Bromley Schools’ Collegiate (hereafter referred to as “The Collegiate”) is registered under the Data Protection Act.

General Statement of the Bromley Schools’ Collegiate Duties and Scope

The Collegiate is required to process relevant personal data regarding members of staff, trainee teachers, applicants to teacher training, alumni and customers as part of its operation and shall take all reasonable steps to do so in accordance with this Policy.

Data Protection Controller

The Collegiate has appointed a Data Protection Controller (DPC) who will endeavour to ensure that all personal data is processed in compliance with this Policy and the Principles of the Data Protection Act 1998. The Freedom of Information Act 2000 and the Protection of Freedoms Act 2012 are also relevant to parts of this policy.

The Collegiate recognises The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) adopted 27 April 2016, the two-year transition period and the application date of 25 May 2018 and is actively working towards compliance with that directive.

For the purposes of this policy, the data processor is the SCITT Director and the administrative team at the Collegiate

The Principles

The Collegiate shall so far as is reasonably practicable comply with the Data Protection Principles (the Principles) contained in the
Data Protection Act to ensure all data is:-

• Fairly and lawfully processed

• Processed for a lawful purpose

• Adequate, relevant and not excessive

• Accurate and up to date

• Not kept for longer than necessary

• Processed in accordance with the data subject’s rights

• Secure

• Not transferred to other countries without adequate protection


The Collegiate is ‘Bromley Schools’ Collegiate’, a single Legal Entity School Centred Initial Teacher Training provider and additionally covers subsidiaries and affiliated bodies where the Data Protection Act applies.

Data Subject, an individual who is the subject of the personal data and covers any and all of the following people:

Trainee teacher, refers to those who are enrolled on a programme of Initial Teacher Training leading to the award of Qualified Teacher Status.

Newly Qualified Teacher, refers to someone that is registered with the NQT appropriate body function jointly managed with Darrick Wood Teaching School Alliance and the Impact Teaching School Alliance.

Assessment Only Candidate, refers to someone who is undertaking the Assessment Only Route to QTS.

Delegate refers to someone who is undertaking any element of Continuing Professional Development (CPD) with the Collegiate.

Applicant, refers to someone who is in the process of applying to the Collegiate for the purposes of training.

Personal Data

Personal data covers both facts and opinions about an individual where that data identifies an individual. Personal data may also include sensitive personal data as defined in the Act.

Processing of Personal Data

Consent may be required for the processing of personal data unless processing is necessary for the performance of the contract of employment. Any information which falls under the definition of personal data and is not otherwise exempt, will remain confidential and will only be
disclosed to third parties with appropriate consent.

The Collegiate processes some personal data for contacting alumni and their employers for evaluative purposes and to notify alumni of celebration events. Data subjects have the right to request an opt-out to these activities, which must be respected.

Sensitive Personal Data

The Collegiate may, from time to time, be required to process sensitive personal data. Sensitive personal data includes data relating to medical information, gender, religion, race, sexual orientation, trade union membership and criminal records and proceedings.

Rights of Access to Information

Data subjects have the right of access to information held by The Collegiate, subject to the provisions of the Data Protection Act 1998
and the Freedom of Information Act 2000. Any data subject wishing to access their personal data should put their request in writing to the DPC. The
Collegiate will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event, within 40 days for access to records and 21 days to provide a reply to an access to information request. The information will be imparted to the data subject as soon as is reasonably
possible after it has come to The Collegiate’s attention and in compliance with the relevant Acts.


Certain data is exempted from the provisions of the Data Protection Act which includes the following:-

• National security and the prevention or detection of crime

• The assessment of any tax or duty

• Where the processing is necessary to exercise a right or obligation conferred or imposed by law upon The Collegiate, including Safeguarding and prevention of terrorism and radicalisation

The above are examples only of some of the exemptions under the Act. Any further information on exemptions should be sought from the DPC.


The Collegiate will endeavour to ensure that all personal data held in relation to all data subjects is accurate. Data subjects must notify the data processor of any changes to information held about them. Data subjects have the right in some circumstances to request that inaccurate
information about them is erased. This does not apply in all cases, for example, where records of mistakes or corrections are kept, or records which
must be kept in the interests of all parties to which they apply.


If an individual believes that The Collegiate has not complied with this Policy or acted otherwise than in accordance with the Data
Protection Act, the member of staff should utilise The Collegiate grievance procedure and should also notify the DPC.

Data Security

The Collegiate will take appropriate technical and organisational steps to ensure the security of personal data.

All staff will be made aware of this policy and their duties under the Act.

The Collegiate and data processors within placement and partnership schools are required to respect the personal data and privacy of others and must ensure that appropriate protection and security measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to all personal data.

An appropriate level of data security must be deployed for the type of data and the data processing being performed. In most cases, personal data must be stored in appropriate systems and be encrypted when transported offsite. Other personal data may be for publication or limited
publication within The Collegiate, therefore having a lower requirement for data security.

External Processors

The Collegiate must ensure that data processed by external processors, for example, schools requesting applications for School Direct Salaried route, service providers, Cloud services including storage, web sites etc. are compliant with this policy and the relevant legislation.

Secure Destruction

When data held in accordance with this policy is destroyed, it must be destroyed securely in accordance with best practice at the time of destruction.

Retention of Data

The Collegiate may retain data for differing periods of time for different purposes as required by statute or best practices. Other statutory obligations, legal processes and enquiries may also necessitate the retention of certain data.

The Collegiate will retain data on data subjects for a period of 50 years to facilitate the writing of employment references and employment checks for future employers.