Kibble’s ICO registration number is Z5968316.
Protection of Your Personal Information
- The Information Commissioner maintains a public register of data controllers. The Data Protection Act 1998 requires every Data Controller who is processing personal data, to notify and renew their notification, on an annual basis.
- Under the Data Protection Act 1998, Kibble Education and Care Centre is the ‘data controller’. As an organisation we hold personal information on staff, young people and others, in order to carry out our services and responsibilities. It is important that how this information is acquired, processed, held and destroyed, complies with the Data Protection Act 1998.
- Your information will be held securely and will be confidential. We aim to ensure the privacy and rights of individuals, and promote awareness of Data Protection.
- No organisation handling personal information can guarantee that it will never experience losses; however by ensuring that standards comply with best practice, data subjects will be reassured that reasonable measures have been taken to preserve and protect their personal data. Our policy provides guidance for reporting and investigating any breaches of the Data Protection Act.
- All users of personal data within the organisation have a responsibility to ensure that they process personal information in accordance with the Data Protection Act and the eight Data Protection Principles. The Principles state that personal data must be:
- 1. fairly and lawfully processed;
- 2. processed for limited purposes;
- 3. adequate, relevant and not excessive;
- 4. accurate;
- 5. not kept for longer than is necessary;
- 6. processed in line with the individual’s rights;
- 7. secure;
- 8. not transferred to countries outside the European Economic Area without adequate protection.
- By law, individuals are entitled to request access to information that we hold on them, as well as apply for rectification of inaccurate details. This can be done by contacting:
Information and Records Officer
Kibble Education and Care Centre
Alternatively, you can download our subject access request form.
- As well as the request form, the requester will be required to provide proof of who they are by means of 2 forms of personal ID – one photographic form, and one with current address details.
- We are able to charge a fee of £10 in order to process a subject access request, however we will notify you if this is required.
- Subject Access Requests (SAR) will be processed within 40 calendar days
- Personal data will only be retained for the length of time the data is required for the specific purpose for which it was acquired. To retain personal data for longer than it is required is a breach of the 5th data protection principle.
- Some information can be withheld if it provides details about someone else.
- As well as the right to request access to personal data, individuals are entitled under DPA, to prevent the processing of any information that is likely to cause damage or distress. You are also entitled to prevent the processing of information for the purposes of direct marketing.
- Individuals can object to any automatic decisions being taken about them.
- If you are unhappy with how your request has been dealt with, or our response, you can request a review. Otherwise, you can contact the Scottish Information Commissioner at:
The Scottish Information Commissioner
Further details on Data Protection can also be found on the Scottish Information Commissioner’s website.
Sharing of Information
- Personal data which is shared with other organisations will be documented appropriately, an in accordance with procedures.
- The sharing of personal data will be done as necessary, and in a timely and proportionate manner.
- When personal data is collected the Data Subject will normally be provided with a Privacy Notice, providing information about what we collect, why this information is needed and how it will be processed. Any exceptions to this will be documented.
- The organisation must ensure that personal data is not disclosed to any unauthorised parties, such as government bodies, family members, friends, and in certain circumstances the Police. Where a staff member is requested to provide personal information regarding an individual, caution should be taken and guidance taken from the Data Protection/ FOI Officer.