Privacy Policy

Data Protection Policy – Privacy Notice

In accordance with Data Protection Act 2018 (GDPR), individuals have the right to be informed about how Hira’ Institute uses any personal data that we hold about them. We comply with this right by providing ‘privacy notices’ (sometimes called ‘fair processing notices’) to individuals where we are processing their personal data.

 

This privacy notice explains how we collect, store and use personal data about students and their parents/guardians. 

 

In accordance with Data Protection Act 2018 (GDPR) all personal information regarding you and your child will be kept confidential, will be held on file and will only be released to any third party, Government Agencies, Police, Courts of Laws where required to do so by law, and in accordance with our policies and or for safeguarding referrals without prior permissions or notice.

 

We, Hira’ Institute, are the ‘data controller’ for the purposes of data protection law.

 

The personal data we hold

Personal data that we may collect, use, store and share (when appropriate) about students and their parents/guardians includes, but is not restricted to: 

  • Contact details, contact preferences, date of birth, identification documents  
  • Results of internal assessments  
  • Students and curricular records  
  • Characteristics, such as ethnic background, or special educational needs  
  • Exclusion information  
  • Details of any medical conditions, including physical and mental health  
  • Attendance information  
  • Safeguarding information  
  • Details of any support received, including care packages, plans and support providers  
  • CCTV images captured on-site

 

We may also hold data about students and their parents/guardians that we have received from other organisations, including other Schools, Madrasah and Social Services.

 

Why We Use This Data 

 

We use this data to: 

  •  Report to you on your child’s attainment and progress 
  •  Keep you informed about the running of the madrasah (such as emergency closures) and events 
  •  Process payments for madrasah services 
  •  Provide appropriate pastoral care 
  •  Protect student welfare 
  •  Administer admissions waiting lists 
  •  Assess the quality of our services 
  •  Comply with our legal and statutory obligations

 

Our legal basis for using this data 

We only collect and use personal data of students and their parents/guardians when the law allows us to. Most commonly, we process it where:  

  • We need to comply with a legal obligation  
  • We need it to perform an official task in the public interest 

Less commonly, we may also process students’ personal data in situations where:  

  • We have obtained consent to use it in a certain way  
  • We need to protect the individual’s vital interests (or someone else’s interests) 

 

Where we have obtained consent to use personal data of students and their parents/guardians, this consent can be withdrawn at any time. We will make this clear when we ask for consent and explain how consent can be withdrawn. 

Some of the reasons listed above for collecting and using personal data of students and their parents/guardians overlap, and there may be several grounds which justify our use of this data.

 

Collecting this information 

While most of the information we collect about students and their parents/guardians is mandatory, there is some information that can be provided voluntarily. 

Whenever we seek to collect information from you or your child, we make it clear whether providing it is mandatory or optional. If it is mandatory, we will explain the possible consequences of not complying. 

 

How we store this data 

We keep personal information about students and their parents/guardians while they are attending our Madrasah. We may also keep it beyond their attendance at our Madrasah if this is necessary to comply with our legal obligations. 

The record retention schedule within our GDPR policy sets out how long we keep information about students. This policy may be obtained by requesting it via email or telephone.

 

Data sharing 

We do not share information about students and their parents/guardians with any third party without consent unless the law and our policies allow us to do so. 

Where it is legally required, or necessary (and it complies with data protection law) we may share personal information about students and their parents/guardians with: 

  • Our local authority – to meet our legal duties to share certain information with it, such as concerns about students’ safety and exclusions  
  • The Department for Education (a government department) – we share data with the Department for Education on a statutory basis. We are required to share information with the (DfE) under regulation 5 of The Education (Information about Individual students) (England) Regulations 2013.  
  • Service Providers – so that they can provide the services we have contracted them for  
  • Financial organisations – to administer the financial aspects of your relationship with us. We appoint external and internal auditors who will see some students’ personal data during the course of their investigations.
  • Central and local government – to give and receive information and references about past, current and prospective students, including relating to outstanding fees or payment history, to/from any educational institution that the student attended or where it is proposed they attend and to provide reference to potential employers of past students.  
  • Health authorities – We need to share information about student’s health and wellbeing with the NHS, Department of Health, the nurses, immunisation team, GP, Public Health etc… to safeguard and promote student health and welfare, prevent the spread of infections, and to protect against life threatening diseases some of which may pose a public health concern. The NHS also use information about students for research and statistical purposes, to monitor the performance of local health services and to evaluate and develop them.  
  • Security organisations – to operate security (including CCTV) in accordance with the Madrasah’s CCTV policy; and where otherwise reasonably necessary for the Madrasah’s purposes, including to obtain professional advice and insurance for the Madrasah  
  • Health and social welfare organisations – to safeguard student welfare and provide appropriate pastoral (and where necessary, medical) care, and take appropriate action in the event of an emergency, incident or accident, including by disclosing details of their medical condition where it is in their interest to do so: for example, for medical advice, social services, insurance purposes or to organisers of Madrasah trips; 
  • Professional advisers and consultants – to assist the Madrasah in fulfilling its obligations and to help the Madrasah run properly.  
  • Police forces, courts, tribunals – to fulfil and monitor our responsibilities under equalities, immigration and public safety legislation. We will need information about any court orders or criminal matters which relate to students. This is so that we can safeguard students’ welfare and wellbeing and the other students at the Madrasah. We need to share information with the police or our legal advisers if something goes wrong or help with an enquiry. For example, if a student is injured at Madrasah or if there is a burglary.  
  • Professional bodies – in accordance with Data Protection Law, some of the Madrasah’s processing activity is carried out on its behalf by third parties, such as IT systems, web developers and cloud storage. Where possible this is subject to contractual assurances that personal data will be kept securely and only in accordance with the Madrasah’s specific direction.   

 

Your Rights

Individuals have a right to make a ‘subject access request’ to gain access to personal information that the Madrasah holds about them. 

 

Parents/guardians can make a request with respect to their child’s data where the child is not considered mature enough to understand their rights over their own data.

 

If you make a subject access request, and if we do hold information about you or your child, we will:  

  • Give you a description of it  
  • Tell you why we are holding and processing it, and how long we will keep it for  
  • Explain where we got it from, if not from you or your child  
  • Tell you who it has been, or will be, shared with  
  • Let you know whether any automated decision-making is being applied to the data, and any consequences of this  
  • Give you a copy of the information in an intelligible form 

 

Individuals also have the right for their personal information to be transmitted electronically to another organisation in certain circumstances. If you would like to make a request, please contact our Senior Management Team.

 

Other rights 

Under data protection law, individuals have certain rights regarding how their personal data is used and kept safe, including the right to:  

  • Object to the use of personal data if it would cause, or is causing, damage or distress  
  • Prevent it being used to send direct marketing  
  • Object to decisions being taken by automated means (by a computer or machine, rather than by a person). In certain circumstances, have inaccurate personal data corrected, deleted or destroyed, or restrict processing  
  • Claim compensation for damages caused by a breach of the data protection regulations 

 

To exercise any of these rights, please contact our Senior Management Team.