The BSA Group comprises entities owned all or in part by the BSA Group Services Limited, a company registered in England and Wales with registration number 4676107 and whose registered office is at 27 Queen Anne’s Gate, London, England, SW1H 9BU.
BSA Group comprises BSA (Boarding Schools’ Association), BAISIS (British Association of Independent Schools with International Students) and BSAB Ltd (owner of schoolplaces.org), HIEDA (Health in Education association) and SACPA (Safeguarding and Child Protection Association). BSA Group champions excellence in boarding and safeguarding and delivers services for more than 1,000 organisations and individuals in 37 countries worldwide.
We take our responsibility as a data controller seriously and are committed to using the personal data we hold in accordance with the law.
This privacy notice provides detailed information about how we process personal data. Please read it carefully and, if you have questions regarding your personal data or its use, please contact The BSA Group via firstname.lastname@example.org by telephone on +44 (0)207 798 1580, or by post at First Floor, 27 Queen Anne’s Gate, London, UK, SW1H 9BU.
2. TYPES OF PERSONAL DATA WE PROCESS
The BSA Group processes personal data about prospective, current and past member and non-member organisations and individuals; staff and volunteers within these organisations; The BSA Group staff; training providers/contractors; information about individuals provided to us by organisations and individuals connected to members organisations.
The personal data we process takes different forms – it may be factual information, expressions of opinion, images or other recorded information that identifies or relates to a living individual. Examples include:
As an employer, The BSA Group needs to process criminal records information about individuals, particularly staff and contractors. We do so in accordance with applicable law, including with respect to safeguarding or employment, or by explicit consent.
3. COLLECTING, HANDLING AND SHARING PERSONAL DATA
The BSA Group collects most of the personal data it processes directly from members (in some cases directly from staff members and volunteers). We also collect data from third parties (working references, professionals or authorities) or from publicly available resources.
Personal data held by The BSA Group is processed by appropriate members of staff for the purposes for which the data was provided. We take appropriate technical and organisational steps to ensure the security of personal data about individuals, include secure use of technology and devices and access to our online systems. We do not transfer personal data outside of the European Economic Area unless we are satisfied that the personal data will be afforded an equivalent level of protection.
Some of our systems are provided by third parties, such as Microsoft Office suite and cloud storage, the The BSA Group websites, The BSA Group newsletters and mailings, and independent cloud storage providers. This is always subject to contractual assurances that personal data will be kept securely and only in accordance with our specific directions.
The BSA Group does not share or sell personal data with other organisations outside of the group without permission.
4. PURPOSES FOR WHICH WE PROCESS PERSONAL DATA
The BSA Group processes personal data to support its function of supporting excellence in boarding, safeguarding, inclusion and health education in the UK and internationally.
The processing set out above is carried out to fulfil our legal obligations (including staff employment contracts).
5. HOW LONG WE KEEP PERSONAL DATA
The BSA Group retains personal data only for legitimate and lawful reasons and only for so long as necessary and/or required by law. Staff records are retained for seven years for purposes of providing references if requested.
Details of staff from membership organisations are updated yearly/as requested. Staff who have left their organisation/association are removed from our contact list when notified unless they request to continue to receive information.
6. YOUR RIGHTS
Under Data Protection Law, you have the right to access and understand the personal data held about you, and in some cases, to ask for it to be erased or amended, or for us to stop processing it, subject to certain exemptions and limitations.
You always have the right to withdraw consent, or otherwise object, to receiving generic communications. Please be aware however that Hieda may have another lawful reason to process the personal data in question, even without your consent. This usually relates to staff records (time worked with The BSA Group, HR purposes and reference requests).
If you would like to access or amend your personal data; would like it to be transferred to another person or organisation; or have some other objection to how your personal data is used, please make your request in writing to:
The Chief Executive, The BSA Group, First Floor, 27 Queen Anne’s Gate, London, UK, SW1H 9BU.
We will respond to any such written requests within a reasonable timeframe and within statutory time-limits, which is one month in the case of requests for access to information. We will be able to respond quickly to targeted requests for information. If the request is manifestly excessive or similar to previous requests, we may ask you to reconsider or charge a proportionate fee, but only where Data Protection Law allows.
You should be aware that certain data is exempt from the right of access. This may include information which identifies other individuals, or information which is subject to legal privilege. We are also not required to disclose any confidential reference given by The BSA Group for the purposes of the education, training or employment of any individual.
7. CHANGE OF DETAILS
The BSA Group tries to ensure that all personal data is held in relation to an individual is as up to date and accurate as possible. Please notify email@example.com of any changes to information such as contact details.
8. THIS POLICY
Our privacy notice should be read in conjunction with our other policies and terms and conditions which make reference to personal data.
The BSA Group will update this Privacy Notice when required. Any substantial changes that affect how we process your personal data will be notified on our website, and to you directly as far as practicable.
If you feel we have not complied with this policy or have acted otherwise than in accordance with Data Protection Law, you should notify the Director. You can also make a referral to, or lodge a complaint, with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with us before involving them.