Scantabout School Association

A charity supporting the children and teachers of Scantabout School

Who we are

Scantabout School Association (SSA) is a charitable organisation (charity no: 1034706) comprised of parents and teachers at Scantabout Primary School.

Privacy policy
Safeguarding policy
Equal opportunities policy
Social media policy

COOKIES

You may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

PRIVACY

Introduction
The Data Protection Act 1998 (the “Act”) and the General Data Protection Regulations (the “GDPR” effective from 25 May 2018), regulate the way in which information about individuals connected with the Scantabout School Association (the “Charity”) is collected, stored, used or transferred. Compliance with the Act and GDPR is mandatory.
The Charity are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR), the regulations set by the European Union, and Data Protection Act 2018 (DPA 2018), the UK law that encompasses the GDPR.
This Privacy Notice applies to members, parents/guardians of children attending the school, volunteers, employees of the school, contractors, suppliers, supporters, donors and members of the public who will make contact with the Charity.


The Data Controller for the Charity is the Head of the Charity. Being a small charity, there is no requirement to appoint a Data Protection Officer. Members of the General Committee are responsible for ensuring that any data that is processed by the
Charity is processed in accordance with the Act and GDPR (the “Data Controllers”). At present all data is to be processed by members of the General Committee and so no agreements are in place with any external “Data Processors”.
This policy sets out how personal data is collected, stored or transmitted on behalf of the Charity. Noncompliance could result in complaints, fines, adverse publicity and reputational damage.
The Charity takes privacy extremely seriously. The Charity will not share, sell, rent or lease your details to anyone else for marketing purposes. The Charity will only ever use your information for charitable purposes, to keep you informed, allow you to support us and explain how your donations make a difference to our school.
Persons or organisations that choose to hear from the Charity may be sent information based on their
previous offers of assistance. This might be about volunteering for the Charity, events, fundraising,
appeals, admin or other charitable purposes.
All members of the General Committee must comply with the regulations when handling personal data
and must attend any training session on Data Protection issues which the Charity considers necessary.
Any member of the General Committee who considers that this policy has not been followed should contact the Trustees of the Charity.
The Charity take reasonable and appropriate measures to protect Personal Information from loss, misuse and unauthorised access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Information.
The Charity complies with its obligations under the GDPR and the Act by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
In most cases the lawful basis for processing will be through the performance of a contract for personal data of our Committee Members and adult volunteers and legitimate interest for personal data of our customers and supporters. Sensitive (special category) data for both Committee Members and adult volunteers will mostly align to the lawful basis of legitimate activities of the Charity. Explicit consent is
requested from parents/guardians to take photographs of children attending our school. On occasion we may use legitimate interest to process photographs where it is not practical to gather and maintain consent such as large-scale events. On such occasions we will make it clear that this activity will take place and give individuals the opportunity to exercise their data subject rights.
The Charity will use personal data for the following purposes:

  • to provide information about meetings, activities, training courses and events to our members
    and other volunteers.
  • to administer records
  • to fundraise and promote the interests of the Charity
  • to manage our volunteers
  • to maintain our own accounts and records (including the processing of gift aid applications)
  • to inform you of news, events, activities and services being run by the Charity
  • to ensure and evidence your suitability if volunteering for a role in the Charity
  • to contact your next of kin in the event of an emergency
  • to ensure you have and maintain the correct certifications, qualifications and skills.
    The Charity will use personal sensitive (special) data for the following purposes:
  • for the protection of a person’s health and safety whilst in the care of the Charity
  • to respect a person’s religious beliefs with regards to activities, food and holidays
  • for equal opportunity monitoring and reporting if required
    The Charity may share your personal information with others outside of the Charity where it needs to
    meet a legal obligation. This may include its insurance subsidiary (Parentkind and Zurich Insurance),
    local authority services and law enforcement. The Charity will only share your personal information to
    the extent needed for those purposes.
    The Charity will only share your data with third parties outside of the organisation where there is a
    legitimate reason to do so.
    The Charity will never sell your personal information to any third party.
    Where personal data is shared with third parties the Charity will seek assurances that your personal
    data will be kept confidential and that the third party fully complies with the GDPR and the Act.

General Responsibilities
Information Commissioner

The Charity is not required to register with the Information Commissioners Office, as we:
do not hold CCTV footage;

only process information necessary to establish or maintain membership or support;

only process information necessary to provide or administer activities for people who are
members of the charity or have regular contact with it;

only share the information with people and organisations necessary to carry out the charity’s
activities; and

processed fairly and lawfully;

obtained correctly and in accordance with the Charity needs;

adequate, relevant and only as much as is required for the purposes of the Charity;

accurate, kept up to date and are erased or rectified without delay;

kept in a form which permits identification of the data subjects for no longer than is necessary
for the purposes of the Charity; and

processed in a manner that ensures appropriate security of the personal data.
Basis for Processing Data
The Charity processes data on the basis of “Legitimate Interest”. In determining this basis,
consideration has been given to the following three tests:

only keep the information while the individual is a member or supporter or as long as necessary
for member / supporter administration.
Data Processing – The Guiding Principles
The Act / GDPR requires that personal data must be dealt with in accordance with certain principles.
These require that all Personal Data must be:

Purpose test: Data is only held to maintain contact details of those who have a relationship with the Charity (e.g. parents who make payments to the Charity (such as in relation to
subscriptions or the 101 Club), and individuals / organisations related to the annual Summer and Winter Fayres or other events organised by the Charity.

Necessary test: The maintenance of the data allows reconciliations to be carried out in relation to payments received by, and paid out of, the Charity. Data is held regarding adults and organisations only, never children.

Balancing test: All individuals and organisations have freely provided the information that is maintained by the Charity.
Sharing/Transfer/Use of Data
Data from one function of the Charity’s operations may not be used in another and it may not be
transferred to any other organisation or person. Only the people authorised by the General Committee
to run that part of the Charity may use the information held.

Holding of Data
Data may be held on committee member’s individual computers and personal devices. However, all
files which hold relevant data must be kept according to guidelines in the Appendix below, and must not
be kept longer than necessary. The Trustees and Committee Members should be advised if any new
data processing is due to take place, to ensure that it complies with the Data Protection Policy/Privacy
Notice. There will be at least one review per year of data held by the Charity. Paper records for events
are used rather than relying on secure digital systems, as often events may be held where internet and
digital access will not be available. The Charity will minimise the use of paper to only what is required
for an event or other service.
If the Charity wish to use your personal data for a new purpose, not covered by this Data
Protection/Privacy Notice, then the Charity will provide you with a new notice explaining this new use
prior to commencing the processing and setting out the relevant purposes and processing conditions.
Where and whenever necessary, the Charity will seek your prior consent to the new processing.


Training Policy
All members of the General Committee who manage data are required to be trained as to Data Protection Policy. New members of the General Committee should receive data protection training to explain how they should handle and store personal data. Existing members should also be provided
with refresher training on a regular basis. It is up to the Trustees to enforce this policy.


Public Access to Records
This Data Protection Policy will be kept on the charity’s website page within the school and will be
made available upon request. Access to and requests for changes to data records by individuals must
be made in writing (including email) to the Head of the Charity.


Your Rights
As a Data Subject, you have the right to object to how the Charity process your personal information. You also have the right to access, correct, sometimes delete and restrict the personal information the Charity use. In addition, you have a right to complain to us and to the Information Commissioner’s
Office (www.ico.org.uk).
Unless subject to an exemption under the GDPR and the Act, you have the following rights with respect to your personal data:

  • The right to be informed – you have a right to know how your data will be used by the Charity.
  • The right to access your personal data – you can ask the Charity to share with you the data we
    have about you. This is a Data Subject Access Request (“SAR”). Any such request made to the
    Charity received in writing with your signature will be acknowledged and responded to within
    one month. If the Charity cannot meet this deadline you will be given an explanation for the
    delay and a new timescale to respond to your SAR.
  • The right to rectification – this just means you can update your data if it’s inaccurate or if
    something is missing.
  • The right to erasure – this means that you have the right to request that the Charity delete any
    personal data held about you. There are some exceptions, for example, some information will
    be held by the Charity for legal reasons.
  • The right to restrict processing – if you think that the Charity are not processing your data in line
    with this privacy notice then you have the right to restrict any further use of that data until the
    issue is resolved.
  • The right to data portability – this means that if you ask the Charity share your data with you or
    others in a way that can be read digitally – such as a pdf. This makes it easier to share
    information with others.
  • The right to object – you can object to the ways your data is being used.
  • Rights in relation to automated decision making and profiling – this protects you in cases where
    decision are being made about you based entirely on automated processes rather than a
    human input, it’s highly unlikely that this will be used by the Charity.
    If you have any queries relating to this Privacy Notice or our use of your personal data, please contact
    the Head of the Charity.

APPENDIX


Password Security
All computer records which contain personal data must be protected by “strong” passwords, which must
be at least 8 characters long and incorporate at least three of the following: uppercase letters, lowercase letters, symbols and numbers.

Currently, the following information is held by the Charity:

Treasurer Records
The Treasurer keeps multiple records:
Charity Accounts: This data is kept in paper (e.g. bank statements), Excel spreadsheets and Word
documents.
101 Club Data: This data is used by the Treasurer to reconcile payments with bank account
statements. See 101 Club section for retention times.
Charity Volunteer Records
The charity Head keeps names and email addresses of those people who have offered to help at
events at the school where the Charity is involved. This information is retained by the Head on
personal devices/computer. Annual requests must be made to ensure retention of this information is
applicable.


Secretary Records
The secretary holds names and email addresses for members of the General Committee as well as any
others who attend committee meetings and have requested minutes. These records need to be kept
on the Secretary’s email server for ease of email transfer, and must not be used for any other purpose
other than official business, unless the other party is a personal contact and consents to such use.


101 Club Records
Records of parents and others who apply (by cash, cheque, direct payment to account, or by standing order) to join the 101 Club, should be kept only by the 101 Club organiser, and copied to the Treasurer (to check amounts against bank records and work out termly prize payments). Details may include names, address including postcodes, telephone numbers and email address. Paper records should be kept until the start of the following year, after which they should be destroyed by shredding. Computer data should be deleted two years after contributions cease.


Summer, Spring and Winter Fayres Records
Records are normally kept for the last two years’ events, as well as individuals who have expressly asked to be added to the mailing list for future events. This data includes Name; Company name where applicable contact name and an email address. Additional information such as a telephone
number and postal address is recorded if given. This data will be deleted after two years; paper records should be destroyed by shredding.


Estate Agent Sponsorship
Records of parents and others who apply to have an estate agent board on their property advertising a Fayre (or other event that the PTA may organise), should be kept only by the Estate Agent Coordinator, and copied to the Head of the charity. Details include names, address including postcodes, telephone numbers and email address. Computer data should be deleted two years after it was first collected.


EasyFundraising
The Charity is registered with EasyFundraising for supporters of our Charity to help raise donations through online purchases with third party companies and organisations. The data passed from EasyFundraising to the Charity is limited to initial and surname in compliance with GDPR and the Act.
The Charity retains this information on personal devices for the app. This information is not passed by email or in any other form. Any transfer of records on change of organiser can be done by email, the password must be sent separately by email or by another means e.g.: text message, mail, verbally.

SSA Safeguarding

Introduction
This policy sets out the principles for safeguarding within the Scantabout School Association. It is relevant to all within the association and is endorsed by the committee of the Scantabout School Association. It will be reviewed annually to ensure that it remains appropriate to the Organisation and its volunteers needs.
Useful Links
https://www.parentkind.org.uk/Info-sheets/Volunteer-checks


Responsibility
Parent Teacher Associations (PTAs) have a duty of care to consider the safety of children and vulnerable adults. This should be taken into consideration when risk assessing a PTA event and the duration of such events.


It is best practice for PTAs to have a set of procedures in place and guidelines for volunteers to follow at events, this may be developed with guidance from the school All PTA members should be aware of the person responsible for safeguarding within the school. The school may provide training for PTA members on safeguarding and the procedures to follow or the PTA may arrange their own training for its volunteers.


What to do if you have concerns about a child
You may have concerns about a child because of something you have seen or heard or a child may choose to
disclose something to you. If a child discloses information to you, you should:

  • Listen to the child without displaying shock or disbelief
  • Accept what is said and reassure the child, do not make promises that you may not be able to keep,
    e.g. ‘Everything will be alright now’
  • Do not ask leading questions and do not interrogate the child – this is not your responsibility to
    investigate
  • Explain to the child what you have to do next and who you have to talk to
  • Take notes, if possible, or write up the conversation as soon as possible afterwards
  • Contact the school designated safeguarding lead, deputy designated safeguarding lead or a member of
    the school leadership team as soon as possible
    Guidance for Events:
  • All Events should be risk assessed
  • Events where children are dropped off and collected – a register should be available and children should
    be checked in and out of the event. The PTA should have a list of any child being collected by another
    parent/carer or travelling home alone
  • Contact details for the child’s parent/carer may be collated by the PTA for the event
  • Exits should be monitored to ensure children cannot leave an event unattended
  • If this is a regulated activity the volunteer will need an Enhanced DBS check.

Equal Opportunities Policy


This policy sets out the principles for Equal Opportunities within the Scantabout School Association. It is relevant to all within the association and is endorsed by the committee of the Scantabout School Association.


Commitment
The Scantabout School Association is committed to Equal Opportunities for all members of the association.


Definition
It is our policy that all committee and volunteer decisions are based on the legitimate needs of the association. The Scantabout School Association will not discriminate on the basis of race, nationality, sex, gender reassignment, marital or civil partner status, disability, religion or belief, age or any other ground on which it is or becomes unlawful to discriminate under the laws of England and Wales.


Rights and Responsibilities
The association recognises the rights of its members to be able to volunteer for the association without fear of discrimination or harassment. The Scantabout School Association’s commitment to equal opportunities extends to all aspects of volunteering including:
Election of Committee Members
Allocation of Tasks
Conduct Issues, discipline and grievances.

All members have a responsibility to ensure compliance with this policy, to treat other members with dignity at all time and not to discriminate against or harass other members. This Policy may be amended at any time at the discretion of the current elected committee.

Social Media Policy

Scantabout School Association Social Media Policy

This policy explains how our association uses social media. It is available and applies to all members
of our association.

Details of the social media used by our association
The Scantabout School Association (also referred to as the SSA) uses Instagram
https://www.instagram.com/scantaboutsa/, Twitter https://twitter.com/ScantaboutSA
and Facebook as follows:
Scantabout School Association: www.facebook.com/Scantaboutschoolassociation
Scantabout School Association News: www.facebook.com/groups/1026014101160735
Scantabout Shares: www.facebook.com/groups/1123341825206874


Access to the social media used by our association
The Scantabout School Association has a Twitter and an Instagram presence. These are both open, allowing anyone with an interest to follow us and respond to our tweets/posts. The Scantabout School Association has varying presence on Facebook. Our “Scantabout School Association” page is an open page, meaning it can be accessed by any Facebook user without permission being given by the SSA. This page only accepts postings from the admin account however any Facebook user can comment on posts without permission being needed from the SSA.
Our two Facebook groups; “Scantabout School Association News” and “Scantabout Shares” are both closed groups, meaning that you can apply to join but this will need to be approved by the SSA through our Facebook group administrators. Only approved members can see posts made to the group. However, once you are a member of the group, you can also post and these will be seen by all other members of the group who have been similarly approved.


Permitted members
The Facebook groups of Scantabout School Association are only intended for members of the association, in this case the parents/guardians and staff of Scantabout School. This is regulated through this being a closed group and members needing to gain permission to join from the PTA’s Facebook group administrators.

Scantabout School Association do not want to encourage inappropriate use of social media by children. No application to join our Facebook group will be accepted by anyone aged less than 13 years.

How this is used by our association
Scantabout School Association uses its Facebook page & Scantabout School Association News group, and its Instagram and Twitter accounts exclusively for the running of the association. They are used to communicate with members, promote events or elements of events, to recruit volunteers to support the SSAs activities, thank local supporters and canvass members’ views. The Scantabout Shares Facebook group facilitates members of the Scantabout School community to
pass on unwanted items to others who need/want them.

Usage that is not permitted
The Facebook page & groups of Scantabout School Association does not allow any personal correspondence between members, is not intended for discussing any aspect of the school other than the SSA and its activities and should not be used to promote any business other than where this is done for the benefit of the SSA and with its permission. Inappropriate posts, including any derogatory comment, can and will be removed by the administrator and the SSA retains the right to ban any user who continues to make inappropriate use of the group.

Photographs
The Facebook page & groups of Scantabout School Association allow members to post photographs. However, it is explicitly assumed that anyone posting a photograph will own the rights to the image and will have the permission of anyone featured to do so. The SSA accepts no responsibility regarding ownership or permissions for any photographs posted by members of the group.

Application of this policy
By using the Facebook group of the SSA you are accepting the terms of this policy. If you do not agree with any of the terms, please remove yourself as a member of the group.

Availability of this policy
This policy is publicly available through the page on the school website www.scantaboutschoolassociation.org/policies#social and is sent regularly (at least once a year) to all active members of the SSA for whom an email address is held.