Referrals: 0800 0246 985
Enquiries:  020 3823 3030
Referrals: 0800 0246 985
Enquiries:  020 3823 3030

Work with us long

Kedleston Group



1. introduction 3

2. Data Controller 3

3. Data Protection Officer 3

4. Retained Personal Data 3

5 Day to Day Use of Data 4

6. Data Storage 4

7. Data Sharing 4

8. The Right of the Individual 4

9. What to expect from a ‘Subject Access Request’ 5

10. Response times to a ‘Subject Access Request’ 5

11. Is there a charge for a subject access request?. 5

12. What if the personal data retained is incorrect?5

13. Other rights..5

14. Complaints.6

Kedleston Group


1. Introduction

On the 25th May 2018 the General Data Protection Regulation (GDPR) will be introduced throughout the EU. GDPR is legislation that is intended to improve the way in which people’s personal data is maintained in a safe and secure way. In addition it also enhances the way in which the legal rights of an individual are protected in respect of their own personal data.

This policy is intended to outline how the Kedleston will utilise the personal data that is obtained and maintained in connection with the day to day running of the company, including the schools and homes that it operates. This includes data in respect of previous, current and future pupils, their parents, carers and guardians as well as staff and other internal and external stakeholders.

The Kedleston Group an independent provider of specialist education and care services operating in England. At the time of writing this policy the company operates 6 day schools, 3 residential schools and two children’s homes. Each school and home has its own privacy policy that it accessible via the website or upon request directly from the school or home.

2. Data Controller

The role of the Data Controller is to determine how an individual’s personal data is processed and for what purpose it may be used. Under the new legislation the Data Controller is the Kedleston Group.

3. Data Protection Officer

The Data Controller will be guided and supported in discharging their responsibility by the Kedleston Data Protection Officer. This is a role shared by Tony Hurran (Group Finance Director) and Lee Reed (Chief Operating Officer). Their role is determine and agree what information may be shared and to ensure that it is processed in accordance with this policy and overall Data Protection Law, when the school receives a request or enquiry requesting information that includes personal data.

The Data Protection Officer is also required to ensure that personal data retained either corporately or by the schools or homes:

- Is stored securely
- Is processed in accordance with GDPR guidelines
- Is collected for legitimate purposes only
- Is current and appropriate
- Is necessary in order to support the placement
- Is retained for only as long as it is required

4. Retained Personal Data

The Kedleston Group retains personal data not only about the pupils and young people placed in our homes, but also about parents, carers and guardians. Additionally, personal data is retained in respect of staff and other internal and external stakeholders. Examples of the information held includes:

- Contact details (home and work), date of birth, information pertaining to GP, Dentist and other health and social care professionals.
- Safeguarding information (including previous history)
- Details pertaining to previous schools, placements, education and care interventions.
- Photographs.
- Results of assessments, pupil progress, individual tests and results.
- Attendance register
- Exclusion
- Where there is CCTV within the school then images may be captured and retained.
- Ethnicity
- Gender
- Staff records (including previous references, performance, sickness data etc.)
*The above are examples and are not intended as an exhaustive list.

5. Day to Day use of data

Personal data is used on a day to day basis within the company for varying purposes. Examples may include, but are not limited to:

- To ensure the safeguarding and well-being of young people.
- As part of the referral and placement process communication between the school and LA
- To monitor and report on pupil progress.
- To comply with external requests for information such as the educational census
- Monitoring young people’s behaviour
- As part of internal Kedleston Group internal school reporting, monitoring and analysis.
- In exceptional circumstances sharing with Police in the event of a young person absconding from school.
- As part of acknowledging, celebrating and communicating events and achievements of the young people within the school.
- Providing information in support of a young person’s transfer to a new school.
- To provide references for new employers
- For disciplinary purposes
- In order to provide health and well-being support to staff.
- For performance management purposes.

6. Data Storage

The personal data collected is retained either on computer in various software programmes or in hard copy paper format.

Personal data is maintained whilst the young people, staff and other internal and external stakeholders are placed, reside, work or are contracted to undertake tasks on behalf of the Kedleston Group. There are certain legal requirements that require information to be maintained securely for defined periods of time once a pupil or young person in residential services has moved on. The same applies for staff and other internal and external stakeholders who are engaged to undertake work on behalf of the Kedleston Group. Details of these time requirements are available from the Kedleston Data Protection Officer.

7. Data Sharing

No personal data relating to a pupil, residential placement, member of staff or any other internal or external stakeholder is shared with any third party without explicit consent being provided unless required to do so under law.

Where there is a legal responsibility to share data, examples might be:

- The placing Local Authority and the Host Local Authority in which the school is located. This may be to meet legal obligations to share information for safeguarding purposes or for more general purposes such as invoicing.
- Examination bodies
- Professional registration bodies
- Regulator – Ofsted and HMI Inspection Team inspection teams.
- Families of the young people.
- Auditors / Professional Advisors working on behalf of the Kedleston Group.
- Police, Court or Tribunal Officials
From time to time a school may be required to provide information to the Department for Education in response to surveys or data collection projects that may lead to anonymised information being maintained on databases. Equally, as an employer Kedleston may be required to participate in surveys, census projects or be required to provide information to various government agencies.

8. The right of the individual

The introduction of GDPR expands the right of individuals to gain access to the information that the company retains about them. The information can be sought via a ‘subject access request’ application that should in the first instance be made to the Chief Operating Officer at the Kedleston Group.
A young person may make a request for disclosure of information relating to their own personal data and this will be provided, providing that the school is of the opinion that the young person is able to understand the information being provided.

A parent, carer or guardian can submit a ‘subject access request’ with respect of their child’s personal data in circumstances where it is determined that the young person is not considered able to understand and interpret the information requested.

A young person, may ask anybody on their behalf to make a ‘subject access request’ and this information should not be withheld without giving a full explanation.

Each ‘subject access request’ will be considered on a case by case basis.

It should be noted that parents, carers or guardians may make a ‘subject access request’ with respect to personal data held about them.

Equally, staff have the right to submit a ‘subject access request’ for the company to share any information held in respect of that employee. (see GDPR HR Privacy Statement)

9. What to expect from a ‘subject access request’.

In the event that a ‘subject access request’ is made then the company will

- Provide you with a clear description of the personal information that is held.
- Explain why the information is held, what it is used for and how long it will be retained in file.
- In the event that the information has been shared with a third party, who it has been shared with.
- Provide a copy of any information that has been provided, if requested.

10. Response time to a ‘subject access request’

The Kedleston Group undertake to ensure that any ‘subject access request’ is responded to within 1 month.

11. Is there a charge for a ‘subject access request’

There is no charge involved.

12. What if the personal data retained is incorrect?

In the event that it is found that personal data being retained is incorrect, then please notify the Chief Operating Officer immediately in order that the error can be corrected immediately.

13. Other rights

In addition to the ‘subject access request’ individuals also have several other rights as part of the implementation of GDPR. There are:

- Request that personal data is not used for direct marketing purposes.
- Withdraw consent to processing of personal data at any time (where consent is the lawful reason for processing)
- Request that incorrect personal data is rectified or erased.
- Object to the processing of data in certain circumstances.
- Challenge processing of data which has been justified on the basis of public interest.
- Prevent processing that is likely to cause damage or distress.
- Object to decisions based solely on automated decision making or profiling (decisions taken with no human involvement that might negatively impact upon them.
- Ask for personal data to be transferred to a third party in a structured, commonly used and machine-readable format (in certain circumstances)
- In certain circumstances be notified of a data breach.
- Make a complaint to the Information Commissioners Office (ICO)
To discuss any of these additional rights or to ask any questions in relation to GDPR implementation, please contact the Kedleston Data Protection Officer via This email address is being protected from spambots. You need JavaScript enabled to view it.

14. Complaints

The Kedleston Group seeks to ensure that it fully complies with GDPR. Any complaints concerning the collection and use of personal information should be addressed in the first instance to:

Lee Reed - Chief Operating Officer         Tony Hurran - Finance Director
Kedleston Group                                      Kedleston Group
Office 110, 1 Furzeground Way               Office 110, 1 Furzeground Way
Stockley Park                                           Stockley Park
Uxbridge                                                  Uxbridge
UB11 1BD                                                UB11 1BD
Tel No: 020 3823 3030                            Tel No: 020 3823 3030
This email address is being protected from spambots. You need JavaScript enabled to view it.                This email address is being protected from spambots. You need JavaScript enabled to view it.

Alternatively, you can make a complaint to the Information Commissioner’s Office at

Information Commissioner’s Office
Wycliffe House
Water Lane
Tel No: 0303 123 1113

On line concern reporting:



Here at Kedleston Group we recognise the importance of protecting your privacy. Please be assured that we follow a strict policy of not selling or trading any personal or sensitive information about our customers or prospective customers to any company, organisation or person outside of Wings School or our associated companies.

1. Personal Data and Data Protection

When you complete an online enquiry form we will retain the personal details that you give us ("the Data"). The Data is stored using appropriate safeguards to ensure security, integrity and privacy.

By entering your data in this site you will be deemed to have given us your permission to store the Data.

You are able to delete the Data from the site at any time by writing to us at: Kedleston Group Ltd. Office Suite One, Ansell Gardens, Holloway Lane, Harmondsworth, Middlesex, UB7 0AE

Email: This email address is being protected from spambots. You need JavaScript enabled to view it. Or call us on 020 3823 3030

2. Technical Data

We may collect technical data about the type of internet browser and computer operating system that you use. This information does not identify you as an individual and is used only for tracking of site use.

We might also place a "Cookie" on your hard drive that will help us to identify you when you return to the site and allow us to tailor content to your personal preferences. If you do not wish to use Cookies you may disable this option in your internet browser settings. Cookies can be removed from your computer.

3. Cookies

The Kedleston Group may set and access first-party Cookies on your computer. These Cookies are integral to the services provided by the website to you. These Cookies, that may be placed on your computer, are detailed in Schedule 1 to this Policy.

You can choose to enable or disable Cookies in your web browser. By default, your browser will accept Cookies, however this can be altered. For further details please consult or the help menu in your browser. Please remember that disabling Cookies may prevent you from using the full range of Services available on the website.

You may delete Cookies, however you may lose any information that enables you to access the website more quickly.

The website also uses the third-party Cookies detailed in Schedule 2 to this Policy for the purposes described therein. These Cookies are not integral to the services provided by the website to you and may be blocked at your choosing via your internet browser's privacy settings, should you choose. Please ensure that your internet browser is up-to-date and consult the help and guidance provided in your browser if you are unsure as to how to adjust your privacy settings.

Schedule 1: First-Party Cookies

Name of cookiePurpose
ASP.NET_SessionId The website makes use of a session cookie called ASP.NET_SessionID. This cookie is necessary for site functionality and is set even if you do not give your consent. It is held temporarily in memory and is deleted when the web browser is closed. This cookie contains no personally identifiable information.
simpleclick_config_consent On your first visit to our website you should have seen a message at the top of the screen notifying you about our use of cookies, and containing a link to this page for further information. This cookie is set if you continue to visit other pages of the website after seeing the message (this Policy page excluded). Its existence tells us that you have visited the website before and are happy for us to use Cookies.

Schedule 2: Third-Party Cookies

Name of cookiePurpose
Google Analytics cookies
__utma __utmb __utmc __utmz
Google Analytics give us information about visits to our website. This information does not contain any personal details and is completely anonymous. This information helps us greatly in knowing which areas of our website are most popular and where we need to make improvements. Google have a very strict privacy policy which means that neither Wings School, our web developers, or Google are able to identify any of your personal details.
How to reject or delete these cookies:

We use cookies to improve our website and your experience when using it. Cookies used for the essential operation of this site have already been set. Our cookies collect no personal data. To find out more about the cookies we use and how to delete them, see our privacy policy.

  I accept cookies from this site.
EU Cookie Directive plugin by