<img alt="" src="https://secure.smart-business-intuition.com/262380.png" style="display:none;">
Skip navigation

In order to comply with data laws these policies and procedures have been reviewed and updated to ensure they comply with UK GDPR and The Data Protection Act 2018 to ensure we uphold the highest standards of privacy and data protection:

  • Privacy Notice
  • Data Protection Policy and Procedures
  • Records Management Policy
  • Data Security Policy
  • Subject Access Request Procedure
  • Data Breach Reporting Procedures

Additional measures that we take are:

  • Client contracts include data protection and confidentiality clauses.
  • Due diligence is carried out to ensure all suppliers comply with data protection laws.
  • Staff training for GDPR and cyber security is carried out at employee induction and regular refresher sessions are provided for existing staff.
  • The use of data protection impact assessments and a privacy by design approach for new projects which involve the processing of personal data, are used throughout SAAF Education.

Here at SAAF Education, we take your privacy seriously. This notice is to confirm that SAAF Finance Ltd and SAAF Supply Ltd, trading as SAAF Education, hereafter referred to as SAAF, ensure that all data regarding employees, customers and visitors is collected, stored and processed in accordance with current data protection legislation which includes

  • The General Data Protection Regulation (UK GDPR), the Law Enforcement Directive (LED) and any applicable national implementing Laws as amended from time to time
  • The Data Protection Act 2018 (DPA) to the extent that it relates to the processing of personal data and privacy;

This policy applies to all data, regardless of whether it is in paper or electronic format.

Term Definition
Personal data Data from which a person can be identified, including data that, when combined with other readily available information, leads to a person being identified
Sensitive personal data Data such as:
  • Racial or ethnic origin
  • Political opinions
  • Religious beliefs, or beliefs of a similar nature
  • Where a person is a member of a trade union
  • Physical and mental health
  • Sexual orientation
  • Whether a person has committed or is alleged to have committed, an offence
  • Criminal convictions
Processing Obtaining, recording or holding data
Data subject The person whose personal data is held or processed
Data controller A person or organisation that determines the purposes for which, and the manner in which, personal data is processed
Data processor A person, other than an employee of the data controller, who processes the data on behalf of the data controller

SAAF processes personal information relating to staff and, therefore, is a data controller. The data controllers for SAAF are:

Andi Brown, Partner

Schools and Academies Finance Ltd and SAAF Supply Ltd

Unit 12 Churchill Park Private, Rd No 2


Su Johal, Partner

Schools and Academies Finance Ltd and SAAF Supply Ltd

Unit 12 Churchill Park Private, Rd No 2


The companies within SAAF are registered as data controllers with the Information Commissioner’s Office and renew their registration annually.

SAAF also processes data on behalf of our customers in order to provide services to them and are therefore also data processors.

SAAF is not required to have a Data Protection Officer in line with Article 37 of the GDPR.

There are a number of different reasons a company may collect and process personal data according to the law on data protection. The reasons can be:

If you have given clear consent for us to process your personal data. When we collect your data we will ensure that we only collect the data which is necessary to our services, and for the specific reasons, you have consented to.

For example, when you send us a contact form message and tick a box to subscribe to our blog notifications.

When we need to process important data in order to carry out services explained in a contract between an individual or business.

For example, if we need to contact you about a service that you already have a contract with us.

Legitimate interest
In specific circumstances, we may use your data to pursue our legitimate interests that would be reasonably expected as part of running a business and does not impact your rights, interests or freedom. The option to opt out of subscriptions and remove your data will always be presented.

We process data relating to those we employ to work at, or otherwise engage to work for SAAF. The purpose of processing this data is to assist in the operations of SAAF, including to:

  • Enable individuals to be paid
  • Facilitate safe recruitment
  • Support the effective performance management of staff
  • Improve the management of workforce data across the sector
  • Inform our recruitment and retention policies
  • Allow better financial modeling and planning
  • Enable ethnicity and disability monitoring
  • Support our safeguarding responsibilities enabling us to ensure all employees have a current enhanced DBS check

Staff personal data includes but is not limited to:

  • Contact details
  • National Insurance numbers
  • Salary information
  • Qualifications
  • Absence data
  • Personal characteristics, including ethnic groups
  • Medical information
  • Outcomes of any disciplinary procedures
  • Criminal Convictions
  • Driving license information
  • Passport information
  • Previous work history
  • Insurance details

We will only retain the data we collect for as long as is necessary to satisfy the purpose for which it has been collected.

We will not share information about staff with third parties without consent unless the law allows us to.

We are required, by law, to pass certain information about staff to specified external bodies, such as HMRC and pension authorities.

Any staff member wishing to see a copy of information about them that SAAF holds should contact the data controller.

We process data relating to our customers in order to provide a service to them. The purpose of processing this data is to assist in the operations of SAAF to include the following services: financial management consultancy, internal audits, financial health checks, finance helpdesk support, payroll bureau, supply and recruitment service and school improvement consultancy.

The data we process includes:

  • Employee contract data such as; monetary values (salaries), pay components, deductions.
  • Employee contact details, including, name, address, NI number, bank details, DOB
  • Employee gross pay and deductions totals 
  • Statutory payments (Maternity, Paternity, adoption etc)
  • Temporary payments (overtime, bonus etc)
  • Absence record
  • Attachment of Earning Order details
  • Third Party Deductions
  • Pension Scheme information
  • School/Establishments Name, Contact name, Business address, Telephone number etc.
  • School/Establishment bank account details
  • Invoices and expense forms
  • School/Establishment bank statements
  • Compliance and vetting documents including sensitive personal data such as; ethnic monitoring, gender, criminal records
  • Client school contact details
  • Teacher photos
  • Qualifications and work history
  • Pupil behaviour/progress reports for consultancy services including pupil name, school, DOB, assessment results

We will only retain the data we collect for as long as is necessary to satisfy the purpose for which it has been collected.

We will not share information about customers with third parties without consent unless the law allows us to.

Any data subject wishing to see a copy of the information about them that SAAF holds should contact the data controller.

SAAF may collect the following information:

  • Name and job title
  • Contact information including email address
  • Company name and address
  • Demographic information such as postcode, preferences and interests, IP address and other information relevant to customer surveys and/or offers

Here at SAAF we take your privacy seriously and will only use your personal information to administer your account and to provide the products and services you have requested from us.

For website users we require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

Internal record keeping.

We may use the information to improve our products and services.

We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided or we have obtained from your company website, edubase or other publicly available sources.

From time to time, we may also use the information you have provided, or which is publicly available, to contact you for market research purposes. We may contact you by email, phone, or mail. We may use the information to customise the website according to your interests.

We take the security of all the data we hold very seriously.  We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure. SAAF is working towards the ISO 27001 accreditation for information security management.

Some of the security measures currently in place include:

  • Where possible, all personal payroll data is transmitted via our secure online customer portal.
  • Our payroll software is held on a secure server with restricted access, protected by anti-virus and firewall.
  • All other data is stored online within secure UK datacentres.
  • All company laptops and memory sticks are encrypted.
  • Appropriate anti-virus software is kept up to date on all PC’s, Laptops and mobile devices.
  • All data is backed up regularly on secure servers in UK data centres.

This website uses cookies to better the users experience while visiting the website. Where applicable this website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their computer/device. This complies with recent legislation requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user’s computer/device.

Cookies are small files saved to the user’s computer’s hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.

Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.

This website uses tracking software to monitor its visitors to better understand how they use it. This software is provided by Google Analytics which uses cookies to track visitor usage. The software will save a cookie to your computer’s hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information. You can read Google’s privacy policy for further information.

Other cookies may be stored on your computer’s hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.

This website operates an email newsletter program, used to inform subscribers about products and services supplied by this website. Users can subscribe through an online automated process should they wish to do so but do so at their own discretion. Some subscriptions may be manually processed through prior written agreement with the user.

Subscriptions are taken in compliance with UK Spam Laws detailed in the Privacy and Electronic Communications Regulations 2003. All personal details relating to subscriptions are held securely and in accordance with the UK GDPR.

Email marketing campaigns published by this website or its owners may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity [this is not a comprehensive list].
This information is used to refine future email campaigns and supply the user with more relevant content based around their activity.

In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003 subscribers are given the opportunity to update their communication preferences or UN-subscribe at any time through an automated system. This process is detailed at the footer of each email campaign. If an automated un-subscription system is unavailable clear instructions on how to UN-subscribe will be detailed instead.

Although this website only looks to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text / banner / image links to other websites)

The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Adverts and Sponsored Links

This website may contain sponsored links and adverts. These will typically be served through our advertising partners, to whom may have detailed privacy policies relating directly to the adverts they serve.

Clicking on any such adverts will send you to the advertisers’ website through a referral program which may use cookies and will track the number of referrals sent from this website. This may include the use of cookies which may in turn be saved on your computer’s hard drive. Users should therefore note they click on sponsored external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.

Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.

This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.

Shortened Links in Social Media

This website and its owners through their social media platform accounts may share web links to relevant web pages. By default some social media platforms shorten lengthy urls [web addresses] (this is an example: https://bit.ly/2HxwnUt). 

Users are advised to take caution and good judgement before clicking any shortened urls published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine urls are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.

In order to carry out our services, SAAF must share personal data with some external companies e.g. software providers, government bodies etc. SAAF have carried out due diligence to ensure that all of our suppliers comply with the GDPR and DPA. Access to data we share is only available to those who need it and for the purposes that we have agreed when collecting that information. 

We share personal data with the following types of companies:

  • Banks
  • Payroll software provider
  • HMRC
  • CRM
  • Finance Software Providers
  • Ticket logging software
  • Website provider
  • Auditors
  • Email marketing providers
  • Pension providers
  • Local Authorities
  • HR providers

Data may be shared between the companies trading as SAAF Education Ltd, these include SAAF Supply Ltd and Schools and Academies Finance Ltd.

SAAF will only keep personal information for as long as it is needed to provide a service to you. If we no longer provide that service to you or your employer, we will delete the data securely.  

If data has become inaccurate or out of date, it will be corrected or disposed of securely. To dispose of records, we will shred or incinerate paper-based records, and override electronic files.

We may retain some forms of data after our contract has ended with you to comply with the law, e.g. payroll information must be kept for 6 years. After which time it will be disposed of securely.

Under the UK GDPR data subjects have a right to request access to information SAAF holds about them. This is known as a subject access request.

Subject access requests must be submitted in writing, either by letter or email. Requests should include:

  • The data subjects name
  • A correspondence address
  • A contact number and email address
  • Details about the information requested

Data relating to a subject access request will be provided within 30 days and will be free of charge.

To make a subject access request please contact the data controller.

If you find that data held about you is inaccurate or incomplete, please contact the data controller to arrange for this to be rectified.

All data subjects have the right to withdraw consent. If you would like to withdraw consent, please email the information below to info@saafeducation.org confirming what you would like to withdraw consent for. 



Telephone Number:

What would you like to withdraw consent for?

This means you can ask for us to delete your data completely. As long as we are not required to keep this data by law, it will be deleted from our records.

The only record we will retain is your notice to withdrawn consent. This will ensure that if your details are provided again we are aware not to process them.

You can request to block or restrict the processing of your personal data.  You must make a request verbally or in writing to the data controller. Restriction of personal data will usually be for one of the following reasons:

  • an individual contests the accuracy of the personal data, SAAF will restrict the processing until we have verified the accuracy of the personal data.
  • an individual has objected to the processing (where it was necessary for the performance of a public interest task or purpose of legitimate interests), and SAAF are considering whether our businesses legitimate grounds override those of the individual.
  • processing is unlawful and the individual opposes erasure and requests restriction instead.
  • SAAF no longer needs the personal data but the individual requires the data to be retained to allow them to establish, exercise or defend a legal claim.

All data subjects have the right to lodge a complaint with the Information Commissioner’s Office if you feel that your data is not being processed fairly.

This privacy notice will be reviewed annually by the Data  Controller.

Approved by: Su Johal, Director

Date: 20.04.21

Last review date: 25.05.20

Next review due: 25.05.22

Document Version: SAAF/GDPR/04