Altitude Foundation has a responsibility under data protection legislation to provide individuals with information about how we process their personal data.
To ensure that we process your personal data fairly and lawfully, we are required to inform you:
The Data Controller is Altitude Foundation. We process your data in line with the requirements of the EU General Data Protection Regulation (GDPR), specifically as expressed in the Data Protection Act (2018), and this Privacy Notice.
As the Data Controller, the Foundation decides how your personal data is processed and for what purposes. We may change this Notice from time to time, in order to accurately reflect changes to our operation. Any such changes will be published on our website. Notwithstanding any change to this policy, we will continue to process your data in accordance with your rights and our obligations in law.
The Foundation is not obligated under law to appoint a designated Data Protection Officer, However, the responsible stewardship of your personal data is of paramount importance to us, and therefore we have followed best practice and appointed a designated member of staff to oversee compliance and champion data protection within the organisation.
Colin Ferguson, the General Manager, is the Foundation’s appointed Data Protection Officer. If you have any questions about this privacy notice or how we handle your personal information, please contact us by email at email@example.com.
By law, the personal data we hold about you must be:
You have the right to be provided with information about how and why we process your data. Where you have the choice to determine how your personal data will be used, we will ask for your consent. Where you do not have a choice (for example, where we could not facilitate your involvement in our programme without processing your data), we will provide you with a privacy notice (this document).
You have the right to withdraw your consent for data processing at any time. Where this will have an impact on the service we provide, this will be explained to you, so that you can determine whether it is the right decision for you.
You have the right to be told whether we are processing your personal data and, if so, to be given a copy of it. You can make a subject access request by emailing the Data Protection Officer, above.
You have the right to request rectification of any incorrect data we hold about you. If you believe that any data we hold about you is inaccurate, please contact us and we will investigate. We can also correct any incomplete data.
You have the right to request that we erase your personal data. This can apply in the following circumstances:
You have the right to request that we restrict the processing of your personal data. This can apply in the following circumstances:
The types of data we may gather relating to applicants and participants may include the following:
The types of data we may gather relating to parents and carers may include the following:
The types of data we may gather relating to teachers and other professionals may include the following:
We will also gather these employee data:
Please note that these are illustrative but non-exhaustive lists.
Personal data will only be processed when the law permits this to happen. Most commonly, personal data will be processed in the following circumstances:
Where we process special category sensitive data, we process data on one or more of the following bases:
All personal data are processed and stored on the Foundation’s administrative systems. These are principally cloud based, provided by Google through its G-Suite software solution. Through cutting-edge cloud security, all of the charity’s electronic data are held safely and processed in a secure IT environment. Access to these data is strictly limited to staff, trustees and selected volunteers on a strictly need-to-know basis.
Your data will not normally be shared outside of the Foundation, except where required to do so by law, to protect vital interests, or with trusted third parties in order to deliver the service we have agreed to provide to you. We will only do so when we are satisfied that any such use of data will accord with this notice.
For the duration of participants’ involvement in the programme, data may be shared in order to facilitate medical or other support. Participants will be asked for consent to share any data with an external agency if the purpose is to secure non-urgent support. If there is an urgent need for help, the Foundation may need to act without consent in order to protect your vital interests.
Personal data is kept, deleted or anonymised in line with the following schedules:
Altitude Foundation processes data relating to programme participants in order to deliver the programme. Processing data allows the Foundation to communicate with participants, to arrange appropriate activity and ensure sufficient support is in place to enable participants to receive maximum benefit from the programme.
The Foundation also uses personal data to evaluate the programme, ensuring that future participants can benefit from the most cost effective and impactful interventions it is possible for the charity to provide.
If the Foundation did not process participants’ personal data in the ways described in this Privacy Notice, then a spectrum of impact directly affecting participants would occur:
The personal data to be collected are the minimum necessary to organise the programme and evaluate it effectively, in the best interests of the participants themselves. Any personal data collected for which the participant can exercise their right to consent to processing, without significant detriment to the running of the programme, will be only be processed with consent.
The Foundation will gather sensitive category personal data. However, this will only ever be used for monitoring purposes, and in this context will only be evaluated and published in anonymised or aggregated formats. Non-sensitive personal data may be used for evaluation or marketing/reporting, but in this context, consent will always be sought in advance.
We sincerely believe that participants will expect us to process their personal data, in their best interests, to deliver a programme. We will always be clear, transparent and upfront about how we use personal data, and will never use data for any other purpose than for the best interests of the participants.