JIGSAW TRUST PRIVACY NOTICE
Jigsaw Trust is committed to conducting its business in accordance with all applicable Data Protection laws and regulations and regards privacy as central to all its data processing.
This Notice sets out the basis on which any personal data is collected from you, or that you provide to us, how it is handled and stored to meet data protection obligations and standards and conditions under which we may disclose it to others.
Information in this Privacy Notice is displayed under the following headlines:
1. Who we are and Contact details
2. Personal data we collect
3. How personal data is collected
4. How we use any personal data collected
5. Disclosure of personal data
6. Data security
7. Data retention
8. Transferring data outside the EEA
9. Your legal rights
1. WHO WE ARE & CONTACT DETAILS
Jigsaw Trust is a registered UK charity and oversees and runs different divisions and legal entities. This Privacy Notice is issued on behalf of those different divisions and legal entitles and any mention of ‘Jigsaw’, ‘we’, ‘us’ or ‘our’ in this Notice, refers to the relevant division or legal entity responsible for processing your data (ie. data controller) within Jigsaw Trust.
Jigsaw Trust
UK Registered Charity Number: 1075464
Registered Company Number: 3734127
Registered Address for all divisions/legal entities: 19-20 Bourne Court, Southend Road, Woodford Green, Essex, IG8 8HD (0208 551 7200)
Jigsaw CABAS School
UK Registered Charity Number: 1075464
Jigsaw Trading (2013) Ltd, t/a Cafe on the Park
Registered Company Number: 08594365
JigsawPlus
UK Registered Charity Number: 1151727
Registered Company Number: 08278978
CONTACT DETAILS:
Data Protection Officer:
Judicium Consulting Ltd
72 Cannon Street, London, EC4N 6AE
Email: [email protected]
Tel: 01483 277366
2. PERSONAL DATA WE COLLECT
All personal data collected, used, recorded is done so in accordance with applicable data protection legislation and this Privacy Notice.
The data can be categorised as follows and may include, but not be limited to:
| Personal data | eg. first name, last name, dob, age, email, telephone, marketing preferences, GiftAid/tax paying status, salary information, banking details |
| Financial data | eg. general business accounting, invoices, non-identifiable general transactions |
| Special Category Data | eg. medical information, safeguarding information, financial information relating to special category data |
| Technical and Usage data | eg. IP address, browsing patterns on our websites, Google Analytics |
| Other – Non-Personal data | eg. Summary for reports, statistical data, policies and anonymous teaching/learning resources |
Please view our Data Protection Policy for further examples under Data Categories – click here to visit our Policies page.
3. HOW PERSONAL DATA IS COLLECTED
We collect personal data in the following ways:
| Inbound Direct Interactions | maybe, but not limited to, you corresponding with us via email, on the telephone, by post, completing contact forms on the websites, completing forms (hard copy), etc |
| CCTV | JigsawPlus site operates CCTV for safety and security |
| Trusted Third Parties | including but not limited to Local Education Authorities |
| Technical | Google Analytics and other Cookies are used on the websites – data is collected in a way that does not directly identify anyone. See our separate Cookie Policy. You can also view information on Cookies and how to disable them on your browser at: https://allaboutcookies.org or https://aboutcookies.org |
4. HOW WE USE PERSONAL DATA
Personal data may be used to ensure we respond effectively and appropriately to your contact. It may, where you have given consent, be used to update you on Jigsaw news, developments and activities.
| PURPOSE/ACTIVITY | CATEGORY OF DATA | REASON FOR PROCESSING | LAWFUL BASIS |
| To provide a positive user experience on our websites | Technical & Usage data Other non-personal data | Understand how visitors arrive at our websites and what information is being viewed to keep our websites relevant and up to date | Legitimate Interest |
| General Marketing | Personal data | Keep interested parties up to date with the latest news, events, activities across, and relating to, the Trust | Consent |
| Publicity | Personal data | To provide publicity and exposure for an activity or event you are taking part in to the benefit of the charity and to enable us to promote and run successful ongoing events | Consent |
| Fundraising | Personal data Financial data | To process donations; to process prize draws; to process entrants to events; to efficiently raise money for the charity; to acknowledge and thank donors/participants | Legitimate Interest; Performance of a task in the public interest |
| Admissions process for Jigsaw CABAS School and JigsawPlus | Special Category data Personal data Financial data | To process admissions related enquiries for Jigsaw CABAS School and JigsawPlus; to determine type of placement or care package | Consent; Legitimate interest pursued by controller; Protect vital interests of data subject |
| To support and educate pupils at Jigsaw CABAS School and Adult Learners at JigsawPlus | Special Category data Personal data Financial data | To effectively educate and care (including any necessary therapy provision) for pupils and adult learners whilst at Jigsaw; to process necessary educational payments; to record and report required essential medical information and feedback | Consent; Legitimate interest pursued by controller; Performance of a task in the public interest; Compliance with legal obligation; Necessary in connection with Social Protection law; Protect vital interests of data subject |
| Recruitment | Personal data Special Category data Financial data | To effectively recruit employees suitable to the vacancies available; to understand any necessary adjustments that may be required; comply with HR legislation | Consent; Explicit consent; Necessary in connection with employment law; Compliance with legal obligation |
| Employees (including volunteers) | Personal data Special Category data Financial data | To effectively manage the internal human resource/personnel process of employees; to run payroll; to meet our legal obligations | Consent; Necessary in connection with employment and Social Protection law; Compliance with legal obligation; Legitimate interest pursued by controller |
| Finance | Personal data Financial data Special Category data | To process all financial transactions between individuals, employees and Jigsaw; to effectively financially manage and run a business; production of legally required financial reporting | Compliance with legal obligation; Consent |
| IT | Personal data Special Category data Technical & Usage data | To ensure the security and efficacy of the organisations IT infrastructure | Legitimate interest pursued by the controller; Protect vital interests of data subject |
| Governance of the Charity/Organisation | Personal data Special Category data Financial data | To oversee and govern the organisation in line with legal & Charity Commission compliance and best practice | Compliance with legal obligation; Necessary in connection with employment and Social Protection law |
5. SHARING/DISCLOSURE OF PERSONAL DATA
We may disclose personal data to trusted third parties when required to do so to process a request or through legal obligation or requirement; otherwise, we do not sell, swap or otherwise distribute personal data.
Sharing of Pupil Data– we share pupil information with the Department for Education on a statutory basis. Completion of the school level annual school census (SLASC) by registered independent schools is a statutory requirement under the Education (Independent Educational Provision in England) (Provision of Information) Regulations 2010. We are also required to share personal data with Local Authorities under The Education (Information About Individual Pupils) (England) Regulations 2013.
To find out more about the data collection requirements placed on us by the Department for Education go to https://www.gov.uk/education/data-collection-and-censuses-for-schools
Sharing of Adult Learner Data– we share adult learner information with relevant Local Authorities and the NHS on a statutory basis.
Third Party Providers – occasionally, we employ other companies and individuals to perform necessary business functions on our behalf, including, digital/technical agencies and support providers, hosting providers, payroll services, digital educational and communication platforms, social networks, fundraising event services and general businesses consultancy services. They may have access to personal information needed to perform their requested function but will not be allowed to use it for other purposes and any processing must be done in accordance with this Privacy Notice, our Data Protection Policy and General Data Protection Regulations in force.
Further information can be found in our Data Protection Policy – click here to visit our Policies page.
6. DATA SECURITY
We take the security of personal data very seriously and have policies and controls (both technical and organisational) in place to ensure personal data is not lost, accidentally destroyed, misused or disclosed and is not accessed except by those who are authorised.
Please be aware transmission of data over the internet is inherently insecure and we cannot guarantee the security of data sent over the internet.
You are responsible for keeping any passwords and user details confidential. We will never ask you for your password.
7. DATA RETENTION
We will only retain personal information for as long as necessary to fulfil the purposes we collected it for, including the satisfying of any legal obligations/statutory regulations, reporting or accounting requirements and/or best practice. A full Retention Schedule is available upon request via [email protected]
8. TRANSFERRING DATA OUTSIDE THE EEA
Data may be transferred to countries outside the European Economic Area (EEA) to meet the requirements of staff training and development or to utilise the most appropriate digital education and communication platforms or data management software.
9. YOUR LEGAL RIGHTS
Under data protection legislation, everyone has the right to request access to information about himself or herself that we hold. This is called a subject access request.
Subject access requests from individuals should be made by email, addressed to the Privacy Co-ordinator (see contact details below) who can supply you with a standard request form. We will always verify the identity of anyone making a subject access request before providing any information. A response to any formal request for information will be provided within 30 days of receipt of written request. If providing the information requested by the data subject would disclose personal data about another individual then the information will be redacted or withheld as may be necessary or appropriate to protect that person’s rights.
All individuals who are the subject of personal data held by us are entitled to:
- Ask what information we hold about you and why
- Ask how to gain access to it
- Be informed how to keep it up to date
- Be informed how we are meeting our data protection obligations
- In certain circumstances, request rectification, restriction or deletion of your personal data
If you have a concern about the way we are collecting or using personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
To make a request for information from us, please contact:
Data Protection Officer: [email protected]
BREACH REPORTING
Any individual who suspects that a personal data breach has occurred must immediately notify the Data Protection Officer above providing a description of what has occurred. If a breach is potentially high risk to data subjects rights and freedoms the Trust must notify the data subject affected.
We may change this Privacy Notice from time to time so please check this occasionally to ensure you are happy with any changes.
DATE OF LAST REVISION: 30 September 2021