In order to comply with General Data Protection Requirements (GDPR) the following must be agreed.

Fig Tree International Limited confirms that nothing within our contract relieves the company of its own direct responsibilities under GDPR.

Fig Tree International Limited can, with permission, collect and process statistics (provided by each academy/school OR through MIS access at each academy/school) in order to assist with the school improvement work for each academy/school. Any contextual data will be specifically, name, year group, tutor group, if relevant house group, gender, SEN, FSM, PPG, LAC, EAL status and ethnicity. Given some of the contextual data is special category data, each academy/school confirms the data subject has been notified that the data may be shared with, and processed by, third parties through the relevant 

Privacy Notice.

The obligations of Fig Tree international Ltd and our clients are:

only act on written instructions from the data controller at any establishment

ensure that consultants processing the data are subject to a duty of confidence

take appropriate measures to ensure the security of processing

not use a sub processor without the prior written authorisation of the data controller at any establishment

assist any establishment in providing subject access and allowing data subjects to exercise their rights under the GDPR

assist any establishment in meeting their GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments

delete or return all personal data of any establishment at the end of the contract or dispose of data securely

submit to audits and inspections, provide any establishment with whatever information it needs to ensure we are both meeting obligations outlined in Article 28; and tell any establishment if we are asked to do something infringing the GDPR or other data protection law.

cooperate with supervisory authorities such as the ICO.