The Data Protection Act 1998 requires every Data Controller who is processing personal data to notify unless they are exempt. Failure to notify is a criminal offence. Education 4 Everyone notifies each year for the following purposes:

• Staff administration
• Advertising, marketing, and public relations
• Accounts and records
• Advertising, marketing, and public relations for others
• Consultancy and advisory services
• Education
• Information and databank administration
• Journalism and media
• Legal services
• Realising the objectives of the company
• Research
• Trading/sharing in personal information

If Education 4 Everyone needs to collect data for any purpose not stated above, we should notify the Information Commissioner before collecting that data.

Eight Data Protection Principles
Whenever collecting information about people Education 4 Everyone agrees to apply the Eight Data Protection Principles:

1. Personal data should be processed fairly and lawfully
2. Personal data should be obtained only for the purpose specified
3. Data should be adequate, relevant, and not excessive for the purposes required
4. Accurate and kept up to date
5. Data should not be kept for longer than is necessary for purpose
6. Data processed in accordance with the rights of data subjects under this act
7. Security: appropriate technical and organisational measures should be taken to prevent unauthorised or unlawful processing of personal data and against accidental loss or destruction or damage to personal data.
8. Personal data shall not be transferred outside the EEA unless that country or territory ensures an adequate level of data protection.

Security Statement
Education 4 Everyone has taken measures to guard against unauthorised or unlawful processing of personal data and against accidental loss, destruction, or damage.

This includes:
• Adopting an information security policy (this document is our policy)
• Taking steps to control physical security
• Putting in place controls on access to information (password protection on files; computer and server access)
• Establishing a business continuity / disaster recovery plan (Education 4 Everyone takes regular back-ups of its computer data files and this is stored away from the office at a safe location)
• Training all staff on security systems and procedures
• Detecting and investigating breaches of security should they occur