Logo First Bridge Education in white
Get in touch
Logo First Bridge Education in white

PRIVACY POLICY

1. Introduction

First Bridge Centre and School are committed to protecting and respecting the personal data that we hold. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by a third party acting on behalf of an individual. We may use personal data provided to us for the purposes described in this privacy statement or as made clear before collecting it.

Personal data is any information relating to an identified or identifiable living person. When collecting and using personal data, our policy is to be transparent about why and how we process that data. This can be for a number of purposes; the means of collection, lawful basis of processing, use, disclosure and retention for each purpose is set out in this policy.

Where we receive personal data that relates to an individual from a third party, we request that this third party inform the individual of the necessary information regarding the use of their data. Where necessary, reference can be made to this privacy statement.

 

2. Security

We take the security of all the data we hold seriously. Staff are trained on data protection, confidentiality and security.

We have a framework of policies and procedures which ensure we regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

All information you provide to us is stored on our secure servers.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted online. However, once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

 

3. Data that we hold

3.1. Our services

We provide services to individuals. The exact data held will depend on the service being provided. Where we engage with individuals, we may collect and process personal data in order to assess the needs of a child and their parent(s)/carer(s). We will only ask for personal data that is required for us to fulfil our contractual or operational obligation.

3.1.1. Why do we process this data?

Where data is collected for admissions into one of our services, it is used for several purposes, as follows;

Delivery of service:

  • Admission – We may process your data if you have enquired about our services, have a son/daughter at one of our services, or plan on sending your son/daughter to our services. If you are applying to attend a service, we may process your data and that of your son/daughter to assess your application, and if successful, to grant admission to our services. If your son/daughter is attending one of our services, we will process your data throughout their attendance, and provide you with appropriate support.
  • Promotion of services – we may also process your data to offer you information, courses or other services we feel may apply to you.

Individual needs: When communicating with and assessing the needs of the individual and the parent(s)/carer(s), personal data may be processed in order to ensure that we are appropriately meeting their needs.

Administration: To manage and administer our business and services, we may collect and process personal data. This may include (but is not limited to) maintaining internal records of the individual and maintaining internal safeguarding processes.

Regulatory: For us to carry out our role, we may, from time to time, be required to collect and process personal data to fulfil regulatory, legal or ethical requirements. This may include (but is not limited to) the verification of the identity of individuals.

 

3.1.2. What data is processed?

This is dependent on the service that is being provided and on the recipient of this service.

Services to customers: Individual’s names, date of birth, address, medical history, questionnaires, consent forms, educational programmes, assessment data, unique pupil number, religion, ethnicity, and siblings’ data.

Parent / Carer / Power of Attorney: Emergency contacts, names, legal guardians and power of attorney, address, criminal cases, marital status, financial data, religion, ethnicity, and data captured from other third parties.

Local authorities: Names, email, contact details, job titles.

Other professionals: Names, email, contact details, job titles.

Special Category Data

We may also collect, store and use more sensitive information, but only with the individual’s consent and when it is relevant. This information may include:

  • Information relating to disability and medical records
  • Information relating to dietary requirements
  • Sensitive information shared with us at meetings and during the course of the individual’s relationship with us, such as information about health, including medical conditions.

3.1.3. How long do we hold data for?

We retain the personal data processed by us for as long as is considered necessary for the purpose(s) for which it was collected. There may also be occasions that will require data to be kept for longer; however, this will typically be for legal purposes. We will periodically review this data to ensure it is still relevant and necessary. Please see our Data Retention Policy for more information regarding legal requirements and how long data is kept.

In addition, personal data may be securely archived with restricted access and other appropriate safeguards where there is a need to continue to retain it. We will periodically review this data, to ensure it is still relevant and necessary.

 

3.2. Training

We collect and process personal data about those involved in our training – this includes parents, carers and professionals within the industry. The data is held to provide you with training, to manage the relationship, and to ensure your needs are fulfilled. We may also use this data to send you information on further training that we think may be of interest to you. You can choose to opt out of this correspondence at any time.

3.2.1. Why do we process this data?

We have different services you may have enquired about, are currently attending or previously attended. These include:

  • Training: We provide Behaviour Analysis training to parents and professionals on how to identify behavioural traits, alongside other behaviour-based training.
  • Outreach: We work with parents/carers and professionals in other education settings to support children.

We will collect and process your data for one of the following reasons:

Complying with any law requirement: we are subject to legal, regulatory and professional obligations. We need to keep certain records to show we comply with those obligations and those records may contain personal data.

Administration: To manage and administer our business and these services, we may collect and process personal data.

3.2.2. What data do we hold?

We will hold names, email addresses, contact details, addresses, photos, and videos where consent has been given.

3.2.3. How long do we hold this data for?

We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). Data may be held for longer periods where required by law or regulation to establish, exercise or defend our legal rights. We will periodically review this data to ensure it is still relevant and necessary.

 

3.3. Marketing

We process personal data for marketing purposes. We will only do this when we have your explicit consent, or we believe we have a legitimate purpose to do so.

3.3.1. Why do we process this data?

We have different ways we carry out marketing. This can include:

  • Providing you with information about our work and our activities. This might include sending you Centre news and research updates, department and Centre e-newsletters and invitations to events.

  • Providing services such as access to visits, events and facilities in Centre.

  • Administrative purposes, such as recording your registration for, or attendance at, an event.

  • Internal record keeping, including the management of any feedback or complaint.

  • Monitoring the impact of our communications and other activities, such as measuring email open rates or analysing the uptake of our events programme.

     

3.3.2. What data do we hold?

We will hold names, email addresses, contact details, addresses, photos, and videos where consent has been given.

3.3.3. How long do we hold this data for?

We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). Data may be held for longer periods where required by law or regulation to establish, exercise or defend our legal rights. We will periodically review this data, to ensure it is still relevant and necessary. Please see our GDPR/Data Retention Policy for more information on this.

 

3.4. Our staff

We process personal data on all staff, including full and part-time staff, temporary staff and contractors, to enable us to comply with our obligations as an employer.

3.4.1. Why do we process this data?

We need to collect data about staff to enable us to comply with all applicable employment laws and to fulfil required activities such as HR and payroll. This includes:

  • Maternity/paternity/parental leave
  • Diversity requirements
  • Performance Management
  • Working hours and attendance and absence
  • Safeguarding (including DBS and Single Central Register)
  • Sick leave
  • Payroll
  • Pensions
  • Legally required compliance training
  • Health and Safety – accidents or injuries at work

3.4.2. What data do we hold?

We will hold names, email addresses, contact details, addresses, photos, work entitlement, data relating to pension provision, education and career development data, data relating to professional life and economic situation (e.g. pay grade, tax deductions), DBS and safeguarding records including criminal records checks, and videos where consent has been given.

3.4.3. How long do we hold this data for?

We retain the personal data we process for as long as necessary to comply with our legal obligations. This is especially so for areas such as Pensions and certain Health and Safety requirements.

 

4. People who use our website

Personal data may be collected when individuals fill in forms on our websites or by corresponding with us by phone, e-mail or otherwise. This includes information provided when an individual registers to use our website or makes an enquiry.

We use cookies and similar technologies to recognise you when you visit our website. Some of these cookies are essential and are required for the website to function. Other cookies track users to enhance their experience on our website. You have the right to decide whether to accept or reject cookies. View our cookie policy to learn more about how we use cookies.

 

5. Sharing personal data

We will only share personal data with others when we are legally permitted and/or obliged to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.

Personal data held by us may be transferred to:

  • Local Authorities – we may share data with a local authority with your consent. We may also be required to share data to prove that we are using the funds they have given us for the agreed-upon purposes.
  • Social workers and other professionals – we will share data with social workers who will be providing ongoing assistance and services.
  • External course leaders, consultants and agency staff – we will share data with external course leaders, consultants and agency staff whom we will assign to deliver a service on our behalf.
  • Third parties must verify DBS and safeguarding needs and meet HMRC/tax requirements for successful recruitment.

We use third parties to support our services and help provide, run and manage our internal database.

We may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so by applicable law or regulation.

Where we have any safeguarding concerns, we are permitted under GDPR to disclose personal data to the relevant authorities without the data subject’s consent.

 

6. Locations of processing

The data that we collect from you may be transferred to and stored at a destination inside the European Economic Area (“EEA”) or within a cloud-based system. You agree to this transfer, storage, or processing by submitting your personal data. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

 

7. Individual’s rights

Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights as follows:

  • Individuals can request access to their personal data held by us.
  • Individuals can request us to rectify personal data submitted to us or, where appropriate, contact us via the relevant website registration page.
  • Individuals can request that we erase their personal data.
  • Where we process personal data based on consent, individuals may withdraw their consent at any time by contacting us or clicking on the unsubscribe link in an email received from us.
  • Individuals have other rights to restrict or object to our processing of personal data and the right to data.
  • Individuals can request information about any automated data processing that we may undertake.

If you wish to exercise any of these rights, send an email to info@firstbridgecentre.com.

 

8. Complaints

We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to info@firstbrigdecentre.com – we will look into and respond to any complaints we receive.

You also have the right to lodge a complaint with the UK data protection regulator, the Information Commissioner’s Office (“ICO”). For further information on your rights and how to complain to the ICO, please refer to the ICO website https://ico.org.uk/concerns.

 

9. Data controller and contact information

The data controller for First Bridge Education is First Bridge Education. If you have any questions about this privacy statement or how and why we process personal data, please contact us at info@firstbrigdecentre.com.

 

10. Changes to our privacy statement

This privacy statement will be kept up to date with the latest developments required.
This privacy statement was last updated on 13/02/2024.