Pinewood understands that the privacy of its students and their families is important. To that end, we have adopted a policy and regulations regarding the collection, use, and dissemination of personal information, in accordance with the General Data Protection Regulation. More specifically, Pinewood processes personal data for a number of purposes:
- Administer and maintain student records for the purpose of providing student educational services, and alumni services;
- Administer and maintain employee records for the purposes of fulfilling the contract of employment;
- Maintain such records as may be required by legislation (e.g. health and safety, employment, background checks, etc.);
- Responses to queries by individuals relating to their education, or other matter;
- Keep employees and former employees, informed about matters relating to their employment, pension, or benefits;
- Keep employees, students, parents, and alumni informed about matters relating to Pinewood;
- Disclose information about students, former students, employees, and former employees to future employers for reference purposes;
- Disclose information about individuals in response to legislative/court orders.
The GDPR imposes certain responsibilities on all those who process personal data at Pinewood. These obligations include holding and using data in a secure manner and making sure that data is handled in line with what individuals (known as data subjects) have been told by the data controller. Appropriate arrangements must be in place for enabling access to and sharing of data, and making sure that the data subjects' data is accurate, up to date and retained for a suitable period. If a data security breach occurs (e.g. personal data held by the School is lost, stolen, inadvertently disclosed to an external party, or accidentally published), it should be reported immediately to the Data Protection Officer so that the appropriate action can be taken.