Privacy Policy

Privacy Policy

Sheffield Catholic Schools Partnership

Privacy Notice for Hallam Teaching School

Hallmark: We honour the dignity and sacredness of each person.

 This statement should be read in conjunction the following documents

  • Data Protection policy for Notre Dame High School.
  • Privacy Notice for Sheffield SCITT Trainees
  • Privacy Notice for South Yorkshire Maths Hub 

This statement is intended to provide information as to how we will collect, use or process personal data collected through the operation of Hallam Teaching School. For the purposes of clarity this document does not apply to personal data collected through the activities of the Sheffield SCITT or the South Yorkshire Maths Hub. For the avoidance of doubt, this document also applies to personal data collected via the Hallam Teaching School website.

 Responsibility for Data Protection

The legal entity for Hallam Teaching School is Notre Dame High School. Notre Dame High School is registered with the Information Commissioner’s Office. The registration number is Z8538235. 

The Data Protection Officer (DPO) for the school is John Coats. The DPO can be contacted on or 0114 2302536.

All persons engaging with Hallam Teaching School have a responsibility to abide by the law relating to data protection.

Hallam Teaching School’s Role as a Data Controller and a Data Processor

Unless stated below Hallam Teaching School acts as a Data Controller. Where Hallam Teaching School acts as a data processor the schedules at the end of this document detail the nature of our processing and the details of the Data Controller in each instance.

Schedule 1: Processing Data for the STEM International Recruitment Programme. 

The Data Protection Act 1998: Why does Hallam Teaching School collect personal data.

We collect and use personal data under the following Articles of the General Data Protection Regulations (GDPR)

Article 6:

Processing shall be lawful only if and to the extent that at least one of the following applies:

6 (1) a. The data subject has given consent to the processing of his or her personal data for one or more specific purposes;

6 (1) e. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

For the avoidance of doubt, throughout this document we are using and applying the GDPR definition of consent, namely “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative actions, signifies agreement to the processing of personal data relating to him or her.”

We use Hallam Teaching School website visitor data to:

  • Respond to enquiries from website visitors about our Hallam Teaching School activities;
  • Book website visitors on to Hallam Teaching School courses activities;

The collection of this information will benefit both national and local users by:

  • Enabling Hallam Teaching School to carry out its public interest tasks of training teachers, providing support and/or high quality professional development for teachers and schools, carrying out educational research to establish what has most impact on student outcomes, and responding to general enquiries.

The categories of personal data that Hallam Teaching School collects, holds and shares includes:

  • Name;
  • Contact details;
  • The enquiry or booking made by the visitor.

Collecting personal data from persons that engage with Hallam Teaching School

All personal data collected by Hallam Teaching School is provided to us on a voluntary basis.

Storing personal data

Hallam Teaching School stores personal data until the later of the two dates below: 

  • The end of the academic year in which an enquiry was made;
  • The end of the academic year following any support/training provided as a result of the enquiry. 

Who do we share school visitor information with? 

We will share personal data provided to us with individuals or organisations contracted by Hallam Teaching School to organise or deliver any support, training or follow up work resulting from the contact.

Internet Cookies

Internet cookies are used by our website for the purposes of creating a better user experience (ie remembering any preferences you may choose) and for anonymous statistical tracking. Our web site will still work if cookies are declined by your web browser. 

Requesting access to your personal information

Under data protection legislation, visitors to the Hallam Teaching School website have the right to request access to information about them that we hold. This is referred to as a Subject Access Request (SAR). The GDPR clarifies that the reason for allowing individuals to access their personal data is so that they are aware of and can verify the lawfulness of the data processing. To make a request for your personal information, contact the Data Protection Officer.

You also have the right to: 

  • Object to processing of personal data that is likely to cause, or is causing, damage or distress;
  • Prevent processing for the purpose of direct marketing;
  • Object to decisions being taken by automated means;
  • In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • Claim compensation for damages caused by a breach of the Data Protection regulations.

To make a SAR, or to exercise any of your rights under data protection regulation, you should contact the Data Protection Officer at Notre Dame High School at

On receipt of a request to exercise any of your rights under data protection regulation, the school will:

  • Respond to acknowledge receipt of your request;
  • Request proof of identify of the person making the request;
  • Inform you as to whether there are any statutory reasons why we may be unable to respond to your request;
  • Act in accordance with the GDPR in terms of our actions in response to your request, and with due regard to the timescales set out in the GDPR.

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at

If you want to see a copy of information about you that we hold, please contact the Data Protection Officer at Notre Dame High School at

Schedule 1 Processing, Personal Data and Data Subjects for the STEM International Recruitment Programme

  1. The contact details of the Controller’s Data Protection Officer are: Louise Baker, Level 1, Sanctuary Buildings, Great Smith Street, London, SW1P 3BT, Tel: 020 77838656
  2. The contact details of the Processor’s Data Protection Officer are: John Coats, Notre Dame High School, Fulwood Road, Sheffield, S10 3BT, Tel. 0114 2302536 Ext. 228, Email:
  3. The Recipient shall comply with any further written instructions with respect to processing by the Department.
  4. Any such further instructions shall be incorporated into this Schedule.



Identity of the Controller and Processor

The Parties acknowledge that for the purposes of the Data Protection Legislation, the Customer is the Controller and the Contractor is the Processor in accordance with Clause 1.1.


Subject matter of the processing

The processing is needed in order to ensure that the Processor can effectively deliver the contract to provide an acclimatisation service to international STEM teachers sourced from either New Zealand, Australia, USA or Canada in academic year 2018/19.


Duration of the processing

17 April 2018 – 1 July 2019

Nature and purposes of the processing

The nature of the processing means any operation such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data (whether or not by automated means) etc.

The purpose might include but is not limited to:

·         Employment processing

·         Statutory obligation

·         Recruitment assessment

·         Interviews

·         Acclimatisation and further CPD training

·         Mentoring

·         Audit and assurance

·         Invoicing

·         Exit surveys

All personal data processed in connection with this exercise must be in accordance with the GDPR 2018 and the Parties acknowledge that the DfE is the Data Controller and that the Supplier is the Data Processor. The GDPR regulates the processing of information relating to individuals. The Processor must: -

·         Process the personal data only on the documented instructions of the Controller;  

·         Comply with security obligations equivalent to those imposed on the Controller (implementing a level of security for the personal data appropriate to the risk);

·         Ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;

·         Only appoint Sub-processors with the Controller’s prior specific or general written authorisation, and impose the same minimum terms imposed on it on the Sub-processor; and the original Processor will remain liable to the Controller for the Sub-processor’s compliance. The Sub-processor must provide sufficient guarantees to implement appropriate technical and organisational measures to demonstrate compliance. In the case of general written authorisation, Processors must inform Controllers of intended changes in their Sub-processor arrangements;  

·         Make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 GDPR and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller - and the Processor shall immediately inform the controller if, in its opinion, an instruction infringes GDPR or other EU or member state data protection provisions;

·         Assist the Controller in carrying out its obligations with regard to requests by data subjects to exercise their rights under ​chapter III of the GDPR​, noting different rights may apply depending on the specific legal basis for the processing activity (and should be clarified by the Controller up-front);

·         Assist the Controller in ensuring compliance with the obligations to implementing a level of security for the personal data appropriate to the risk, taking into account the nature of processing and the information available to the Processor;

·         Assist the Controller in ensuring compliance with the obligations to carry out Data Protection Impact Assessments, taking into account the nature of processing and the information available to the Processor; and

Notify the Controller without undue delay after becoming aware of a personal data breach.

Type of Personal Data


·         Number of years of teaching experience

·         School phase qualified to teach

·         Subject(s) qualified to teach

·         Country where teaching qualification was awarded

·         Confirmation that you are fully qualified to teach the selected subject(s) in your country

·         Employer’s details

·         Name

·         Date of birth

·         Current country of residence

·         Email address

·         Telephone number

·         National Insurance Number

·         DBS and overseas checks

·         Pay

·         Images

·         Address

·         Qualifications

·         QTS Award

·         Teacher Reference Number (TRN)


Categories of Data Subject


·         Staff details

·         International candidates (teachers)

·         Hiring Schools/Academies

·         Users of (Overseas qualified teachers registration and STEM international pages)

·         Users of school-led network websites.

·         Customers/ Clients


Plan for return and destruction of the data

once the processing is complete UNLESS requirement under union or member state law to preserve that type of data

Will only keep personal data for as long as required for the purpose(s) of this contract, after which point it will be securely destroyed unless the Data Subject specifically opts in and positively acknowledges the personal information stored is not passed onto third parties without prior consent. To have in place processes to destroy all personal data if the Data Subject withdraws consent to retaining the aforementioned Data.