Horizon is committed to protecting and respecting your privacy. This policy (together with Horizon’s Legal Notice and any other documents referred to on it) sets out the basis on which any personal data that you provide to Horizon (including its subsidiaries), will be processed by Horizon. Your personal data is information which by itself or with other information available to us can be used to identify you, the data subject. By ‘processing’, we mean any activity that involves using your personal data. This includes collecting it, recording it, storing it, retrieving it, using it, amending it, disclosing it, destroying it, and transferring it to other individuals or organisations outside of the Horizon Group. Please read the following carefully to understand Horizon’s views and practices regarding your personal data and how Horizon will treat it.
- The types of personal data Horizon may collect from you
Personal information about individuals is usually provided to Horizon by the individual (young person, their parent or guardian, foster carer, contractor, customer or visitor). Personal information that individuals provided to other organisations may also be forwarded to Horizon (for example from a local authority social worker when placing a young person with us).
Horizon may collect and process the following personal information:
- Personal details (name, date of birth, email address, home address, telephone number, NI number, unique pupil number, gender, disability, sexual orientation, criminal convictions, racial or ethnic origin, religious or other beliefs).
- Family details (contact details and relationships)
- Financial information (bank details)
- Safeguarding, special educational needs, physical and mental health
- Education details (school admission, attendance, absences, behaviour, exclusions, certificates, exams or tests records and progress)
- Visual images, personal appearance and behaviour (photographs, CCTV recordings)
- Information relation to offences or alleged offences
- Details of goods and services provided
Personal details about physical or mental health, alleged commission or conviction of criminal offences are considered “sensitive” personal information. We will process any such information only if you have given your explicit consent, it is necessary for a legal reason or you have deliberately made it public.
If you contact Horizon, we may keep a record of that correspondence; details of your visits to Horizon’s site, and the resources that you access.
- The reasons why Horizon collects personal information.
We collect personal information to enable us to fulfil our legitimate business needs, such as:
- provide education and training
- provide residential healthcare, welfare and educational support services
- the provision of fostering for children and young people
- administer school property and library services
- maintain our own accounts and records
- administer the boarding and the organisation of alumni associations and events
- administer shareholders registrations and dividends service
- raise funds for our businesses
- support and manage our staff
- advertising and marketing
- Horizon’s legal basis and purposes for using your personal information
We collect and use your personal information in the following situations:
- a) where our use of your information is necessary for us to perform the contract or contracts that we have with you:
- These contracts include the terms and conditions of goods or services that individuals agreed with Horizon. For example, we record the personal details of individuals (such as dentists or opticians) who provide care for children or young people on our behalf.
- We also record the names of staff from local authorities which commissioned Horizon to provide services.
Please note that if you do not agree to provide us with the requested information, it may not be possible for us to agree a contract with you or provide services under a contract.
- b) where our use of your information is for the purposes of our legitimate business needs or the legitimate business needs of third-party contractors who we engaged to deliver services on our behalf (see section 3, above). For example:
- As part of our business needs we collect visual images, personal appearance and behaviours through CCTV recordings to maintain the security of property and premises and for preventing and investigating crime. This information may be about customers, clients, offenders, suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, security organisations and persons making an enquiry.
- We also keep a record of any communications between us and you, for example emails and phone calls, because we need it to help us fulfil your requests, keep in touch with you, and offer you communications that are relevant to you.
- c) where we believe it is necessary to use your information to comply with a legal obligation:
- We are required by law to track and record the progress of pupils in our schools so that this information can be shared with Ofsted, the government regulator.
- We have a legal duty to record and retain information (gender, age, date of birth) about pupils and share this information with the Department for Education.
- Where the law requires, we have a duty to cooperate with local authorities on arrangements for children and young people with special educational needs
- d) where our use of your information is necessary for us to carry out a task in the public interest.
- We share information with the Police, Local Authority or other agencies where we consider that a child or vulnerable person may be at risk or harm.
- For the safe running of our schools and homes we also monitor movement of visitors entering and leaving our sites
- We keep record of day to day observations of young persons within residential homes and foster homes so that we can manage any risks and track progress.
- e) where we believe use of your information is necessary in order to protect the vital interests of a young person or another person. These include:
- family or carer contact details for pupils within our homes and schools so that we can contact them in case of an emergency.
- information regarding young person’s health needs, including food allergies
- f) where we have your We will rely on your consent:
- to use your photographs to promote or market our business
- if you choose to receive marketing information (i.e. subscribing to our e-newsletters via our website, service email updates and general news about Horizon). You will also be given the opportunity to indicate that you no longer wish to receive our direct marketing material.
We will always make it clear where we need your permission to process your personal information. Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time, using the same method by which you gave us your consent originally.
- Who will Horizon share your personal information with?
In fulfilling our business needs, we may share your information for any of the purposes mentioned at section 3 and 4, above. These are: (a) to perform the contract or contracts that we have with you (b) our legitimate business needs (c) to comply with a legal obligation (d) to carry out a task in the public interest (e) to protect vital interests; or (f) where we have your consent.
Specifically, information may be shared with:
- Family and representatives of the person whose personal data we are processing
- Ofsted, Department for Education and local authorities
- Welsh Inspectorate for both care and education
- Care Quality Commission (England)
- police, courts, tribunals and security organisations
- contractors who we pay to provide services
- healthcare professionals, social and welfare organisations
- staff, students, governors and school boards
- debt collection and tracing agencies
- financial organisations
- foster parent
- education, training and examining bodies
- Transferring your personal information internationally
It may sometimes be necessary to transfer personal information overseas (outside of the United Kingdom). When this is needed information is only shared within the European Economic Area (EEA). Any transfers made will be in full compliance with all aspects of the General Data Protection Regulations and Data Protection Act 2018.
- The period for which we will keep your personal information
We will only retain your personal information for as long as it is required in relation to the purposes for which it was originally obtained or based on our legal and regulatory requirements. For example, the law requires us to keep information about the protection of children for 25 years after birth.
How long personal information will be retained for depends on the type of information it is and what it is being used for. For example, if you ask us not to send you marketing emails, we will stop storing your email address for marketing purposes (although we will keep a record of your preference not to be emailed).
We are updating our data retention schedule and it will be published on this site when completed. We will review our data retention periods for personal information on a regular basis. We also continually review the information that we hold and delete anything that is no longer required.
- How we keep your personal information safe and who has access to it
We follow strict security procedures in the storage and disclosure of your personal data, and to protect it against accidental loss, unauthorised access, destruction or damage.
Personal information held by us electronically are stored on secure computer systems and we control who has access to them. Our staff receive data protection training and we have data protection policies and procedures in place which teams are required to adhere to.
Where we use external companies to collect or process personal data on our behalf, we undertake detailed checks on these companies before we work with them and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they have collected or have access to.
Horizon’s site may, from time to time, contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that Horizon does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
- Automated decision making and processing
Automated decision making involves processing your personal information without human intervention to evaluate your personal situation, such as your personal preferences, interests or behaviour. For instances, in relation to a decision on whether to admit or exclude a pupil from one of our schools. All such decisions regarding your personal information are made by one of our employees. Decisions are therefore not made solely by automated devices.
- Your Data Protection Rights
Under certain circumstances, by law you have the right to:
- Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it.
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal information or profiling of you.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
- Withdraw consent. In those circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If you want to exercise any of these rights, then please email the Data Protection Officer: Hannah Reade, HR Manager, Hannah.firstname.lastname@example.org or contact Hannah by telephone on 01543 460206, or by visiting our registered office which is at Venture House, 12 Prospect Park, Longford Road, Cannock WS11 0LG.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
- IP addresses and cookies
- Contacting our Data Protection Officer
We have appointed a Data Protection Officer (“DPO”) to oversee compliance with this policy. You can make a complaint or raise a concern about how we process your personal information by contacting our Data Protection Officer using the details given in section 10.
- Your right to contact the Information Commissioner
If you are not happy with how we have handled your complaint, or you believe that we have not handled your personal information in keeping with the law, you have the right to complain to the Information Commissioner’s Office (ICO), which oversees the protection of personal information in the United Kingdom. Alternatively, you may choose to contact either the ICO directly about your complaint, regardless of whether you have raised it with us first.
- Contact us