Privacy and Legal

nasen WEBSITE PRIVACY POLICY

We, nasen, are the ‘controllers’ of the information which we collect about you (‘personal data’). Being controllers of your personal data, we are responsible for how your data is processed. The word ‘process’ covers most things that can be done with personal data, including collection, storage, use and destruction of that data.

This notice explains why and how we process your data, and explains the rights you have around your data, including the right to access it, and to object to the way it is processed. Please see the section on ‘Your rights as a data subject’ for more information.

nasen is a charitable organisation (reg Charity number 1007023) supporting practitioners by providing relevant information, training and resources to enable staff to meet all pupils’ needs. Working with dedicated education professionals, nasen aims to ensure that practice for special and additional needs is both effective and current. nasen is committed to providing an excellent range of professional development opportunities by offering the latest news and information, to support practitioners in identifying and meeting the needs of children and young people.

The National Association of Special Educational Needs (nasen) is a company limited by guarantee (Reg. Co. number 2674379) carries on a range of activities to generate income for the nasen including membership, training conferences and event, publications and online research journals.

If you have any questions in relation to this privacy policy or how we use your personal data they should be sent to dpo@nasen.org.uk or addressed to the Data Protection Officer, nasen, 4&5 Amber Business Village, Amber Close, Tamworth, Staffordshire, B77 4RP.

Personal data

‘Personal data’ is any information that relates to a living, identifiable person. This data can include your name, contact details, and other information we gather as part of our relationship with you.

It can also include ‘special categories’ of data, which is information about a person’s race or ethnic origin, religious, political or other beliefs, physical or mental health, trade union membership, genetic or biometric data, sex life or sexual orientation. The collection and use of these types of data is subject to strict controls. Similarly, information about criminal convictions and offences is also limited in the way it can be processed.

We are committed to protecting your personal data, whether it is ‘special categories’ or not, and we only process data if we need to for a specific purpose, as explained below.

We collect your personal data mostly through our contact with you, and the data is usually provided by you, but in some instances, we may receive data about you from other people/organisations. We will explain when this might happen in this Notice.

Your personal data (any information which identifies you, or which can be identified as relating to you personally for example, name, address, phone number, email address) will be collected and used by us. We’ll only collect the personal data that we need. 

We collect personal data in connection with specific activities such as registration or membership requests, placing an order, booking training, donations, volunteering, conducting research, ordering an image, employment etc. 

You can give us your personal data by filling in forms on our website, by registering to use our website, or other social media functions on our website, entering a competition, promotion or survey or by corresponding with us (by phone, email or by joining as a member/supporter/customer). 

This personal data you give us may include name, title, address, date of birth, age, gender, employment status, demographic information, email address, telephone numbers, personal description, photographs, attitudes, opinions, usernames and passwords).

Your data and how and why we process it

In general terms, we process your data in order to manage our relationship with you. The table below lists more specific purposes for processing your data, and the legal basis for each type of processing.

At times, we may further process data which we have already collected. We will only do this if the new purpose for processing it further is compatible with the original purpose that the data was collected for. We will tell you about any further processing before carrying it out.

Data Processing Legal basis for processing
Membership including newsletters and magazines 
We use the personal data you provide as a member provide to service your membership.  This includes sending renewal information to members by mail and email, sending nasen magazines and newsletters. It’s also used to verify you when you contact our administrative centre or sign up for a nasen account to manage your membership online
  • you have given your consent to the processing of your data for the specific purpose of receiving your membership benefits.
Donations
If you make a donation, we’ll use any personal information you give us to record the nature and amount of your gift, claim gift aid where you’ve told us you’re eligible and thank you for your gift.
  • you have given your consent to the processing of your data for the specific purpose of making your donation(s).
Marketing communications
Your privacy is important to us, so we’ll always keep your details secure. We’d like to use your details to keep in touch about things that may matter to you. If you choose to hear from us we may send you information based on what is most relevant to you or things you’ve told us you like.

We may also show you relevant content online. This might be about our membership packages, training and events, publications and journals or about you volunteering with us.

We’ll only send these to you if you agree to receive them and we will never share your information with companies outside of nasen for inclusion in their marketing. We may send you relevant information regarding goods and services provided by other companies but we will not share your data with them. If you agree to receive marketing information from us you can change your mind at a later date.

However, if you tell us you don’t want to receive marketing communications, then you may not hear about events or other work we do that may be of interest to you.

Personal data provided to us may also be profiled to help us with advertising targeting. For example, your membership data may be used to ensure we don’t serve you online membership advertisements. Or we may use your personal data to find online users with a similar profile to yourself who may be interested in our products or services.

We’ll always act upon your choice of how you want to receive communications (for example, by email, post or phone). However, there are some communications that we need to send. These are essential to fulfil our promises to you as a member, volunteer, donor or buyer of goods or services.

Examples are:

• Transaction messaging, such as Direct Debit schedules, shop purchase confirmations.

• Membership-related mailings such as renewal reminders, nasen magazines and newsletters.
  • you have given your consent to the processing of your data for the specific purpose of receiving your membership benefits.
  • you have given your consent to the processing of your data for the specific purpose of making your donation(s).
  • you have given your consent to the processing of your data for the specific purpose of receiving your membership benefits.
  • you have given your consent to the processing of your data for the specific purpose of receiving marketing communications.
OR
  • processing is necessary for the purposes of the legitimate interests pursued by us to provide you with additional goods and services or information about them.
  • processing is necessary for the purposes of the legitimate interests pursued by us to provide you with additional goods and services or information about them.
  • we will require your consent to contact you regarding marketing if we hold your personal email address. If we use an email address for you at your place of work processing is necessary for the purposes of the legitimate interests pursued by us to provide you with information about our research and the opportunities for you to take part in it.
Management of volunteers
We need to use your personal data to manage your volunteering, from the moment you enquire to the time you decide to stop volunteering with us. This could include: contacting you about a role you’ve applied for or we think you might be interested in, expense claims and to recognise your contribution.
  • you have given your consent to the processing of your data for the specific purpose of allowing nasen to manage your volunteering with us.
Research
We carry out research with our supporters, customers, staff and volunteers to get feedback on their experience with us. We use this feedback to improve the experiences that we offer and ensure we know what is relevant and interesting to you. If you choose to take part in research, we’ll tell you when you start what data we will collect, why and how we’ll use it. All the research we conduct is optional and you can choose not to take part.
  • you have given your consent to the processing of your data for the specific purpose of allowing nasen to manage your volunteering with us.
  • processing is necessary for the purposes of the legitimate interests pursued by us to provide you with information about our research and the opportunities for you to take part in it.
Profiling
We know it’s important to our supporters to use our resources in a responsible and cost-effective way. We use profiling and targeting to help us understand our members and supporters and make sure that:

• our communications (e.g. emails) and services (e.g. our website) are relevant, personalised and interesting to you

• our services meet the needs of our supporters

• we only ask for further support and help from you if it’s appropriate

• we use our resources responsibly and keep our costs down

To do this we’ll analyse how you interact with us (e.g. on our website) in order to understand your interests.

We use specific tools to profile how you interact with us online, for example Google Analytics and Hotjar. Much of the information we collect is aggregated, however we may also collect some personal data for the use of personalising your experience, optimising our marketing campaigns, and to ensure the site is functioning as intended.



The personal information that is collected includes transactional information (i.e. order number) for Memberships, Donations, and Online purchases. We also collect data on individual user activity when they create or log into their nasen account. If you’ve agreed that we can contact you for marketing purposes, we may also gather additional information about you from external sources, for example: updates to address and contact information, or publicly available information. We may use this information to assess your interest in joining or supporting us and invite you to do so
  • you have given your consent to the processing of your data for the specific purpose of marketing communications.
OR
  • processing is necessary for the purposes of the legitimate interests pursued by us to provide you with information about the goods and services we provide which may be of the most relevance to you.
Recruitment and employment

In order to comply with our contractual, statutory, and management obligations and responsibilities, we process personal data, occasionally including ‘sensitive’ personal data, from job applicants and employees.

Such data may include information relating to health and criminal convictions. In certain circumstances, we may process personal data or sensitive personal data, without explicit consent. Further information on what data is collected and why it’s processed is given below.

Contractual responsibilities: Our contractual responsibilities include those arising from the contract of employment. The data processed to meet contractual responsibilities includes, but is not limited to, data relating to: payroll, bank account, postal address, sick pay; leave, maternity pay, pension and emergency contacts.

Statutory responsibilities: Our statutory responsibilities are those imposed through law on the organisation as an employer. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax, national insurance, statutory sick pay, statutory maternity pay, family leave, work permits, equal opportunities monitoring.

Management responsibilities: Our management responsibilities are those necessary for the organisational functioning of the organisation. The data processed to meet management responsibilities includes, but is not limited to, data relating to: recruitment and employment, training and development, absence, disciplinary matters, e-mail address and telephone number.
  • processing is necessary for compliance with a legal obligation to which nasen is subject.
OR
  • processing is necessary for the performance of a contract of employment to which the data subject is party or in order to take steps at the request of the data subject prior to entering into such a contract.
  • processing is necessary for the performance of a contract of employment to which the data subject is party or in order to take steps at the request of the data subject prior to entering into such a contract.
  • processing is necessary for compliance with a legal obligation to which nasen is subject such as reporting to and making payments to HMRC.
  • processing is necessary for the performance of a contract of employment to which the data subject is party or in order to take steps at the request of the data subject prior to entering into such a contract.
Sensitive personal data

The Act defines ‘sensitive personal data’ as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions.

In certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of an employee.

(a) We will process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge and, where necessary, consent.

(c) Data about an employee’s criminal convictions will be held as necessary where they are relevant to the post being held.
  • processing is necessary for the performance of a contract of employment to which the data subject is party or in order to take steps at the request of the data subject prior to entering into such a contract.
  • processing is necessary to meet our obligations under employment law and/or to meet the requirements our internal policies and Staff Handbook.
  • Data is held under the provisions of the Data protection act 2018

Personal data received from third parties

We may buy external data from time to time in order to increase our reach throughout the sector in order to fulfil our charitable aims and objectives as widely as possible.

Who we share your data with

For some processing purposes we share your data with third parties. When we allow third parties acting on behalf of nasen to access to your information, we will always have complete control of what they see, how long they see it for and what they are allowed to do with it. We do not sell or share your personal information for other organisations to use.

This is a list of the information we may share with external recipients, and for what purpose:

Recipients of your data Purpose for sharing
• employees;

• Third party cloud hosting and IT infrastructure providers who host the website and provide IT support in respect of the website;
This is to allow our staff to process your data to meet your requirements as a member or consumer of our goods and services So that out infrastructure is able to meet the demands of you as a member or user of our online services. Also, to allow our systems to securely store the data we hold and process it for renewals and communication purposes.
Also, under strictly controlled conditions:

• Contractors

• Service Providers providing services to us

• Advisors

• Agents
To allow mailings, distribution of online journals.

In terms of our staff to provide information regarding pensions and other benefits agreed with employees.
We may also disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or cookie policy and other agreements; or to protect the rights, property, or safety of nasen, our members, supporters and visitors. This includes exchanging information with other companies and organisations for the purposes of fraud protection.

In terms of payment card security nasen has an PCI-DSS compliance programme in place. This is the international standard for safe card payment processes. As part of our compliance to this very stringent standard, we ensure that our IT systems do not directly collect or store payment card information; for example the full 16 digit number on the front of the card or the security code on the back. Our online payment solutions are carried out using a 'payment gateway' (e.g. Sagepay) which is a direct connection to a payment service provided by a bank. This means that when you input card data into the payment page, you are communicating directly with the bank and the bank passes your payment to us, this means that your payment card information is handled by the bank and not processed or held by us.
As an employer we are obliged to process and disclose information regarding our staff to for example HMRC

How we store your data

Your personal data is held in both hard copy and electronic formats.

Electronic data, including emails, is stored on our servers, which are located in the UK and on our software suppliers’ servers which are also located in the UK.

 

How long we keep your data

We will only use and store your information for as long as it is required for the purposes it was collected for. How long it will be stored for depends on the information in question, what it is being used for and, sometimes, statutory legal requirements. 

Once the applicable retention period expires, unless we are legally required to keep the data longer, or there are important and justifiable reasons why we should keep it, we will securely delete the data.

Cookies on our website

Cookies are small files which websites store on your computer and which contain various types of information about your visit to a website. They are not viruses or malicious software but they are generally aimed at providing you with a good experience when browsing a site by, for example, remembering your preferences so that you do not need to reset them every time you visit the website.

Cookies can record information about how you browse the internet. They can therefore be used by websites to advertise goods and services which, based on your browsing history, are similar to goods and services which you have previously searched online. This is why some users reject or delete cookies.

Cookies normally expire after a length of time which can vary from a few minutes to more than a year. Some cookies are ‘session cookies’ which are deleted when you close your internet browser or after a period of inactivity. Others are ‘persistent cookies’ which remain on your computer until their expiration date.

We do not store cookies on your computer without your consent unless they have the sole purpose of carrying out the transmission of communications or they are strictly necessary for providing an online service.

You may restrict or block cookies which are set by any website through your browser settings. Your browser settings also allow you to clear your browsing history and delete cookies. Information about how you can do this can be found on this link https://ico.org.uk/for-the-public/online/cookies. Mobile devices may have their own settings and you need to refer to the manual of the device.

Please note that restricting or disabling cookies may impact the functioning of parts of our website.

Further information can be found in nasen's cookie policy.

Your rights as a data subject

As a data subject, you have the following rights in relation to your personal data processed by us:

  • To be informed about how your data is handled;
  • To gain access to your personal data;
  • To have errors or inaccuracies in your data changed;
  • To have your personal data erased, in limited circumstances;
  • To object to the processing of your personal data for marketing purposes or when the processing is based on the public interest or other legitimate interests;
  • To restrict the processing of your personal data, in limited circumstances;
  • To obtain a copy of some of your data in a commonly used electronic form, in limited circumstances;
  • Rights around how you are affected by any profiling or automated decisions.

Withdrawing consent

If we are relying on your consent to process your data, you may withdraw your consent at any time.

Complaints to the Information Commissioner

You have a right to complain to the Information Commissioner's Office (ICO) about the way in which we process your personal data. You can make a complaint on the ICO’s website https://ico.org.uk/.

Exercising your rights, queries and complaints

For more information on your rights, if you wish to exercise any right or for any queries you may have or if you wish to make a complaint, please contact our Data Protection Officer:

nasen,

4&5 Amber Business Village,
Amber Close,
Tamworth,
Staffordshire,
B77 4RP
01827 311500
DPO@nasen.org.uk