Privacy Statement

Privacy Statement

About Us

Achievement for All is a not-for-profit organisation (Charity No. 1142154 – Company No. 07528857) set up to work in partnership with early years settings, schools, colleges and other organisations and stakeholders to improve the outcomes for all children and young people regardless of background, challenge or need.

Introduction

Achievement for All 3As is strongly committed to protecting personal data. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as stated at the point of collection.

Personal data is any information relating to an identified or identifiable living person. Achievement for All 3AS processes personal data for several purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.  

When collecting and using personal data, our policy is to be clear about why and how we process it. Further information is provided about specific processing activities below.

Achievement for All programme participants and partners

Most of our customers using or paying for the charity’s services and are doing so in a business-to-business capacity. In this case, there is a legal and contractual reason for processing personal information.

How we obtain this personal information? - Initially, data is obtained from public sources of information about education organisations, including national and local datasets and through websites. Sometimes initial contact details are provided by individual employees and other individuals obtained from an existing relationship or activity.

This will be supplemented by data collected from individuals themselves as they engage in charity activities e.g. through Early Years, School, or FE College programmes, funded research or development projects, and events or services such as Million Minutes, Bubble subscriptions, Bubble Open Zone, etc.

What information do we collect? - We only collect sufficient information to identify and contact individuals about the services or activities we provide. This includes name, job role, organisation address, organisation e-mail and organisation phone number. As the relationship develops other information is added to the record by staff and others from the interactions they have, including e-mails, conversations, meetings and services provided.

How is this information used? - This is stored in our CRM and finance systems. The information is used to:

  • provide information, support, services and products
  • understand more about a customer’s individual situation that so we can provide more effective and tailored services
  • build up a record of our work with individual and organisations
  • review the impact and effectiveness of our work and tell others about its value. This will always be anonymous and unattributed, unless we have obtained specific permission to do so
  • carry out administrative purposes such as billing, accounting and record keeping.

How long do we keep this information? – We keep personal data for as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations. In this case, no longer than seven years.

What about marketing? – The mission of the charity is to improve the lives of disadvantaged, vulnerable and underachieving children and young people in England and therefore we believe we have a legitimate interest to our previous and existing customers, in a business-to-business capacity, to let them know about other services the charity provides. We will always offer customers the option to opt-out of e-mail marketing.

Children and young people and their parents, or carers

How we obtain this personal information? – Individual Pupil Data is systematically provided by schools and settings. Sometimes information is also provided about or disclosed by children and their parents.

What information do we collect? - Personal details such as names, date of birth and other personal details are NOT collected. Instead anonymous records are maintained containing contextual and attainment data. This is collected on the direct beneficiaries of Early Years, School and FE College programmes on an annual basis. This includes the Child’s UPN (Unique Personal Number), gender, disadvantage indicators (SEN, FSM, CLA, etc), attendance, exclusions, and attainment in reading, writing and maths.

How is this information used? – Whilst this information is not strictly personal data, it is treated with the highest standards of security. All data is transferred and stored in an encrypted format. The UPN is only exposed to the member of staff supplying the data and the IT team administrators who process and analyse it. All Charity staff with access to individual pupil data have an enhanced DBS check. The analysis of this data enables the charity to:

  • understand more about a customer’s individual situation that so we can provide more effective and tailored services
  • build up a record of our work with individual and organisations
  • review the impact and effectiveness of our work and tell others about its value.

Specific permission will always be sought if photographic or case study materials are developed based on this material.

How long do we keep this information? – We keep personal data for as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations. In this case, no longer than seven years.

What about marketing? – no personal information is stored, and no marketing will take place.

Other education settings (potential beneficiaries)

Contact details from education settings that have not engaged with the charity are processed in a business-to-business capacity based on data available in the public domain.

How we obtain this personal information? – data is obtained from public sources of information about education organisations, including national and local datasets and through our websites and other activities, or events. Sometimes initial contact details are provided by individual employees and other organisations resulting from an existing relationship or activity.

What information do we collect? - We only collect sufficient information to identify and contact individuals about the services or activities we provide. This includes name, job role, organisation address, organisation e-mail and organisation phone number.

How is this information used? – Data is stored in our Dynamics CRM and NAV systems along with details of our interactions, engagement and the potential products to be purchased or accessed. The information is used to:

  • provide information about products and services
  • understand more about a customer’s individual situation that so we can provide more effective and tailored services
  • build up a record of our engagement with individuals and organisations
  • carry out administrative purposes such as billing, accounting and record keeping.

How long do we keep this information? – We keep personal data for as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations. In this case, no longer than seven years.

What about marketing? – The mission of the charity is to, to make social mobility real, to improve the lives of disadvantaged, vulnerable and underachieving children and young people in England and therefore we believe we have a legitimate interest in approaching potential education customers, in a business-to-business capacity, to let them know about other services the charity provides. We will always offer potential customers the option to opt-out of e-mail marketing.

Individuals who purchase or access services

Some of the charity’s services are offered to individual in a private capacity, rather as part of a business-to-business relationship. In these cases, more stringent practices are in place and consent needs to be sought from the user to process their information. Currently this applies to customers purchasing on-line access to the Bubble e-learning platform and private individuals participating in the Million Minutes campaigns.

How we obtain this personal information? – The personal collected collection at the point of registration and payment via our website.

What information do we collect? - Name, home address, telephone number, email and payment details via PayPal (e-learning customers only).

How is this information used? – Data is stored in our CRM and finance systems along with details of products, service and activities. The information is used to:

  • provide information, support, services and products
  • understand more about a customer’s individual situation that so we can provide more effective and tailored services
  • build up a record of our work with individual and organisations
  • review the impact and effectiveness of our work and tell others about its value. This will always be anonymous and unattributed, unless we have obtained specific permission to do so
  • carry out administrative processes such as billing, accounting and record keeping.

How long do we keep this information? – We keep personal data for as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations. In this case, no longer than five years.

What about marketing? – we will only contact paying customers that their subscriptions are ending and will only contact them concerning other services once their consent has been obtained.

Employees and contractors

We collect personal data concerning our own personnel as part of the administration, management and promotion of our business activities.

Employees should refer to the data privacy notice and other relevant policies for information on why and how personal data is collected and processed. These documents are available on the AFA SharePoint Site.

Supporters

How we obtain this personal information? – Initially, data is obtained from public sources of information about funders, trusts and corporate organisations, including national and local datasets and through websites. Sometimes initial contact details are provided by individual employees and other organisations resulting from an existing relationship or activity.

This is supplemented by data collected from individuals and organisation as we engage with them.

What information do we collect? - We only collect sufficient information to identify and contact individuals about potential funding sources. This includes name, job role, organisation address, organisation e-mail and organisation phone number. As relationship develops other information is added to the record from staff and others from e-mails, proposals, bids, reports, conversations, meetings and services provided.

How is this information used? – Data is stored in our CRM and finance systems along with details of interactions. The information is used to:

  • obtain information about funding and support available
  • build up a record of our relationships with individuals and organisations
  • submits proposals and bids for funding
  • carry out administrative purposes such as billing, accounting and record keeping.

 

How long do we keep this information? – We keep personal data for as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations. In this case, no longer than seven years.

What about marketing? – Supporter who we deal with at an individual level will be invited to provide consent at regular intervals, so we can contact them potential funds available. Organisations will be approached in a business-to-business capacity and will be provided with the opportunity to opt-out of e-mail and telephone contact each time they are contacted.

Suppliers

How we obtain this personal information? – Personal data at the point of purchase by the Charity.

What information do we collect? - Name, supplier, business address, business telephone number, business email and bank payment details.

How is this information used? – Data is stored in our CRM and finance systems along with details of the products, service and activities we have purchased. The information is used to:

  • carry out administrative purposes such as billing, accounting and record keeping.
  • build up a record of our suppliers’ work.

How long do we keep this information? – We keep personal data for as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations. In this case, no longer than seven years.

What about marketing? – we will only contact Suppliers concerning other services once their consent has been obtained

Security

Personal information is treated with the highest standards by the charity. We aim to adhere to internationally recognised security standards and our information security management system relating to client confidential data is independently certified by Cyber Essentials certification, which is renewed on an annual basis.

Access to data is regularly reviewed and only accessible to the relevant trained staff and contractors.

If we use external companies to collect or process data on our behalf, we will let you know. Before contracting with an external company, we will carry out comprehensive checks, and put in place contracts to control how they manage the data they may collect or have access to.

Data is hosted on servers located within the UK and will not be transferred out of the European Union.

Your rights

We will only collect the data that we need to carry out the purposes we have described in this statement.

There may be occasions when we some data collection is mandatory e.g. your name, email address and employer to access our services. If you don’t provide this data, we will not be able to provide you with this service or product. We will tell you when this is the case.

At any time that you can:

  • gain access to your personal information
  • object to the processing of your personal information
  • restrict the processing of your personal information
  • ask for a copy of your personal data (known as data portability)
  • rectify or correct your personal information, and
  • have your personal information removed (known as Erasure or the ‘right to be forgotten’).

You will be entitled to up out of email correspondence in certain cases and withdraw consent where this has been provided.

If you are at any point unhappy with the way that we handled your personal data, please let us know using the contact methods below and we will attempt to remedy the situation.

If you remain dissatisfied with our response you can make a complaint to the Information Commissioner’s Office at ico.org.uk

Contact information

The data controller is Achievement for All 3As Ltd

Achievement for All 3As Ltd is registered with the ICO (registration no. Z2989982).

If you have any questions about this privacy statement or how and why we process personal data, please contact us at:

Data Protection Officer

Achievement for All 3As

Oxford Street

Newbury

Berkshire

RG14 1JQ

 

dataprotection@afaeducation.org

01635 279499

 

Changes to this privacy statement

This Privacy Policy will be updated from time to time to reflect changes in our work or the law. This privacy statement was last updated on 26 April 2018.