Data Protection & GDPR

Your personal data will be processed by Rockstone Consultancy,  in accordance with the any applicable law relating to the processing, privacy, and use of Personal Data, as applicable to you and/or the Services, including the Data Protection Act 1998, the General Data Protection Regulation (EU) 2016/679 and any subsequent UK data protection legislation and our Privacy Policy.

We will only process the data provided by you for the purposes stated, in this case to establish which of our professional health and education assessments you are eligible to purchase and use. Once we have evaluated the information provided and issued the corresponding ‘qualification code’, the detailed data will be deleted.

General Data Protection Compliance

In order to comply with General Data Protection Requirements (GDPR) the following must be agreed.

Rockstone Consultancy confirms that nothing within our contract relieves the company of its own direct responsibilities under GDPR.

Rockstone Consultancy can, with permission, collect and process statistics (provided by each academy/school OR through MIS access at each academy/school) in order to assist with the school improvement work for each academy/school. Any contextual data will be specifically, name, year group, tutor group, if relevant house group, gender, SEN, FSM, PPG, LAC, EAL status and ethnicity. Given some of the contextual data is special category data, each academy/school confirms the data subject has been notified that the data may be shared with, and processed by, third parties through the relevant 

Privacy Notice. 

The obligations of Rockstone Consultancy and our clients are:

        • only act on written instructions from the data controller at any establishment
        • ensure that consultants processing the data are subject to a duty of confidence
        • take appropriate measures to ensure the security of processing
        • not use a sub processor without the prior written authorisation of the data controller at any establishment
        • assist any establishment in providing subject access and allowing data subjects to exercise their rights under the GDPR
        • assist any establishment in meeting their GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments
        • delete or return all personal data of any establishment at the end of the contract or dispose of data securely
        • submit to audits and inspections, provide any establishment with whatever information it needs to ensure we are both meeting obligations outlined in Article 28; and tell any establishment if we are asked to do something infringing the GDPR or other data protection law.
        • cooperate with supervisory authorities such as the ICO.