Data Protection & Freedom of Information
The Kite Academy Trust is committed to complying with the data protection principles as outlined in the General Data Protection Regulations (UK GDPR) 2018 and the Data Protection Act (DPA) 2018. The Trust takes its obligations in this regard seriously.
Data Protection Policy
The Kite Academy Trust Data Protection Policy can be found here.
Data Protection Officer
The Data Protection Officer (DPO) is responsible for overseeing data protection within the Kite Academy Trust and its academies. If you have any questions in this regard, please contact the DPO as below:
Freedom of Information
The Freedom of Information (FOI) Act 2000 aims to promote greater accountability across the public sector. The Act is overseen by the Information Commissioner and detailed guidance on the legislation can be found on the Information Commissioner's Office (ICO) website.
Under the legislation, schools are required to:
• have a publication scheme which sets out what information they hold and where and how this can be accessed;
• have a Freedom of Information Policy;
• be aware of their statutory responsibility to respond to requests for information the hold.
The Kite Academy Trust strives to be as open as possible in its attitudes, operations, policies and processes, and is pleased to share information about its activities. Please read our Freedom of Information Policy & Publication Scheme for information available from the Kite Academy Trust under the Freedom of Information Act.
The best way to find information about the Trust and our academies is to use the search feature on our websites however, if you cannot find the information you require, please read the guidance below on making a request.
Making a Request for Information
For a request to be considered valid under the Freedom of Information Act, it must:
• be in writing;
• include a name and address for correspondence (email address is sufficient);
• Detail the information requested.
However, any request for information received in writing by a member of staff within the Trust can constitute an FOI request. The Trust may charge a fee for the information or disbursements (postage, photocopying etc. where reasonable). Once it has received the fee and sufficient detail to fulfill a request, the Trust must respond within 20 working days by:
• confirming whether it holds the information, and
• either providing a copy or summary of the information, or arranging for the requester to inspect the information,
• or informing the requester why the information has been withheld.
Further information is available on the ICO website and in our Freedom of Information Policy.
A request for information under the Freedom of Information Act can be made by completing an online form here.
Please note that Freedom of Information requests are not the same as Subject Access Requests, which are requests for personal information by either the subject of that information or a third party and are handled in accordance with the Data Protection Act 2018.
Subject Access Requests
Under Data Protection Law, Data Subjects have a general right to find out whether the Trust hold or process personal data about them, to access that data, and to be given supplementary information. This is known as the right of access, or the right to make a Subject Access Request (SAR). The purpose of the right is to enable the individual to be aware of, and verify, the lawfulness of the processing of personal data that the Trust are undertaking.
A Data Subject has the right to be informed by the Trust of the following:
• Confirmation that their data is being processed;
• Access to their personal data;
• A description of the information that is being processed;
• The purpose for which the information is being processed;
• The recipients/class of recipients to whom that information is or may be disclosed;
• Details of the Trust’s sources of information obtained;
• In relation to any Personal Data processed for the purposes of evaluating matters in relation to the Data Subject that has constituted, or is likely to constitute, the sole basis for any decision significantly affecting the Data Subject, to be informed of the logic of the Data Controller’s decision making. Such data may include, but is not limited to, performance at work, creditworthiness, reliability and conduct; and other supplementary information.
A Subject Access Request can be submitted by competing an online form here. Further information on making a Subject Access Request and how the Trust will respond can be found in our Data Protection Policy (Appendix 1).