Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.
Privacy Notice
We are The Royal Alexandra & Albert School (‘the School’) and the charitable foundation of the same name, registered under charity number 311945 (‘the Charitable Foundation’). The School and the Charitable Foundation are the Data Controllers for the purposes of UK data protection law and have a Joint Controllers Agreement a copy of which may be requested electronically from our Data Protection Officer (see ‘Contact us’ below).
This document sets out what personal data we may hold about you, why we process that data, who we share this information with, and your rights in relation to your personal data processed by us. The School and the Charitable Foundation maintains a database of former students, parents and other supporters in order to stay in touch with our community and keep you updated about news, events, careers initiatives and fundraising activities.
Some of our database (but not all) choose to join our online community by registering on this website and creating an online profile. In both instances (individuals with offline database records and individuals with online profiles), we collect and store personal information (or “data”) about you. We are committed to protecting and respecting your privacy and this Policy sets out what information we collect about you, where and how we use (“process”) it.
We may change this Policy from time to time. If we make any significant changes, we will advertise this on the website or contact you directly with the information. Please check this page occasionally to make sure you are happy with any changes. This document sets out what personal data we may hold about you, why we process that data, who we share this information with, and your rights in relation to your personal data processed by us.
What information do we process in relation to you?
We may also collect, use, store and share information about you that falls into ‘special categories’ of more sensitive personal data which are subject to additional requirements. This may include, but is not restricted to:
Where do we get your data from?
We will obtain an amount of your personal data from you, by way of information gathering exercises at appropriate times such as when your child joins the School and when you attend the School site and are captured by our CCTV system. We may also obtain information about you from other public sources. We also collect personal information when you:
Why do we use your personal data?
We may process your personal data in a number of ways, always with a legal basis for processing your data. These may include:
We are required to conduct due diligence checks before seeking or accepting major donations which includes reviewing publicly available data about an individual’s personal conduct including any criminal convictions.
Our legal basis for processing your information
Your data is used for alumni and supporter engagement activities, including fundraising. Building an engaged community is an important part of our School and Charitable Foundation activity and is of benefit to all. In pursuit of this aim it is necessary to process your personal information for the purposes set out above which is lawful because one or more of the following applies:
Updating your consent preferences
If you have an online profile on this website, you can update your consent options by logging-in and clicking on “My Settings” in your profile. Scroll down to find your ‘Consent options’ where you will see a list of consents and the options “opt-in”, “opt-out” and “unspecified”.
Via ‘My Settings’ you can also choose to hide your profile from Google, limit access to your profile so that it’s only viewable to your connections and adjust some of the automatic notifications that you receive from this website. Please note that your name (but not full profile) may appear in various places around the community website, such as a ‘Recent Joiners’ box and in ‘Search’ results irrespective of the privacy settings you have selected.
If we are using consent as our legal basis for processing your data, we must have an explicit “opt-in” from you for this specific type of processing.
If we are using legitimate interests as our legal basis for processing your data, we will process your data responsibly in a way that you would reasonably expect, and you can opt-out at any stage.
If you click ‘unsubscribe’ at the bottom of one of our emails sent you will be automatically opted-out of these types of email communications in the future.
If you want to contact us about your consent preferences, please contact DPO@gatton-park.org.uk
Why do we use Special Category personal data?
We may process special category personal data in relation to you for the following reasons:
1. Where the processing is necessary for reasons of substantial public interest, including for purposes of equality of opportunity and treatment, where this is in accordance with our Data Protection Policy.
2. Where we otherwise have your explicit written consent.
How we keep your information safe
We understand the importance of keeping your personal information secure and take appropriate steps to safeguard it.
Your data is stored on a dedicated, secure cloud server hosted by Amazon Web Services (AWS) in the EU and managed by our website provider, ToucanTech. There is an adequacy agreement between the UK and EU. This ensures that there are comparable standards of security to those in the UK GDPR to protect the personal data of UK citizens stored in the EU.
Industry standard firewalls, anti-virus, encryption and back-up methods are in place, as well as strict data handling protocols.
We always ensure only authorised persons have access to your information, which means only our approved employees and contractors, and that everyone who has access is appropriately trained in data management.
If you have an online profile for this website, you are responsible for keeping your login details (email and password) confidential and we ask that you do not share your password with anyone.
No data transmission over the internet can be guaranteed to be completely secure. So, whilst we strive to safeguard your information, we cannot guarantee the security of any information you provide online and you do this at your own risk.
How long will we hold your personal data for?
We will hold your personal data only for as long as necessary. How long we need to hold on to any information will depend on the type of information. For further detail please request a copy of our Data Retention Policy from our Data Protection Officer (DPO@gatton-park.org.uk)
Where we rely on your consent to contact you for direct email marketing/ fundraising purposes, we will treat your consent as lasting only for as long as it is reasonable to do so. We may periodically ask you to renew your consent.
If you ask us to stop contacting you, we will keep a record of your contact details and limited information needed to ensure we comply with your request.
We have put in place appropriate security measures to prevent your personal information being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We will dispose of your personal data securely when we no longer need it.
Who will we share your personal data with?
We do not share information about you with any third party without consent unless the law and our policies allow us to do so. Examples of such sharing might include:
Your rights in relation to your personal data held by us
You have the right to request access to personal data that we hold about you, subject to a number of exceptions. To make a request for access to your personal data, you should contact: DPO@gatton-park.org.uk
Please request a copy of the Data Protection Policy for further details on making requests for access to your personal data.
You also have the right, in certain circumstances, to:
If you want to exercise any of these rights then you should contact the DPO (DPO@gatton-park.org,uk). The law does not oblige the School and/or the Charitable Foundation to comply with all requests. If the School and/or the Charitable Foundation does not intend to comply with your request then you will be notified of the reasons why in writing.
Concerns
If you have any concerns about how we are using your personal data then we ask that you contact our Data Protection Officer in the first instance. However, an individual can contact the Information Commissioner’s Office should you consider this to be necessary, at https://ico.org.uk/concerns/
Contact
If you would like to discuss anything in this privacy notice, please contact: DPO@gatton-park.org.uk
Updated 24 February 2025
Address
Development Office
Royal Alexandra and Albert School
Gatton Park, Reigate
Surrey RH2 0TD