Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.

Privacy Notice

We are The Royal Alexandra & Albert School (‘the School’) and the charitable foundation of the same name, registered under charity number 311945 (‘the Charitable Foundation’).  The School and the Charitable Foundation are the Data Controllers for the purposes of UK data protection law and have a Joint Controllers Agreement a copy of which may be requested electronically from our Data Protection Officer (see ‘Contact us’ below). 

This document sets out what personal data we may hold about you, why we process that data, who we share this information with, and your rights in relation to your personal data processed by us.  The School and the Charitable Foundation maintains a database of former students, parents and other supporters in order to stay in touch with our community and keep you updated about news, events, careers initiatives and fundraising activities.

Some of our database (but not all) choose to join our online community by registering on this website and creating an online profile. In both instances (individuals with offline database records and individuals with online profiles), we collect and store personal information (or “data”) about you. We are committed to protecting and respecting your privacy and this Policy sets out what information we collect about you, where and how we use (“process”) it.

We may change this Policy from time to time. If we make any significant changes, we will advertise this on the website or contact you directly with the information. Please check this page occasionally to make sure you are happy with any changes. This document sets out what personal data we may hold about you, why we process that data, who we share this information with, and your rights in relation to your personal data processed by us.

What information do we process in relation to you?

  • The information we have about you depends on where we collect it, but may include:
  • First name
  • Last name
  • Email 
  • Address
  • Photographs
  • Gender
  • Date of birth
  • Family relationships
  • Years at the School
  • Higher education and work details
  • Participation in our events, emails, competitions, surveys and other activities 
  • Donations made to the School or the Charitable Foundation
  • Geo-location data (your geographical location based on your IP address)
  • Log-ins and activity on the website
  • A record of payments made via the website including Gift Aide claims (but we do not store your credit/ debit card details as these are processed securely externally by a third-party payment provider) which could include event tickets, shop purchases or online donations
  • Consent options and communication preferences
  • Content (such as announcements, stories, photos, documents, comments, events, jobs) that you post on this website or provide to us by other means
  • Messages that you send to other community members via the direct messaging system when logged in to this website
  • Post-School studies, qualifications and occupation

We may also collect, use, store and share information about you that falls into ‘special categories’ of more sensitive personal data which are subject to additional requirements.  This may include, but is not restricted to:

  • Photographs of your time at the School
  • Information required to manage your attendance at networking, fundraising or other events, including access arrangements and dietary requirements

Where do we get your data from?

We will obtain an amount of your personal data from you, by way of information gathering exercises at appropriate times such as when your child joins the School and when you attend the School site and are captured by our CCTV system.  We may also obtain information about you from other public sources.  We also collect personal information when you:

  • visit this website
  • create or update your online profile
  • post content on to this website
  • take part in an event
  • attend a meeting with us and provide us with information
  • contact us in any way including online, email, phone, SMS, social media or post
  • open an email sent from this website
  • send a message via the direct messaging system on this website
  • leave the School and we transfer some basic details about you from the main School database in to our alumni database

Why do we use your personal data?

We may process your personal data in a number of ways, always with a legal basis for processing your data. These may include:

  • providing you with the information or updates that you have asked for
  • sending you communications (with your consent if required) that may be of interest, including invites to events, newsletters, fundraising campaigns and other charitable causes or services that may be of interest to you
  • delivering our obligations under any contract between us
  • seeking your views on the services or activities we carry out, so that we can make improvements
  • updating our database records and ensuring we know how you prefer to be contacted
  • analysing your engagement with our website and other content to help us improve our services for you
  • running any mentoring programme/ club activities/ reunion events/ sports fixtures
  • displaying your name as a list of potential ‘matches’ when you (or someone with similar details) signs-up for an event, makes a donation or joins the online community and the system is trying to match your information to an existing record stored in our database

We are required to conduct due diligence checks before seeking or accepting major donations which includes reviewing publicly available data about an individual’s personal conduct including any criminal convictions.

Our legal basis for processing your information

Your data is used for alumni and supporter engagement activities, including fundraising.  Building an engaged community is an important part of our School and Charitable Foundation activity and is of benefit to all.  In pursuit of this aim it is necessary to process your personal information for the purposes set out above which is lawful because one or more of the following applies:

  • you have given us your consent for the information to be used
  • it is necessary for us to hold and use your information to carry out our obligations under a contract entered into with you
  • it is necessary for our legitimate interests to hold and use your information and we are not impacting your privacy by doing so

Updating your consent preferences

If you have an online profile on this website, you can update your consent options by logging-in and clicking on “My Settings” in your profile.  Scroll down to find your ‘Consent options’ where you will see a list of consents and the options “opt-in”, “opt-out” and “unspecified”. 

Via ‘My Settings’ you can also choose to hide your profile from Google, limit access to your profile so that it’s only viewable to your connections and adjust some of the automatic notifications that you receive from this website.  Please note that your name (but not full profile) may appear in various places around the community website, such as a ‘Recent Joiners’ box and in ‘Search’ results irrespective of the privacy settings you have selected. 

If we are using consent as our legal basis for processing your data, we must have an explicit “opt-in” from you for this specific type of processing. 

If we are using legitimate interests as our legal basis for processing your data, we will process your data responsibly in a way that you would reasonably expect, and you can opt-out at any stage.

If you click ‘unsubscribe’ at the bottom of one of our emails sent you will be automatically opted-out of these types of email communications in the future.

If you want to contact us about your consent preferences, please contact DPO@gatton-park.org.uk

Why do we use Special Category personal data?

We may process special category personal data in relation to you for the following reasons:

1. Where the processing is necessary for reasons of substantial public interest, including for purposes of equality of opportunity and treatment, where this is in accordance with our Data Protection Policy.

2. Where we otherwise have your explicit written consent.

How we keep your information safe

We understand the importance of keeping your personal information secure and take appropriate steps to safeguard it.

Your data is stored on a dedicated, secure cloud server hosted by Amazon Web Services (AWS) in the EU and managed by our website provider, ToucanTech.  There is an adequacy agreement between the UK and EU.  This ensures that there are comparable standards of security to those in the UK GDPR to protect the personal data of UK citizens stored in the EU.

Industry standard firewalls, anti-virus, encryption and back-up methods are in place, as well as strict data handling protocols.

We always ensure only authorised persons have access to your information, which means only our approved employees and contractors, and that everyone who has access is appropriately trained in data management.   

If you have an online profile for this website, you are responsible for keeping your login details (email and password) confidential and we ask that you do not share your password with anyone.

No data transmission over the internet can be guaranteed to be completely secure. So, whilst we strive to safeguard your information, we cannot guarantee the security of any information you provide online and you do this at your own risk.

How long will we hold your personal data for?

We will hold your personal data only for as long as necessary. How long we need to hold on to any information will depend on the type of information.  For further detail please request a copy of our Data Retention Policy from our Data Protection Officer (DPO@gatton-park.org.uk)

Where we rely on your consent to contact you for direct email marketing/ fundraising purposes, we will treat your consent as lasting only for as long as it is reasonable to do so. We may periodically ask you to renew your consent.

If you ask us to stop contacting you, we will keep a record of your contact details and limited information needed to ensure we comply with your request.

We have put in place appropriate security measures to prevent your personal information being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We will dispose of your personal data securely when we no longer need it.

Who will we share your personal data with?

We do not share information about you with any third party without consent unless the law and our policies allow us to do so. Examples of such sharing might include:

  • We may share information with Gatton Association, an independent unincorporated members association for alumni (including former staff) of the School.
  • Third parties who may provide services for us such as, collecting or processing data and sending mailings for example a payment processing provider. We select our third-party service providers with care. We provide these third parties with the information that is necessary to provide the service and we will have an agreement in place that requires them to operate with the same care over data protection as we do
  • Third parties if we run an event in conjunction with them. We will let you know how your data is used when you register for any event
  • Web hosting, email hosting, analytics and search engine providers that enable us to run our community database and improve our website and its use
  • Third parties in connection with restructuring or reorganisation of our operations, for example if we merge with another business. In such event, we will take steps to ensure your privacy rights will be protected by the third party
  • Other than this, we will not share your information with other organisations without your consent.

Your rights in relation to your personal data held by us

You have the right to request access to personal data that we hold about you, subject to a number of exceptions. To make a request for access to your personal data, you should contact: DPO@gatton-park.org.uk

Please request a copy of the Data Protection Policy for further details on making requests for access to your personal data.

You also have the right, in certain circumstances, to:

  • object to the processing of your personal data
  • have inaccurate or incomplete personal data about you rectified
  • restrict our processing of your personal data
  • to object to the making of decisions about you taken by automated means
  • have your data transferred to another organisation
  • claim compensation for damage caused by a breach of your data protection rights

If you want to exercise any of these rights then you should contact the DPO (DPO@gatton-park.org,uk).  The law does not oblige the School and/or the Charitable Foundation to comply with all requests.  If the School and/or the Charitable Foundation does not intend to comply with your request then you will be notified of the reasons why in writing.

Concerns

If you have any concerns about how we are using your personal data then we ask that you contact our Data Protection Officer in the first instance.  However, an individual can contact the Information Commissioner’s Office should you consider this to be necessary, at https://ico.org.uk/concerns/

Contact

If you would like to discuss anything in this privacy notice, please contact: DPO@gatton-park.org.uk    

 

Updated 24 February 2025

 

 

image

Address

Development Office
Royal Alexandra and Albert School
Gatton Park, Reigate
Surrey RH2 0TD

Quick links

Terms Policy
Privacy Policy
Cookies

Contact

Follow The Royal Alexandra & Albert School on Social

Alumni Management Software powered by
ToucanTech