AEPA Privacy Policy

This privacy notice explains what to expect when AEPA collects your personal information.

In this notice, “the Legislation” means (i) unless and until the GDPR is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (ii) any successor legislation to the GDPR or the Data Protection Act 1998.
In this notice AEPA is the Data Controller as defined by the Legislation. This means that we are responsible for deciding how we hold and use personal information about you. We are required under the Legislation to notify you of the information contained in this privacy notice. We may change this statement from time to time to reflect privacy or security updates. We encourage you to periodically review this page for the latest information.

We hold personal information securely at all times and any personal information provided to us will only be used for the purposes of carrying out our services. All the personal information that we hold about you is protected under the Data Protection Act 2018.

We are committed to protecting your privacy when you use our services. We have commissioned AEPA as our Data Protection Officer who makes sure we respect your rights and are compliant with the Legislation. If you have any concerns or questions about how we look after your personal information or wish to exercise your Data Protection rights please contact us.

Data Protection Act 2018

The Data Protection Act is the legal framework that ensures your personal information is used fairly and lawfully.

By law, all organisations that hold information about you must follow the six principles set out in the Act. These principles make sure your rights are protected and state that all information must:

be used fairly and lawfully and in a transparent manner
be obtained for valid purposes that we have explained to you and not used in a way that is incompatible with those purposes
be relevant to the purposes we have told you about and limited only to those purposes
be accurate and kept up to date
kept only as long as necessary for the purposes which we have told you about
be kept secure

Your data protection rights

You have the right to be informed about the collection and use of your personal data; including why we process personal data, how long we will keep it and who it will be shared with.
You have the right to access your personal data so that you can be aware of and verify the lawfulness of the processing.
You have the right not to be subject to automated decision-making and to be informed about such decision-making. (HEP does not use technology to make automated decisions about individuals.)
You have the right to have inaccurate information corrected.
You have the right to object to processing, to the erasure of information, to restrict processing, and right to data portability.[For more detailed information about the personal information that we hold and how we use it, please see our Record of Processing Activities.]

Data sharing

We may have to share your data with third parties, including third-party service providers and other organisations. We will only share your information where it is necessary to deliver our services; unless the law requires us to share the information. We will never share your information with third parties for commercial or marketing purposes.

In particular, we may share your data with organisations including, but not limited to, the following:

the Local Authority
the Department for Education
the Education & Skills Funding Agency
the Disclosure and Barring Service
the Teaching Regulation Agency
the Teachers’ Pension Service
the Local Government Pension Scheme which is administered by London Borough of Haringey
our external HR provider which is administered by London Borough of Islington
our external payroll provider which is administered by London Borough of Islington
Our IT Provider
the Police or other law enforcement agencies
We require third parties to respect the security of your data and to treat it in accordance with the law. Some of the organisations referred to above are joint data controllers. This means we are all responsible to you for how we process your data?

Why might we share your personal information with third parties?

We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you, where it is needed in the public interest or for official purposes, or where we have your consent.

Which third-party service providers process your personal information?

“Third parties” includes third-party service providers (including contractors and designated agents). [The following activities are carried out by third-party service providers: [payroll, pension administration, benefits provision and administration, IT services]

All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

From time to time, we may disclose your personal data in response to a request for information pursuant to the Freedom of Information Act 2000 or following a data subject access request. We may approach you for your consent but, in any event, we will only disclose your personal data if we are satisfied that it is reasonable to do so in all the circumstances. This means that we may refuse to disclose some or all of your personal data following receipt of such a request.


Cookies are small anonymous text files that are placed on your computer by websites that you visit. To find out more about cookies, including how to see what cookies have been set out and how to manage and delete them, visit the Information Commissioner’s Office (external link) website.

AEPA is committed to only using cookies that are either essential (i.e. they are required to make something work) or that help us to make your experience of using the website better.

The right to complain
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, about the way in which we process (or have processed) your personal data. The ICO can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Tel: 0303 123 1113