- Retain or take control of any grant funding or fundraising secured by any Achievement for All Education Trust school
- Take any financial or strategic decision that will place any Achievement for All Education Trust school at risk of financial or reputational risk, or in any way compromise the quality of teaching and learning for any child or young person
- Dispose or transfer ownership of any assets without full consultation and full regard to all financial and governance regulation and good practice
- Permit any personal gain by AfA 3As or AfA Education Trust employees or their relatives directly or indirectly through the letting of contracts without following a fair and transparent procurement process.
Privacy and GDPR
The Achievement for All Education Trust is strongly committed to protecting personal data. Personal data is any information relating to an identified or identifiable living person.
The Trust will ensure that personal and sensitive data is:
- processed lawfully, fairly and in a transparent manner;
- collected for specified, explicit and legitimate purposes
- adequate, relevant and limited to what is necessary
- accurate and, where necessary, kept up to date, and are erased or rectified without delay
- kept for no longer than is necessary
- processed securely and protected using appropriate technical or organisational measures.
These measures will be enhanced to ensure the protection of children’s personal data, especially where children are under the age of 16.
Individuals’ rights to personal data will be assured by making sure that data subjects:
- Are informed about the processing of personal data
- Can access the personal data stored
- Have the right to correct inaccurate or incomplete records
- Can request that their personal data is erased
- Can ‘block’ or suppress the processing of their data
- Can obtain and reuse their data
- Object to or ‘opt-out’ of the processing of their personal data
- Are protected from automated decision making and profiling.
Additional measures are in place as follows:
- Personal and sensitive data will not be passed to any other organisations unless individuals have been informed and the necessary compliance requirements are in place between the Trust and the third party organisation
- Any security or data breaches will be reported in line with requirements.
- Data is hosted on servers located within the UK and will not be transferred out of the European Economic Area.
Further details about the Trust’s GDPR compliance are contained in a privacy statement and a statement of compliance will be published on this website in due course.