The Hertfordshire Grid is an online platform, run by Herts for Learning Limited t/a HFL Education ('the Company', 'we', 'us' or 'our', providing information, guidance and support for Hertfordshire schools and academies.

This Privacy Policy explains why and how we collect, use and process Personal Data, and ensure that it is kept safe. It is also designed to let you know your rights and what you can do if you have questions about Personal Data.

This document sets out the types of Personal Data (meaning information about an individual from which that individual can be personally identified) we handle, the purposes of handling those Personal Data and any recipients of it.

For the purposes of data protection laws the Company is the data controller.

We are committed to ensuring that the privacy and security of your personal information is always protected. Any personal information that you provide us with will be handled in accordance with this Privacy Policy.

1. Our details

We are: HFL Education
Address: 1st Floor West, Abel Smith House, Gunnels Wood Road, Stevenage, SG1 2ST.
Information Commissioner's Office Registration Number: ZA154308
Our Data Protection Officer is: Lynette Dexter, Company Secretary
Email address for the Data Protection Officer: dp.foi@hfleducation.org

2. Why we collect personal data

We collect and hold personal information relating to our users/customers, and in relation to any individuals included in data sets that are being processed by the Company under contractual agreements.

We may share Personal Data with other agencies, but only as necessary under our legal duties or otherwise in accordance with our duties/obligations as a Company.

The Personal Data we are provided with or collect is provided to us on a voluntary basis when users/customers register with us or purchase products from us, or by users/customers under contractual agreements with the Company.

In most cases, we will collect personal information from you for the following reasons:

To fulfil a contract with you (the provision of products/services)
To provide you with an appropriate level of service
To monitor and assess the quality of our products/services
For legitimate interest purposes, where data processing is not overridden by your data protection or fundamental rights and freedoms
Where you have provided your consent / permission
To respond to your requests
To meet our legal responsibilities.

3. Legal basis for processing personal data

The legal basis for collecting and using the personal information specified in this Privacy Policy will vary depending on the type of personal information and the context in which it is collected and used.

In most cases, the lawful basis for us to collect/process Personal Data is by reason of necessity for the performance of a contract to which both we and the Data Subject are party, or in order to take steps at the request of the Data Subject prior to entering into a contract.

We also process Personal Data where processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject. This will include processing where such processing is required in order to fulfil contractual obligations.

We do not process any special categories of Personal Data except where necessary for reasons of substantial public interest in complying with legal obligations including under the Equality Act 2010 or where necessary to protect the vital interests of the Data Subject or of another natural person and where safeguards are in place to ensure that this Personal Data is kept secure. For the avoidance of doubt where special categories of Personal Data are collected it shall not be used for the purposes of automated decision making and/or profiling.

Special categories of data means Personal Data revealing:

racial or ethnic origin;
political opinions; religious or philosophical beliefs or trade union membership;
genetic or biometric data that uniquely identifies you;
data concerning your health, sex life or sexual orientation; or
data relating to criminal convictions or offences or related security measures.

Further Personal Data including special categories of Personal Data may be collected and/or processed where consent has been given. If consent is the only legal basis for processing and has been given then this may be revoked in which case the Personal Data will no longer collected/processed.

4. Categories of Personal Data we collect about you

As a user of our services, we may collect the following Personal Data about you (please note this list does not include every type of Personal Data we collect and may be updated from time to time):

your name;
name of your organisation;
your job title;
telephone number;
email address;
any postal addresses that you provide.

This information will be taken from you at the time that you register for our services, make a purchase from us, or make contact with us. Contact information is used to respond to enquiries or get in touch with you when necessary.

Any Personal Data collected by us will be treated as confidential under the principles of the relevant data protection law.

5. Who will have access to your Personal Data

Personal Data will be accessible by members of HFL Education staff. Where necessary, directors will also have access to Personal Data. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We will not share personal information with third parties without consent unless we are required to do so by law or our policies. We will disclose Personal Data to third parties:

if we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation;
in order to enforce any agreements with you;
in order to perform contracts with third party suppliers acting as data processors, as required to fulfil our contractual arrangements with you. We have worked with these suppliers to obtain reassurance that they are compliant with data protection regulations, including UK GDPR. Our main third-party sub-contractors / data processors include (but are not limited to):

Data processor	Main purpose	Link to Privacy Policy
Accipio	‘HFL Hub’ Learning Management System	https://www.accipio.com/certifications-and-policies/privacy-policy/
Capita	Security clearance applications	https://www.capita.com/about-capita/privacy-notice
Freshdesk	Helpdesk support software	https://freshdesk-export.com/privacy-policy/
GovernorHub	Software for governance boards	https://help.governorhub.com/en/articles/586895-privacy
Hertfordshire County Council	Statutory and commissioned work for Hertfordshire schools	https://www.hertfordshire.gov.uk/about-the-council/legal/privacy-policy/privacy-policy.aspx
Innovate Healthcare	Health services provider	https://innovatehealthcare.co.uk/privacypolicy/
MHR UK (iTrent)	HR Information & payroll service / software	https://mhrglobal.com/uk/en/privacy-policy
Modern Governor	Learning management system for governing boards	https://www.moderngovernor.com/privacy/
(Oracle) NetSuite	Accounting & client trading software	https://www.oracle.com/uk/legal/privacy/
SME HCI Limited (t/a VivUp)	Employee assistance programme	https://vivupbenefits.co.uk/privacy-policy
Stripe Payment Systems	Ecommerce payment system	https://stripe.com/en-gb/privacy
Teach in Herts	Jobs board for Hertfordshire schools	https://www.teachinherts.com/terms-and-conditions.htm
UK Independent Medical	Health services provider	https://www.ukindmed.com/privacy-cookie-policy/

to protect the rights, property or safety of the Company.

This may include sharing data with our Local Authority (Hertfordshire County Council), the Department for Education (DfE) (please see Section 2), the Police and other organisations where necessary.

Certain data collection obligations are placed on us by the DfE. To find out more about the data collection requirements placed on us by the DfE (for example; via the school census) visit: www.gov.uk/education/data-collection-and-censuses-for-schools.

The above listed third-party suppliers will process data on our behalf. Therefore, we audit these third-party suppliers to ensure their compliance with relevant data protection laws and specify their obligations in written contracts.

6. How Personal Data will be processed

Personal Data may be processed in a variety of ways; this will include but is not limited to:

maintaining written records;
identification;
sending by e-mail;
adding to spreadsheets, word documents, databases or similar for the purposes of assessing Personal Data;
for educational software use (this could be for the purposes of helping children learn, discipline, reports and other educational purposes).

7. Cookies

This website uses cookies. We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

A list of the cookies we use on the site is below:

GDPR, data protection and Freedom of Information (FOI)

GDPR (General Data Protection Regulation)

GDPR toolkit

DPO support services

Cloud software services and Data Protection

Online safety

Privacy notice guidance

Freedom of Information Act

ICO advice to organisations regarding Data Protection and Freedom of Information

Freedom of Information and Environmental Information Regulations Act guidance for Hertfordshire schools (2020)

Publication schemes (Freedom of Information)

Records management for schools

Contacts for DPA or FOI queries

Biometrics