We will only process the data provided by you for the purposes stated, in this case to establish which of our professional health and education assessments you are eligible to purchase and use. Once we have evaluated the information provided and issued the corresponding ‘qualification code’, the detailed data will be deleted.
General Data Protection Compliance
In order to comply with General Data Protection Requirements (GDPR) the following must be agreed.
Fig Tree International Limited confirms that nothing within our contract relieves the company of its own direct responsibilities under GDPR.
Fig Tree International Limited can, with permission, collect and process statistics (provided by each academy/school OR through MIS access at each academy/school) in order to assist with the school improvement work for each academy/school. Any contextual data will be specifically, name, year group, tutor group, if relevant house group, gender, SEN, FSM, PPG, LAC, EAL status and ethnicity. Given some of the contextual data is special category data, each academy/school confirms the data subject has been notified that the data may be shared with, and processed by, third parties through the relevant
The obligations of Fig Tree international Ltd and our clients are:
only act on written instructions from the data controller at any establishment
ensure that consultants processing the data are subject to a duty of confidence
take appropriate measures to ensure the security of processing
not use a sub processor without the prior written authorisation of the data controller at any establishment
assist any establishment in providing subject access and allowing data subjects to exercise their rights under the GDPR
assist any establishment in meeting their GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments
delete or return all personal data of any establishment at the end of the contract or dispose of data securely
submit to audits and inspections, provide any establishment with whatever information it needs to ensure we are both meeting obligations outlined in Article 28; and tell any establishment if we are asked to do something infringing the GDPR or other data protection law.
cooperate with supervisory authorities such as the ICO.