Aimez-vous Academy

Register

Data Protection Policy

Introduction

Aimez-vous Academy is committed to protecting the privacy and security of all personal data we collect and process. We adhere to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 to ensure that all personal information is handled responsibly and transparently.

2. Purpose

This policy outlines how Aimez-vous Academy collects, uses, stores, shares, and disposes of personal data relating to learners, staff, and other stakeholders.

3. Scope

This policy applies to:

  • All staff, contractors, and volunteers handling personal data
  • All learners whose data is collected or processed
  • Any third parties working with or on behalf of Aimez-vous Academy

4. Legal Framework

This policy complies with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Freedom of Information Act 2000 (where applicable)

5. Data We Collect

We may collect the following types of data:

  • Personal identifiers (e.g. name, date of birth, contact details)
  • Educational records (e.g. enrolment details, assessment results)
  • Attendance and progress records
  • Health or support needs (where necessary for reasonable adjustments)
  • Safeguarding and disciplinary information

6. Lawful Basis for Processing

We process data under the following lawful bases:

  • Consent
  • Contractual obligation
  • Legal obligation
  • Legitimate interest
  • Vital interests (for safeguarding or medical emergencies)

7. Data Subject Rights

All individuals have the right to:

  • Access their data
  • Request correction or deletion
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent at any time (where applicable)
  • Requests should be submitted to the Academy’s Data Protection Officer.

8. Data Storage and Security

We use secure digital and physical systems to store data. Access is restricted to authorised personnel only. Measures include:

  • Password-protected systems
  • Encrypted storage and backups
  • Secure disposal of confidential information

9. Sharing Data

We only share data with:

  • Awarding organisations (e.g. Nqual)
  • Funding or regulatory bodies
  • Safeguarding authorities (if required)
  • Third-party service providers (under contract)
  • Data is never sold or shared without legal or operational justification.

10. Data Retention

We retain personal data in accordance with our Data Retention Schedule and only as long as necessary for educational, legal, or operational purposes.

11. Breaches and Complaints

All suspected data breaches must be reported immediately to the Data Protection Officer. We will investigate and, if necessary, report to the ICO within 72 hours.

Complaints about data handling should also be directed to the Data Protection Officer. If unresolved, individuals may escalate concerns to the Information Commissioner’s Office (ICO).

12. Roles and Responsibilities

  • Data Protection Officer (DPO): Oversees compliance and responds to data requests.
  • Staff: Must follow this policy and complete data protection training.
  • Learners: Are expected to respect the data privacy of others.