The Management of Bell Educational Services Limited, Bell Foundation and Bell Educational Trust, hence to all be referred to as Bell, located primarily in London and Cambridge is committed to compliance with all national UK laws in respect of personal and sensitive data, and to protecting the rights and privacy of individuals. This includes programme participants, learners, staff and others in accordance with the Data Protection Act. Bell is registered as a Data Controller with the Information Commissioner’s Office to process information about its staff, participants, learners and other individuals with whom it has dealings for administrative purposes (e.g. to recruit and pay employees/staff, to administer programmes of provision, to collect fees, and to comply with legal obligations to funding bodies and government). To comply with the law, information about individuals must be collected and used fairly, stored safely and securely and not disclosed unlawfully to any third party.
In particular Bell will;
- only process personal information where this is strictly necessary for legitimate organisational purposes;
- collect only the minimum personal information required for these purposes and not processing excessive personal information;
- provide clear information to individuals about how their personal information will be used and by whom;
- only process relevant and adequate personal information;
- process personal information fairly and lawfully;
- maintain an inventory of the categories of personal information processed by the organisation;
- keep personal information accurate and, where necessary, up-to-date;
- retain personal information only for as long as is necessary for legal or regulatory reasons or for legitimate organisational purposes;
- respect individuals’ rights in relation to their personal information, including their right of subject access;
- keep all personal information secure;
- only transfer personal information outside the EEA in accordance with data protection legislation and where it can be adequately protected;
- only apply the various exemptions allowable by data protection legislation where applicable;
- develop and implement a Personal Information Management System (PIMS) to enable this policy to be implemented;
- where appropriate, identify internal and external stakeholders and the degree to which these stakeholders are involved in the governance of the organisation’s PIMS; and
- identify those workers with specific responsibility and accountability for the PIMS
The policy applies to all employees/staff, contractors, participants and learners at Bell. Any breach of the Data Protection Act 1998 or this Policy will be dealt with under Bell’s disciplinary policy and may also be a criminal offence, in which case the matter will be reported as soon as possible to the appropriate authorities. Partners, other agencies and any third parties working with or for Bell , and who have or may have access to personal information, will be expected to have read, understood and comply with this policy. No third party may access personal data held by Bell without having first entered into a data confidentiality agreement which imposes on the third party obligations no less onerous than those to which Bell is committed and which gives Bell the right to audit compliance with the agreement.
This policy statement is communicated to all persons working for or on behalf of Bell who are expected to comply with this policy.
The Data Protection Act specifies that any person who has personal or sensitive data held by Bell has the right to access their data. On satisfactory submission of a subject access request form and a processing fee, Bell will respond appropriately within 40 days. To request a Subject Access Request Form please either email DPO@bellenglish.com or contact reception at the Cambridge School.
This policy is approved by the Chief Executive Officer on behalf of the management board of Bell.