Nord Anglia Education Limited (Nord Anglia) is a company registered in England (Company No. 02116088) with its address at 4th Floor, 18 King William Street, London United Kingdom EC4N 7BP and is a UK subsidiary of Nord Anglia Education Incorporated, which operates numerous affiliated schools globally (Nord Anglia Schools) via a central office in Hong Kong.
Nord Anglia, through the course of its normal business activities and as a specialist provider of education and learning services and administrator of educational trips, collects and uses personal information (or personal data) relating to individuals. Such individuals may include members of the public and public bodies with whom Nord Anglia is directly or indirectly engaged; previous, current and prospective employees of Nord Anglia and/or Nord Anglia Schools; previous, current and pupils of Nord Anglia and/or Nord Anglia Schools and their parents; and Nord Anglia’s customers and suppliers.
The correct and lawful treatment of such personal data is paramount to Nord Anglia in order to operate ethically in compliance with legal and contractual obligations and demonstrate best practice standards, while maintaining its competitive advantage and ensuring the confidence of clients, pupils and parents, particularly given the sensitivity of the education sphere in which Nord Anglia operates and the need from time to time to process the sensitive personal data of children in particular.
The law which governs the identification, treatment and handling of personal data in England and Wales is the Data Protection Act 1998 (“the Act”). The Act introduced a number of obligations and standards with which companies and individuals in England and Wales must comply, together with the appointment of the Information Commissioner’s Office as regulator to monitor compliance with the requirements of the Act.
Nord Anglia understands its obligations under the Act and is committed to maintaining high standards of confidentiality and privacy with respect to the processing of personal information as set out in this notice (the “Policy”).
The aim of this Policy is to set out the obligations of Nord Anglia and its employees when processing personal data about individuals. It is important that all Nord Anglia employees understand the rules governing the identification, treatment and handling of personal data. Advice and guidance for staff can be obtained directly from Nord Anglia's legal department. Nord Anglia employees may also find the Information Commissioner’s Office website of use in seeking preliminary guidance. The website can be found at the following address:
DATA PROTECTION PRINCIPLES
Personal data is information which relates to a living individual (not companies, although information about a named individual of a company will be personal data) who can be identified from that information, whether or not in conjunction with any other information. Common examples of personal data which may be used by Nord Anglia in its day to day business activities include names, addresses, telephone numbers and other contact details, CV’s, performance reviews and salaries.
Nord Anglia will be processing personal data if it holds personal data and/or carries out any operation relating to that information such as altering or deleting it, accessing, downloading, reviewing or transferring it.
Any personal data which Nord Anglia collects, records or uses in any way, whether it is held on paper, on computer or other media will have appropriate safeguards applied to it to ensure that Nord Anglia complies with the Act.
There are 8 Data Protection Principles put in place by the Act to make sure that information is handled properly, the principles state that personal data must be:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Not kept for longer than is necessary
- Processed in line with the data protection subject rights
- Secure; and
- Not transferred to countries where legislation does not provide equivalent or adequate protection
Nord Anglia upholds these principles**.
** NB: The Principles are contained in Schedule 1 of the Act: Part I of the Schedule sets out the Principles, and Part II sets out guidelines for interpretation. A copy of the relevant text can be obtained from the Legal Department or found on the Information Commissioner’s website and as such only the most significant parts of the text are mentioned in this Policy.
Nord Anglia intends to collect personal data for the sole purpose of meeting specifically planned, agreed and necessary purposes, and to retain that information for as long as those purposes remain valid. Such purposes include:
- Staff Administration; including but not limited to: appointments or removals, pay, discipline, superannuation, work management or other personal matters in relation to its staff.
- Advertising Marketing and Public Relations; including but not limited to: advertising or marketing the business of Nord Anglia, activity, goods or services and promoting public relations in connection with that business, activity or goods or services.
- Accounts and Records including but not limited to: keeping accounts related to business and activities carried on by Nord Anglia, deciding whether to accept a person as a customer or supplier, keeping records of purchases, sales or other transactions for the purposes of ensuring that the requisite payments and deliveries are made, services provided by Nord Anglia or to Nord Anglia and financial or management forecast information to assist Nord Anglia in the conduct of its business and activity.
- Education, including but not limited to the provision of education or training as a primary function or as a business activity.
- Educational Activities, Trips and Expeditions, including but not limited to: the provision, organisation and administration of international expeditions for the wider Nord Anglia Schools community, and the appointment and instruction of professional operators of such expeditions (including, where appropriate, the provision of certain necessary medical information of participants to such operators and members of their local expedition team in accordance with any notified Expedition Team Medical Policy).
- Consultancy and Advisory Services; including but not limited to: the giving of advice or rendering professional services and the provision of services of an advisory, consultancy or intermediary nature.
Any personal data collected by Nord Anglia will only be passed to a third party where required by law, as permitted on statutory grounds or to comply with a statutory obligation, or where Nord Anglia has obtained the express consent of the individual concerned.
In order for Nord Anglia to meet the requirements of the Data Protection Principles, Nord Anglia will:
- Observe fully the conditions regarding fair collection and use of personal data;
- Meet its legal obligations to specify the purpose for which personal data is used;
- Collect and process appropriate personal data and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements;
- Ensure the quality and accuracy of personal data used;
- Apply appropriate checks to determine the length of time personal data is held in accordance with what is necessary for the purpose for which it was collected;
- Take appropriate technical and organisational security measures to safeguard personal data, and procure that any third parties with whom the personal data is lawfully shared take similarly appropriate steps to guarantee the same secure and lawful treatment of the personal data;
- Ensure that personal data is not transferred abroad without suitable safeguards and/or the consent of the individual concerned; and
- Ensure that the rights of people about whom the information is held can be fully exercised under the Act.
Where Nord Anglia collects sensitive personal data, it will take appropriate steps to ensure that it has explicit consent to hold, use and retain such data. Sensitive personal data includes personal data about an individual’s racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sex life, details of the commission or alleged commission of any offence and any court proceedings relating to the commission of an offence.
Companies within Nord Anglia's group of companies and the Nord Anglia Schools may share personal data (excluding sensitive personal data except where express consent has been given) to enable them to integrate administrative tasks such as address changes. This helps to maintain consistent records across the group.
NOTE TO DATA SUBJECTS
Under the Act, any person who believes Nord Anglia may hold personal data about them may write to request a copy of this personal data from Nord Anglia. Nord Anglia is legally permitted to charge a fee (currently £10) for providing this information. If the details we hold about you are inaccurate, you have the right to ask us to correct, rectify, block or erase such inaccurate information. In certain circumstances you may have the right to prevent processing.
Head of Legal
Nord Anglia Education
+852 3951 1100