GDPR & Privacy

The General Data Protection Regulation (GDPR) is a regulation that establishes a set of rules for the processing of personal data within the European Union (EU). The regulation applies to organisations that process personal data, including Lexia Education Services Ltd – who provide temporary staffing solutions in the education sector. The GDPR requires that personal data be collected, processed, and stored in accordance with certain principles, including:

  • Lawfulness, fairness, and transparency: Personal data must be processed lawfully, fairly, and
    in a transparent manner.
  • Purpose limitation: Personal data must be collected for specified, explicit, and legitimate purposes and not processed in a manner that is incompatible with those purposes.
  • Data minimisation: Personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
  • Accuracy: Personal data must be accurate and kept up to date.
  • Storage limitation: Personal data must be kept in a form that permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  • Integrity and confidentiality: Personal data must be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

This privacy policy describes how Lexia Education Services collects, uses, and protects personal data in accordance with the GDPR.

We may collect the following types of personal data:

  • Name and contact information (such as email address, phone number, and postal address)
  • Legal personalised documents (such as EHCP’s, risk assessments and other supporting documents specific to a child or adult accessing our services)
  • Employment information (such as CVs, references, and employment history)
  • Sensitive personal data (such as health information, criminal records, and DBS checks)

We may collect personal data in the following ways:

  • Directly from individuals when they apply for a position with us or when we engage them as a temporary worker.
  • From third parties such as schools, local authorities, parents / carers, referees, and background check providers.

We may use personal data for the following purposes:

  • To assess the suitability of candidates for employment opportunities.
  • To provide employment services to clients.
  • To deliver education provisions to children and adults.
  • To comply with legal and regulatory requirements.

We process personal data on the following legal bases:

  • Consent: Where individuals have given their consent to the processing of their personal data for specific purposes.
  • Contract: Where the processing is necessary for the performance of a contract to which the individual is a party.
  • Legal obligation: Where the processing is necessary to comply with a legal obligation to which we are subject.
  • Legitimate interests: Where the processing is necessary for our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

We may disclose personal data to the following types of third parties:

  • Clients who are seeking to engage temporary workers.
  • Third-party service providers, such as payroll providers, IT support providers, and background check providers.
  • Regulatory authorities, such as the Information Commissioner’s Office (ICO).

Data retention

We will retain personal data for as long as necessary to fulfil the purposes for which it was collected, including any legal or regulatory requirements. We may retain personal data for a longer period in certain circumstances, such as where required by law or where necessary to establish, exercise, or defend legal claims.

Data subject rights

We recognise that a data subject has the right to request and receive confirmation of whether Lexia Education Services hold their personal data. If we do, we will provide them with a copy of the data held. The data subject has; The right to be informed. The right of access. The right to rectification. The right to erasure. The right to restrict processing.

Lexia Education Services have put in place appropriate security measures to ensure sensitive information is never accidentally lost, used, altered, disclosed, or accessed in an unauthorised way. Lexia uses Egress software to encrypt sensitive information and to send and receive secure communications. In addition to this, access is limited within the business, to only those employees who “need to know”. All our employees are also subject to a strict duty of confidentiality. We have also, put in place procedures to deal with any suspected data security breaches and the Data Protection Officer, would notify ICO – wherever it is deemed legally necessary.