Privacy Policy

This Privacy Policy explains how Bywater Kent Support Services ("we", "our", or "us") collects, processes, and protects personal data in accordance with applicable laws, including the UK Data Protection Act 2018 (DPA 2018) and the UK General Data Protection Regulation (UK GDPR) as amended by the Data (Use and Access) Act 2025.

We provide HR consultancy and Data Protection Officer (DPO) services mainly within the education sector. This policy applies to the personal data we collect and process while delivering these services, including through our website and online client portal. It outlines how we ensure compliance with data protection principles.

1. Data Controller and Contact Information

For any questions or concerns about this Privacy Policy or your personal data, please contact us at the details provided above.

2. Types of Data We Process

We process the following types of personal data as part of our services to schools and childcare providers:

• Personal Identification Information: Name, contact details (email, phone number), job title, and professional qualifications.
• Employment Information: Employment history, role details, salary, performance reviews, and other employment-related data.
• Sensitive Data: Health data (such as medical certificates), criminal background checks, and safeguarding information (where applicable).
• School and Childcare Provider Data: Information regarding staff, pupils, parents, and other individuals in relation to HR and data protection services.
• Communication Data: Emails, correspondence, and other communications for the purposes of providing consultancy and DPO services.

3. Lawful Bases for Processing Personal Data

We process personal data in compliance with the UK GDPR, relying on the following lawful bases:

• Consent: Where we have obtained explicit consent from individuals for specific processing activities (e.g. health data or other sensitive personal information).
• Contractual Necessity: Where processing is necessary for the performance of a contract with our clients (e.g. providing HR consultancy services).
• Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject (e.g. data protection laws).
• Legitimate Interests: Where processing is necessary for our legitimate interests, provided these interests are not overridden by the data subject's rights and freedoms (e.g. ensuring effective communication with clients and staff).

4. How We Use Personal Data

We use personal data for the following purposes:

• HR Consultancy: To assist our clients with employee management, recruitment, performance evaluations, and other HR-related services.
• Data Protection Officer (DPO) Services: To provide our clients with guidance and advice on data protection compliance, data security, and safeguarding of personal data.
• Compliance with Legal Obligations: To ensure that our services comply with employment law, data protection law, and any other applicable legislation.
• Communications: To communicate with clients, employees, and other stakeholders in relation to our services, including updates, queries, and reporting.

5. Website, Online Client Portal, and Cookies

Website and Client Portal Processing:

When you visit our website or use our online client portal, we may collect personal data in order to provide you with our services, respond to enquiries, or ensure the functionality of the portal. This includes:

• Contact Information: Name, email, phone number, or any other personal details you provide when filling out contact forms or signing up for our services.
• User Account Data: When you create an account on our client portal, we may collect login details, contact information, and any information necessary to support the services you access via the portal.
• Technical Data: This includes information about your use of our website and client portal, such as IP address, browser type, device information, and browsing activity.

Cookies and Similar Technologies:

We use cookies and similar tracking technologies to enhance the functionality and user experience of our website and client portal. Cookies help us:

• Remember your preferences and settings for future visits.
• Analyse how our website and portal are used to improve functionality.
• Provide you with personalised content or offers (if applicable).

By using our website, you consent to the use of cookies in accordance with this Privacy Policy.

You can obtain up-to-date information about blocking and deleting cookies via these links:

• (a) Chrome
• (b) Firefox
• (c) Opera
• (d) Internet Explorer
• (e) Safari
• (f) Edge

Please note that blocking cookies may have a negative impact on the functions of many websites, including our Site.

6. Data Retention

We will retain personal data only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal, regulatory, or contractual requirements. Once personal data is no longer needed, it will be securely deleted or anonymised.

7. Data Sharing and Third-Party Processors

We may share personal data with third-party service providers who assist us in delivering our services, such as IT providers, cloud storage services, and legal advisors. These third-party processors will only process personal data in accordance with our instructions and in compliance with data protection laws.

We will never sell, rent, or otherwise share your personal data with third parties for marketing purposes.

8. Data Transfers

We process personal data within the United Kingdom and do not transfer personal data outside of the UK. If we need to transfer personal data to a third country in the future, we will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs), to protect the data in accordance with data protection law.

9. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

• Right to Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can request that we correct any inaccuracies in your personal data.
• Right to Erasure: You can request that we delete your personal data, subject to certain conditions.
• Right to Restrict Processing: You can request that we restrict the processing of your personal data, subject to certain conditions.
• Right to Object: You can object to the processing of your personal data on the basis of legitimate interests or direct marketing.
• Right to Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format for transfer to another data controller.

To exercise these rights, please contact us using the contact information provided above.

10. Security of Personal Data

We implement appropriate technical and organisational measures to ensure the security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction, or damage.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, business practices, or legal requirements. Any updates will be posted on our website with the effective date of the changes. We encourage you to review this Privacy Policy periodically.

12. How to Complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we've used your data after raising a complaint with us, you can also complain to the ICO.