What type of information do we collect?
We receive, collect and store any information that you enter on our website or provide to us in another way (such as, putting your details on a sign up form at an event). This can include:
Personal details like names, addresses, email addresses and telephone numbers.
Personal details on your children who are at the school (only if needed for a specific reason, and in as limited form as possible).
Transactional sales data (for example, the number of items you have bought through our website, but not payment data – see below).
Consent from parents/guardians for the collection and use of photos and videos in our promotional materials,
Photographs or videos (e.g. taken at events, that we have had consent to collect).
We do not collect or hold individual payment data. We use third party applications to process electronic payments on our website; Stripe and PayPal. Both of these securely collect customers payment data in accordance with the standards set by PCI-DSS as managed by the PCI Security Standards Council, a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information. We are not able to access any individual payment data on the Stripe or PayPal platforms.
How do we collect this information?
We primarily collect this information electronically; for example, when you sign up to our website or process a transaction such as buy a ticket to one of our events or a piece of 2nd hand uniform. We may collect it from you in person at events, for example through our PTA sign up sheets at welcome events. Your personal information will only be used for the stated reasons in this policy.
We use the information to:
Contact ticket holders about events they have bought tickets for, e.g. sending reminders before an event.
Run PTA events e.g. compile attendee and emergency contact detail lists which, for some events, we will share with the Event Organisers (who are normally PTA Committee Members or Teaching Staff).
Fulfill the orders you place on our website, for example, for 2nd hand uniform or other items.
- Meet our regulatory and legal requirements, for example, accounting purposes or regulatory reporting such as to the Charities Commission.
Ensure that any photo and video data is collected, managed and used legally and appropriately, always subject to parental consent and in accordance with child protection laws.
We do not send general marketing communications or newsletters using the data you provide through the website (these will continue to come via schoolcomms).
Our legal basis for using this data
We only collect and use personal data when the law allows us to. Most commonly, we process it:
to fulfill a transaction (for example, if you buy a ticket for an event or purchase an item in our shop, you are giving us consent to process your data relevant to that contract),
where we have obtained consent to use it in a certain way (for example, for taking photographs at an event which might feature your family or where you've given us consent to share your address with a Sponsor to feature an estate agents board outside your house). You may withdraw your consent at any time, see below for how to do this.
Some of the reasons listed above for collecting and using personal data overlap, and there may be several grounds which justify our use of this data.
How we store this data:
Data will primarily be stored electronically through our website which is hosted on the Wix.com platform. They store your data on secure servers behind a firewall. Only a small number of select members of the PTA Committee will have access to this data through the Wix.com platform, such as the Website Manager, Design Manager and Back-end Manager. We may store some data (for example, contact lists for the Friends of the PTA) in our DropBox folders or in our gmail account. We keep these secure by limiting access to only those Committee Members who need access and protecting with passwords where possible.
Any paper-based information e.g. attendance checklists, will be stored and disposed of securely as soon as they are no longer needed.
Data will only be kept for as long as the PTA has a legal basis to hold it or as required by regulation.
If you have any questions about this policy, if you do not want us to process your data anymore, if you would like to see a copy of the information we hold on you or to change any of the data or consents previously provided (including it's deletion/withdrawal), please contact us at firstname.lastname@example.org.
To make a formal complaint about the PTA's information rights practices, you can contact the Information Commissioner's Office.