GDPR and Hungarian School London (HSL)

The new General Data Protection Regulation (GDPR) comes into effect on the 25th of May 2018. GDPR applies to organisations that store personal information about members of the public, including small charities such as Hungarian School London. Whilst we are generally in compliance with the principles of the regulation, there are certain adjustments we must make to our procedures, which are outlined below. HSL will target full compliance by the 25th of May 2018.

What information do we hold about members?

We hold the minimum information about members that we need to run the school  – basic contact details (name, address, telephone number(s) and email addresses). These contact details are required to keep in touch and inform members about events. 

We also hold information about the children’s date of birth and languages spoken, in order to facilitate allocation of classes and evaluate the educational requirements. 

Personal data previously requested that is not considered to be strictly needed for the operation of the school will be deleted. 

No bank details are held, except for teachers, organisers, or members when specifically requested in order to reimburse expenses, with the members’s explicit consent, and held privately by HSL Secretary or the Directors. 

Any details can be amended by contacting the HSL Secretary or the Directors.

Who has access to this information?

HSL Secretary, and the Directors may have access to contact details, which are stored privately either in hard copy in a secure location or in password protected electronic files. 

The teachers may also access information relevant to their classes. 

What do I have to do?

We require your explicit permission to allow us to continue to manage your personal data. An email has been circulated to all members to provide consent so that we can continue to store personal data in accordance with these principles. 

If any member do not respond or request us to delete personal information, HSL will automatically delete all personal data we hold from all identified databases. 

We believe that our current practices are compliant with GDPR, once we have taken the above steps to allow you to indicate your choices.