Hampshire Inspection and Advisory Service (HIAS)

Privacy Notice

Why we collect and use this information

Hampshire County Council is the organisation responsible for processing your information (the Data Controller). Hampshire Inspection and Advisory Service (HIAS) collects information from or about you in relation to the following school improvement activities:

  • Manage and administer contractual agreements with schools for the delivery of services
  • Process orders for HIAS subscription services
  • Process orders for sold service products and resources
  • Charge schools for subscription and product orders
  • Set up individual and school user accounts for HIAS Moodle sites
  • Subscribe school users to HIAS Moodle site news forums
  • Email you information and news relating to our statutory school improvement functions and related professional development
  • Manage registrations for meetings and events that are not booked via our Learning Management System (LMS) platform
  • Administrative functions relating to our professional training offer to schools, such as obtaining event date/time preferences, workshop choices, dietary/access requirements and course evaluation data
  • Charge institutions for training (where not managed on LMS)
  • Track attendance at online training courses
  • Monitor and assess the effectiveness of HIAS
  • The following sections provide further detail around the information we process, setting out what allows us to do this (lawful basis), who we may share it with, how long we keep it for, alongside identifying any rights you may have and who to contact if you think we’re not handling your information in the right way.

The categories of information that we collect, hold and share

The following personal information is processed:

  • school information (name, DfE number, address, telephone number, email)
  • personal information (name, contact number, email address)
  • dietary and access requirements

The lawful basis on which we process this information

We collect, store, use and share the information, ensuring that we comply with the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA2018) requirements for processing through:

  • Article 6(1)(a) Consent - the individual has given clear consent for you to process their personal data for a specific purpose
  • Article 6(1)(e) - the processing is necessary to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.

Under this lawful basis we do not require your consent to process this information, but we are required, through this privacy notice, to ensure you are fully informed of why we are collecting this information and what we will do with it.

Storing and securing data

The information provided is added to the HIAS record management system and stored within the County Council’s Document Management System (DMS). The information held within the County Council’s DMS will be kept in line with our retention schedule and then deleted as appropriate. The County Council’s DMS is hosted by the County Council in secure, UK-based data centres.

The County Council takes its data security responsibilities seriously and has policies and procedures in place to ensure that personal data held are:

  • prevented from being accidentally or deliberately compromised
  • accessed, altered, disclosed or deleted only by those authorised to do so
  • accurate and complete in relation to why we are processing them
  • continually accessible and usable with daily backups
  • protected by levels of security appropriate to the risks presented by our processing

The County Council also ensures its IT Department is certified to the internationally recognised standard for information security management, ISO27001.

Sharing your information

We do not share information with anyone unless there is a lawful basis that allows us to do so. We will therefore only share this information if you have provided consent, or if this information is required for the purposes of safeguarding vulnerable individuals.

Requesting access to your personal data and your rights

Under data protection legislation, individuals have the right to request access to information about them that we hold. To make a request for your personal information, or someone you have responsibility for, please contact the Children’s Services Department’s Subject Access Request (SAR) Team.

You also have the right to:

  • withdraw your consent
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by solely automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed
  • claim compensation for damages caused by a breach of the Data Protection regulations

Further information

The above information is the specific privacy notice for this service. For more information about your rights in relation to your personal data, see the County Council’s general privacy notice.

You have some legal rights in respect of the personal information we collect from you. See our Data Protection page for further details.

You can contact the County Council’s Data Protection Officer by email [email protected].

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office.