Nord Anglia Education Limited and its subsidiaries (Nord Anglia), through the course of its normal business activities and as a specialist provider of education and learning services, collects and uses personal information (or personal data) relating to individuals. Such individuals may include members of the public and public bodies with whom Nord Anglia is directly or indirectly engaged; previous, current and prospective employees; Nord Anglia’s customers and suppliers.
In order to operate ethically and in compliance with legal and contractual obligations, the correct and lawful treatment of such personal data is paramount to Nord Anglia demonstrating that it employs best practice standards, maintains its competitive advantage and ensures client confidence, particularly given the sensitivity of the education sphere in which Nord Anglia operates.
The law which governs the identification, treatment and handling of personal data in England and Wales is the Data Protection Act 1998 (“the Act”). The Act introduced a number of obligations and standards with which companies and individuals in England and Wales must comply, together with the appointment of the Information Commissioner’s Office as regulator to monitor compliance with the requirements of the Act.
Nord Anglia understands its obligations under the Act and is committed to maintaining high standards of confidentiality and privacy with respect to the processing of personal information.
The aim of this Policy is to set out the obligations of Nord Anglia and its employees when processing personal data about individuals. It is important that all Nord Anglia employees understand the rules governing the identification, treatment and handling of personal data. Advice can be obtained directly from the legal department and a guidance document entitled “Legal Guidance: Data Protection Act 1998” accompanies this Policy. Nord Anglia employees may also find the Information Commissioner’s Office website of use in seeking preliminary guidance. The website can be found at the following address:
DATA PROTECTION PRINCIPALS
Personal data is information which relates to a living individual (not companies, although information about a named individual of a company will be personal data) who can be identified from that information, whether or not in conjunction with any other information. Common examples of personal data which may be used by Nord Anglia in its day to day business activities include names, addresses, telephone numbers and other contact details, CV’s, performance reviews and salaries.
Nord Anglia will be processing personal data if it holds personal data and/or carries out any operation relating to that information such as altering or deleting it, accessing, downloading, reviewing or transferring it.
Any personal data which Nord Anglia collects, records or uses in any way, whether it is held on paper, on computer or other media will have appropriate safeguards applied to it to ensure that Nord Anglia complies with the Act.
There are 8 Data Protection Principals put in place by the Act to make sure that information is handled properly, the principals state that personal data must be:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Not kept for longer than is necessary
- Processed in line with the data protection subject rights
- Secure; and
- Not transferred to countries where legislation does not provide equivalent or adequate protection
Nord Anglia upholds these principals**.
** NB: The Principals are contained in Schedule 1 of the Act: Part I of the Schedule sets out the Principals, and Part II sets out guidelines for interpretation. A copy of the relevant text can be obtained from the Legal Department or on the Information Commissioner’s website and as such only the most significant parts of the text are mentioned in this Policy.
Nord Anglia Education Limited and each of its subsidiaries in the UK who handle personal data are registered with the Information Commissioner as a data controller, which allows Nord Anglia to control and to process personal data in accordance with the Data Protection Principals. Nord Anglia is authorised by the Information Commissioner’s Office to control and process personal data for various purposes. Nord Anglia intends to collect personal data for the sole purpose or meeting specifically planned, agreed and necessary purposes and to retain that information for as long as those purposes remain valid. Such purposes include:
- Staff Administration; including but not limited to; appointments or removals, pay, discipline, superannuation, work management or other personal matters in relation to its staff.
- Advertising Marketing and Public Relations; including but not limited to, advertising or marketing the business of Nord Anglia, activity, goods or services and promoting public relations in connection with that business, activity or goods or services.
- Accounts and Records including but not limited to; keeping accounts related to business and activities carried on by Nord Anglia, deciding whether to accept a person as a customer or supplier, keeping records of purchases, sales or other transactions for the purposes of ensuring that the requisite payments and deliveries are made, services provided by Nord Anglia or to Nord Anglia and financial or management forecast information to assist Nord Anglia in the conduct of its business and activity.
- Education, including but not limited to; the provision of education or training as a primary function or as a business activity.
- Consultancy and Advisory Services; including but not limited to; the giving of advice or rendering professional services and the provision of services of an advisory, consultancy or intermediary nature.
Any personal data collected by Nord Anglia must only be passed to a third party where required by law, to comply with a statutory obligation or where Nord Anglia has obtained the express written consent of the individual concerned.
In order for Nord Anglia to meet the requirements of the Data Protection Principals, Nord Anglia will:
- Observe fully the conditions regarding fair collection and use of personal data;
- Meet its legal obligations to specify the purpose for which personal data is used;
- Collect and process appropriate personal data and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements;
- Ensure the quality of personal data used;
- Apply strict checks to determine the length of time personal data is held;
- Take appropriate technical and organisational security measures to safeguard personal data
- Ensure that personal data is not transferred abroad without suitable safeguards;
- Ensure that the rights of people about whom the information is held can be fully exercised under the Act.
Where Nord Anglia collects sensitive personal data, it will take appropriate steps to ensure that it has explicit consent to hold, use and retain such data. Sensitive personal data includes personal data about an individual’s racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sex life, details of the commission or alleged commission of any offence and any court proceedings relating to the commission of an offence.
Companies within the Nord Anglia group may share personal data (only within the Nord Anglia group and excluding sensitive personal data) to enable them to integrate administrative tasks such as address changes. This helps to maintain consistent records across the group.
NOTE TO DATA SUBJECTS
Under the Act, any person who believes Nord Anglia may hold personal data about them, may write to request a copy of this personal data from Nord Anglia. Nord Anglia is legally permitted to charge a fee (currently £10) for providing this information. If the details we hold about you are inaccurate, you have the right to ask us to correct, rectify, block or erase such inaccurate information. In certain circumstances you may have the right to prevent processing.