Privacy Policy

If you are after the privacy notice for Pupils and their families please click here:

GDPR Privacy Notice Pupils and their Families 2019

Website Privacy Notice

Who we are

Our website address is: http://www.stb.academy

United Endeavour Trust is the data controller of the personal information you provide to us. This means the trust determines the purposes for which, and the manner in which, any personal data relating to pupils and their families or website visitors is to be processed. Mr John Dooley acts as a representative for the Trust with regard to its data controller responsibilities; he can be contacted on 01782 973000 or john.dooley@uetrust.org. The Principal at each academy will be responsible in ensuring requests are directed to the appropriate team to respond to requests made.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

We currently do not allow the publishing of comments, and therefore this data will not be published in the public domain.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Information posted via our contact forms are collected by the trust office, or respective officer at the academy office depending on their requirements.   The response address is copied via email and stored on our website systems to enable audit trail and the ability to respond to the request.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

We do not use analytical services.

Who we share your data with

We do not share your information with any third parties, and follow a strict Privacy by Design policy.  We employ security services which protects us from attack, and this might include sharing IP address/location information with public bodies, such as law enforcement.

Our hosting provider 1and1 may collect information for their own legal duty and requirements.  A copy of their written statement is as follows:-

On the 25th May 2018 the new General Data Protection Regulation (GDPR) shall come into effect.

Under this new law, European standards in data protection shall be in line with current technology standards. This is good news for all individuals who are affected by data processing and shall improve the security of usage of your personal data.

We have updated our Terms and Conditions and our Privacy Notice in accordance with the new General Data Protection Regulation.

What this means for you:

  • Further protection of your personal data.
  • Standardisation of European data protection.
  • Adoption of data protection in line with technology changes.
  • Further information regarding GDPR will be available in 1and1 Help Centre by 23/05/2018.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, or posted via our contact form you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Our security service provider, Sucuri intercept bad traffic on our behalf and may capture your source IP if your computer is compromised and/or is used for illegal activities.

Your contact information

Mrs Sophie Dutton-Johnson is the data protection officer. Her role is to oversee and monitor the Trust’s data protection procedures, and to ensure they are compliant with the GDPR. The data protection officer can be contacted on 01782 367650 or DPO@uetrust.org.

Mr John Dooley acts as a representative for the Trust with regard to its data controller responsibilities; he can be contacted on 01782 973000 or john.dooley@uetrust.org. The Principal at each academy will be responsible in ensuring requests are directed to the appropriate team to respond to requests made.

Additional information

How we protect your data

We protect our website data using a paid for security provider Securi, who stop malicious attacks and prevent code injections in attempts to obtain your personal data that we might hold.  We also have audited logons to the administration panel, which show who made changes to the website and when using Securi Security plugins for WordPress.  These alerts are sent to the Head of IT, who can approve or follow them up, and in the event of a breach would then follow the breach procedure policy – which includes informing users who might be affected by the breach.

What data breach procedures we have in place

The trust has a fully functional data breach policy in place, with an instant response team.  Requests for this policy can be made by contacting the DPO (see our contact information above).

What third parties we receive data from

Sucuri provide the trust with Security reports on a weekly basis, enabling us to protect the personal information that might be contained with our website data sets.

What automated decision making and/or profiling we do with user data

Sucuri may make decisions on our behalf when profiling networked traffic to our websites, this could include blocking access to the site after multiple attempts at Denial of service attacks for instance.

Industry regulatory disclosure requirements

We collect and use personal data in order to meet legal requirements and legitimate interests set out in the GDPR and UK law, including those in relation to the following:

  • Article 6 and Article 9 of the GDPR
  • Education Act 1996
  • Regulation 5 of The Education (Information About Individual Pupils) (England) Regulations 2013

You have the right to:

  • Be informed about how United Endeavour Trust uses your personal data.
  • Request access to the personal data that United Endeavour Trust holds.
  • Request that your personal data is amended if it is inaccurate or incomplete.
  • Request that your personal data is erased where there is no compelling reason for its continued processing.
  • Request that the processing of your data is restricted.
  • Object to your personal data being processed.

Where the processing of your data is based on your consent, you have the right to withdraw this consent at any time.

If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/