NORD ANGLIA EDUCATION LIMITED DATA PROTECTION POLICY
Nord Anglia Education Limited and its subsidiaries (Nord Anglia), through the course of its normal business activities and as a specialist provider of education and learning services, collects and uses personal information (or personal data) relating to individuals. Such individuals may include members of the public and public bodies with whom Nord Anglia is directly or indirectly engaged; previous, current and prospective employees; Nord Anglia’s customers and suppliers.
In order to operate ethically and in compliance with legal and contractual obligations, the correct and lawful treatment of such personal data is paramount to Nord Anglia demonstrating that it employs best practice standards, maintains its competitive advantage and ensures client confidence, particularly given the sensitivity of the education sphere in which Nord Anglia operates.
The law which governs the identification, treatment and handling of personal data in England and Wales is the Data Protection Act 1998 (“the Act”). The Act introduced a number of obligations and standards with which companies and individuals in England and Wales must comply, together with the appointment of the Information Commissioner’s Office as regulator to monitor compliance with the requirements of the Act.
Nord Anglia understands its obligations under the Act and is committed to maintaining high standards of confidentiality and privacy with respect to the processing of personal information.
The aim of this Policy is to set out the obligations of Nord Anglia and its employees when processing personal data about individuals. It is important that all Nord Anglia employees understand the rules governing the identification, treatment and handling of personal data. Advice can be obtained directly from the legal department and a guidance document entitled “Legal Guidance: Data Protection Act 1998” accompanies this Policy. Nord Anglia employees may also find the Information Commissioner’s Office website of use in seeking preliminary guidance. The website can be found at the following address:
DATA PROTECTION PRINCIPALS
Personal data is information which relates to a living individual (not companies, although information about a named individual of a company will be personal data) who can be identified from that information, whether or not in conjunction with any other information. Common examples of personal data which may be used by Nord Anglia in its day to day business activities include names, addresses, telephone numbers and other contact details, CV’s, performance reviews and salaries.
Nord Anglia will be processing personal data if it holds personal data and/or carries out any operation relating to that information such as altering or deleting it, accessing, downloading, reviewing or transferring it.
Any personal data which Nord Anglia collects, records or uses in any way, whether it is held on paper, on computer or other media will have appropriate safeguards applied to it to ensure that Nord Anglia complies with the Act.
There are 8 Data Protection Principals put in place by the Act to make sure that information is handled properly, the principals state that personal data must be:
Nord Anglia upholds these principals**.
** NB: The Principals are contained in Schedule 1 of the Act: Part I of the Schedule sets out the Principals, and Part II sets out guidelines for interpretation. A copy of the relevant text can be obtained from the Legal Department or on the Information Commissioner’s website and as such only the most significant parts of the text are mentioned in this Policy.
Nord Anglia Education Limited and each of its subsidiaries in the UK who handle personal data are registered with the Information Commissioner as a data controller, which allows Nord Anglia to control and to process personal data in accordance with the Data Protection Principals. Nord Anglia is authorised by the Information Commissioner’s Office to control and process personal data for various purposes. Nord Anglia intends to collect personal data for the sole purpose or meeting specifically planned, agreed and necessary purposes and to retain that information for as long as those purposes remain valid. Such purposes include:
Any personal data collected by Nord Anglia must only be passed to a third party where required by law, to comply with a statutory obligation or where Nord Anglia has obtained the express written consent of the individual concerned.
In order for Nord Anglia to meet the requirements of the Data Protection Principals, Nord Anglia will:
Where Nord Anglia collects sensitive personal data, it will take appropriate steps to ensure that it has explicit consent to hold, use and retain such data. Sensitive personal data includes personal data about an individual’s racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sex life, details of the commission or alleged commission of any offence and any court proceedings relating to the commission of an offence.
Companies within the Nord Anglia group may share personal data (only within the Nord Anglia group and excluding sensitive personal data) to enable them to integrate administrative tasks such as address changes. This helps to maintain consistent records across the group.
NOTE TO DATA SUBJECTS
Under the Act, any person who believes Nord Anglia may hold personal data about them, may write to request a copy of this personal data from Nord Anglia. Nord Anglia is legally permitted to charge a fee (currently £10) for providing this information. If the details we hold about you are inaccurate, you have the right to ask us to correct, rectify, block or erase such inaccurate information. In certain circumstances you may have the right to prevent processing.