal data in limited circumstances. Where processing has been restricted, we may continue to store your personal data and will observe the restrictions on processing except in the case of processing permitted by applicable law (e.g. in connection with legal claims or for reasons of public interest);
(e) the right to object to processing: you can object to our processing of your personal data on the basis of our legitimate interests. We may be entitled to continue processing in certain circumstances (e.g. if we have compelling grounds to do so, or to comply with law);
(f) the right to data portability: you have a right to receive your data from us in an easily-portable format in limited circumstances: i.e. if we process that data on the basis of a contract with you and by automated means. This is unlikely to apply in most circumstances;
You can read guidance from the Information Commissioner’s Office at www.ico.gov.uk for more information.
If you want to exercise any of these rights, then you should contact: Steve Walters, Data Protection Officer (DPO) for Malorees Infant & Junior Schools, Email: DPO.Walters@bsp.London.
The law does not oblige Malorees Infant & Junior Schools to comply with all requests. If Malorees Infant & Junior Schools does not intend to comply with the request, then you will be notified of the reasons why in writing.
If you have any concerns about how we are using your personal data, then we ask that you contact our Data Protection Officer in the first instance. However, an individual can contact the Information Commissioner’s Office should you consider this to be necessary, at https://ico.org.uk/concerns/.
A cookie is a small file of letters and numbers stored on your browser or the hard drive of your computer, to distinguish you from other users of the Site.
(a) Strictly necessary cookies. These are cookies that are required for the operation of the Site, such as cookies that enable you to log into secure areas;
(c) Functionality cookies. These recognise users to enable us to remember user preferences (e.g. your choice of language or region);
You can change your browser settings to refuse and delete cookies. Further information is available at www.aboutcookies.org or at the support pages made available by your browser operator.
Third Parties and Security
The Site may contain links to third-party websites or refer to third-party service providers and other entities. If you follow a link to any third-party website or deal with any third-party entity referred to on the Site, then you should note that these third parties may have their own privacy and cookie policies, and that we are not responsible for their use of any personal data which you may provide to them. You should ensure that you have read and understood any relevant policies.
Although we do our best to ensure the security of personal data provided to us (and to use only reputable service providers), any transmission of data via the Internet is by its nature insecure and we cannot guarantee the security of any personal data you provide to us whilst it is in transit.
Changes to this Policy
We may notify you of material changes to this Policy using the contact details you have given us, and otherwise may update this Policy periodically on our Site. You should check this Policy from time to time.
Last updated: May 2018
You can contact us by post, telephone or email at:
Malorees Infant School
Christchurch Avenue, Kilburn, London, NW6 7PB
T: 0208 459 3038
Malorees Junior School
Christchurch Avenue, Kilburn, London, NW6 7PB
T: 020 8459 5452
Data Protection Officer
Steve Walters, Data Protection Officer (DPO) for Malorees Infant & Junior Schools
or, by using the contact form(s) on the Site;