We take the privacy of your personal data seriously.

Depending on how you choose to interact with us, we gather different types of personal data about you and for different purposes. For this reason, we have two Privacy Notices.

Privacy Notice – clients, potential clients, iGNIS members and other website visitors

Privacy Notice – candidates, sources, referees and participants ↓

Privacy Notice - clients, potential clients, iGNIS members and other website visitors

01.Introduction

This notice, provided by RSAcademics Ltd (referred to as “RSAcademics”, “we” or “us”), has been published to advise individuals outside our organisation with whom we interact, including (but not limited to) Clients, potential Clients, iGNIS members and visitors to our website, how RSAcademics collects, uses, discloses and manages your data.

RSAcademics is a market-leading consultancy working with schools across the world. We provide a variety of services to our Clients and other parties, including, but not limited to: leadership appointments, market research, strategy and marketing planning, fundraising, governance and compliance consultancy and leadership development.

Our registered company number is 4325816 and registered address is Reedham House, 31 King Street West, Manchester M3 2PJ.

For the purposes of this notice, RSAcademics is the Data Controller.

02.Definitions

Client – means a client of RSAcademics.

Data Controller – means the body that determines the purposes for which and the manner in which any personal data are, or are to be, processed.

Data Processor – means any person or entity (other than RSAcademics Personnel) who processes personal data on our behalf.

Personal Data – means any information relating to an identified or identifiable natural person.

Personnel – means any current, former or prospective employee, consultant, temporary worker, intern, other non-permanent employee, contractor or other personnel.

Processing, Process – in relation to Personal Data means the obtaining, recording, adapting, structuring, retrieving, disclosing, using, transmitting, disseminating or otherwise making available or erasure and destruction of the data, whether or not by automated means.

Special Categories of Personal Data – means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and data concerning health or a person’s sex life or sexual orientation.

03.How do we collect information about you?

In the course of our interaction with you we may collect Personal Data about you. Your Personal Data is provided to us in a number of different ways, including:

  • from our Clients who have a relationship with you and have provided us with your details (e.g. to enable us to conduct market research on their behalf)
  • directly from you when you provide it to us (for example when you interact with us on our website, correspond with us by mail, phone, email or when you send us your CV or submit an application form in relation to a Client opportunity or a vacancy with RSAcademics, or voluntarily participate in a market research project we are handling on behalf of a Client)
  • from the public domain, including via social media and networking platforms such as LinkedIn (insofar as you choose to make your profiles publicly visible)
  • from third parties who provide it to us (for example referees, Sources, other employers and law enforcement agencies)

Creation of personal data – to fulfil our obligations to you and our Clients, we may also create Personal Data about you, such as notes from any interviews you attend or qualitative or quantitative market research surveys you participate in.

Data you may provide about others – during our interactions with you, you may provide us with Personal Data about other people (for example, you may act as a Source or referee and provide information and opinions on a Candidate or Participant). In these instances, we rely on you to ensure that you have a lawful basis for providing such Personal Data to us.

04.What type of information is collected about you?

We only collect Personal Data relevant to the type of transactions you have with RSAcademics.

The categories of Personal Data about you that we may Process include:

  • personal information: title, surname, forename(s), preferred name
  • contact details: work address, telephone numbers (work, mobile), work e-mail addresses, LinkedIn profile, Twitter/X username
  • employment history: current job title and organisation, previous positions held

05.How is your personal data used?

Depending on your interaction with us, the purposes for which your Personal Data may be Processed may include:

  • providing our services to you – including communicating by phone, text message, letter, email and website forms or by attending meetings with you; and otherwise communicating with you in order to deliver our services
  • marketing communications – informing you about news items, RSAcademics services as well as those of our trusted partners, career opportunities, events and training courses that you may be interested in via email, telephone, letter, text message, social media, or in person
  • management of our business – operation and management of our website, communication and IT systems, financial and sales processes record-keeping for health & safety purposes and compliance with our legal obligations, aggregated statistical analysis (we make every effort to ensure no Personal Data is disclosed in the latter)
  • improving our business – consulting you via email, telephone, online survey, social media, or in person to obtain your views on relevant topics such as improvements to existing services and potential new services
  • thought leadership – seeking your views or comments by phone, letter, email, surveys, website forms or by attending meetings with you for the purposes of thought leadership research

All Processing is subject to the applicable law as explained in clause 6.

You have the right to object to this processing if you wish, by emailing dp@rsacademics.co.uk. Please bear in mind that if you object this may affect our ability to carry out tasks above for your benefit.

06.What is the lawful basis for processing your personal data?

When we collect and Process your personal information in connection with the purposes set out in this privacy notice, we will ensure this is only done in accordance with at least one of the legal grounds available to us under data protection law:

  • contract – the Processing is necessary for us to comply with our contractual obligations with you as our Client
  • consent – we have obtained your explicit consent
  • legal obligation – the Processing is required by applicable law
  • vital interests – the Processing is necessary to protect the vital interests of any individual
  • legitimate interest – we have a legitimate interest in carrying out the Processing. Where we rely on this legal basis, our legitimate interests are:
    • the provision of services to you as our Clients
    • the operation and management of our business
    • the promotion of our business
    • the publication of thought leadership research

We do not collect any Special Categories of Personal Data on our Clients.

07.Who will we share your personal data with?

We take technical and organisational steps to ensure that your Personal Data is only shared with Personnel who need to have access to it for the performance of their role. We will also share your data with our Clients for the purposes of providing our services to them.

Other scenarios in which we may have to disclose personal data to a third party are limited to:

  • accountants, auditors, lawyers and other outside professional advisors – subject to binding contractual obligations of confidentiality;
  • third party Processors – such as the IT software or online platforms that we use in delivering our services, or providers of  background checking services. These may be located anywhere in the world, subject to binding obligations explained below
  • legal and regulatory authorities – upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
  • any relevant party, law enforcement agency or court – to the extent necessary for the establishment, exercise or defence of legal rights;
  • any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security
  • any relevant party in the event where some or all of our assets are acquired by a third party
  • plugins – our website may use third party plugins or content (e.g. Facebook, Twitter, and LinkedIn). If you choose to interact with any such plugins or content, your Personal Data may be shared with the relevant third party

If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to only Process the Personal Data in accordance with our written instructions and take all reasonable measures to protect the confidentiality and security of your Personal Data.

Should a third-party Processor be located outside the EEA, we’ll only make a transfer data if adequate levels of protection are in place to protect any information held in that country, or the local service provider complies with applicable privacy laws at all times.

We will not sell or rent your information to third parties. 

08.How long do we keep your personal data?

We keep your personal data for as long as necessary to provide our services and to fulfil our legal, tax or accounting responsibilities.

You may withdraw your permission at any time by contacting dp@rsacademics.co.uk.

09.Transferring your information outside of Europe

We regularly work with Clients and Personnel permanently or temporarily located in countries outside the European Economic Area (“EEA“). For this reason, we may transfer your Personal Data to a country outside the EEA when it is necessary for the performance of a contract and with your consent.

10.What else do I need to know?

  • data accuracy – we will endeavour to keep your Personal Data accurate and up-to-date. We rely on you to keep us informed of any changes, or if you find any errors in the Personal Data we hold for you, let us know and we will make the necessary corrections as is soon as reasonably possible and make sure they are conveyed to anyone we may have misinformed
  • data security – we have taken appropriate organisational and technical measures to protect your Personal Data from unlawful or unauthorised processing, and against the accidental loss of, alteration or damage to, Personal Data stored by us from collection through to destruction. You are responsible for ensuring that any Personal Data you send to us, is done so securely
  • your legal rights are as follows:
    • the right to ask for request access to or a copy of the Personal Data controlled or Processed by us
    • the right to restrict or object to our Processing activities of your Personal Data that we control
    • the right to request erasure of Personal Data that we control
    • the right to request rectification of any inaccuracies in your Personal Data
    • the right to port your Personal Data to another Controller, where applicable
    • the right to withdraw your Consent, where we control your Personal data on that basis

We keep lists of people who have objected to Processing or asked for further use of their Personal Data to be restricted or erased, to make sure the restriction is respected in future.

To exercise any of these rights, make your request by emailing dp@rsacademics.co.uk. In some cases (if your request is particularly complex or repetitive) we may charge you a fee to cover our administrative costs

You also have the right to lodge a complaint regarding the processing of your Personal Data with a supervisory authority such as the Information Commissioner’s Office https://ico.org.uk/concerns/. This does not affect your statutory rights.

11.Use of 'cookies'

Like many other websites, the RSAcademics website uses cookies. ‘Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual.

You can disable any cookies already stored on your computer, but these may stop our website from functioning properly. Click here for information on how to disable cookies.

12.Review of this Notice

We keep this notice under regular review. It was last updated in February 2025. Should we make any significant amends we will flag this on the home page on our website and/or contact you by email to inform you. Please check this page occasionally to ensure that you’re happy with any changes.

Any questions regarding this notice and our privacy practices should be sent by email to dp@rsacademics.co.uk.

Privacy Notice – candidates, sources, referees & participants

01.Introduction

This notice, provided by RSAcademics Ltd (referred to as “RSAcademics”, “we”, “us” or “ourselves”), has been published to advise Candidates, Sources, Participants and Research Respondents with whom we interact, how RSAcademics collects, uses, discloses and manages your data.

RSAcademics is a market-leading consultancy working with schools across the world. We provide a variety of services to our Clients and other parties, including, but not limited to: leadership appointments, market research, strategy and marketing planning, fundraising, governance and compliance consultancy and Leadership Development.

Our registered company number is 4325816 and registered address is Reedham House, 31 King Street West, Manchester M3 2PJ.

For the purposes of this notice, RSAcademics is the data controller. Where RSAcademics is acting as a joint data controller with a client organisation, the details of both parties will be made available.

02.Definitions

Candidate – means an individual identified as being potentially suitable for an appointment we are handling on behalf of a Client or ourselves

Client – means a client of RSAcademics to which a Candidate is introduced by RSAcademics

Leadership Development – means any Leadership Development service offered by RSAcademics, such as personality testing, coaching, appraisals, succession planning, transition management, team effectiveness and management audits. These services are provided to our Clients for the purposes of assessing and developing the performance and/or leadership potential of either its own Personnel or other individuals selected by the Client

Data Controller – means the body that determines the purposes for which and the manner in which any personal data are, or are to be, processed

Data Processor – means any person or entity (other than RSAcademics Personnel) who processes personal data on our behalf

Participant – an individual involved in a Leadership Development service

Personal Data – means any information relating to an identified or identifiable natural person

Personnel – means any current, former or prospective employee, consultant, temporary worker, intern, other non-permanent employee, contractor or other personnel

Processing, Process – in relation to Personal Data means the obtaining, recording, adapting, structuring, retrieving, disclosing, using, transmitting, disseminating or otherwise making available or erasure and destruction of the data, whether or not by automated means

Research Respondents – means an individual participating in market research studies

Special Categories of Personal Data – means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and data concerning health or a person’s sex life or sexual orientation

Source – means any person that provides information, including opinions, on the skills and qualities of a Candidate or their suitability for a specific role or type of type of role

03.How do we collect information about you?

In the course of our interaction with you we may collect Personal Data about you. Your Personal Data is provided to us in a number of different ways, including:

  • from our Clients who have a relationship with you and have provided us with your details (e.g. to enable us to conduct market research on their behalf)
  • directly from you when you provide it to us (for example when you correspond with us by mail, phone, email or when you send us your CV or submit an application form in relation to a Client opportunity or a vacancy with RSAcademics, or voluntarily participate in a market research project we are handling on behalf of a Client)
  • from the public domain, including via social media and networking platforms such as LinkedIn (insofar as you choose to make your profiles publicly visible)
  • from third parties who provide it to us (for example referees, Sources, other employers, contractors who carry out online searches and due diligence on our behalf and law enforcement agencies)

Creation of personal data – to fulfil our obligations to you and our Clients, we may also create Personal Data about you, such as notes from any interviews you attend or qualitative or quantitative market research surveys you participate in.

Data you may provide about others – during our interactions with you, you may provide us with Personal Data about other people (for example, you may act as a Source or referee and provide information and opinions on a Candidate or Participant). In these instances, we rely on you to ensure that you have a lawful basis for providing such Personal Data to us.

04.What type of information is collected about you?

We only collect Personal Data relevant to the type of transactions you have with RSAcademics.

Candidates, Sources, Referees and Participants

We will initially collect basic information on you such as contact details, job role and experience. If you express an interest in a specific Client or RSAcademics opportunity then we will collect further information from you during your conversations with us. If you apply and are then selected to go through to the next stage, we will then be collecting more information and onwards in that manner.

Information collected for specific roles will be retained so that we can consider you for future roles unless you have indicated a preference otherwise.   

You can change your mind at any time by emailing dp@rsacademics.com 

The categories of Personal Data about you that we may Process include:

  • personal information: title, surname, forename(s), preferred name, previous surname(s), gender; date of birth, nationality; job title; employer details; department; salary and package; NI number, DfE number, details of any restrictions on working in specified country, passport number (where applicable), visa number (where applicable); work authorisation number (where applicable), driving licence no. (where applicable)
  • contact details: home address, work address, telephone numbers (home, work, mobile), e-mail addresses (personal, work), Skype address, LinkedIn and other social media profiles
  • education and qualifications: schools and dates attended, universities and other higher education institutions and dates attended, qualifications and grades
  • employment records: dates of employment, job titles, locations and descriptions of current and previous positions held; details of current and previous employers; reasons for leaving each employment, gaps in employment, details of any employment disciplinary issues or incidents
  • referees: name and contact details of any referees you may provide, explanation of the relationship that you may have and how long you have known each referee
  • Special Categories of Personal Data: (only where relevant to delivering our leadership appointments services to you and our clients, and only with explicit consent): disabilities (so that reasonable adjustments can be made during the selection process),sexual orientation, religious beliefs, ethnicity, family circumstances, health.
  • personality testing: with your explicit consent we may process psychometric assessments, psychological tests, or results from such assessments or tests as part of the selection process
  • background checks: information revealed by background checks undertaken in accordance with applicable law and subject to your express written consent, including details of past employments, details of residence, credit reference information, and criminal records checks
  • Media Searches: as advised in Keeping Children Safe in Education, RSAcademics may seek further information about you from other sources such as a media search. These searches may be conducted by a specialist third-party
  • your opinions: your views on Candidates and Participants where applicable

Research Respondents

Our client will provide us with basic information on you such as your name and contact details and any other information directly relevant to their relationship with you. During the research you may provide us with additional Personal Data.

The categories of Personal Data about you that we may Process include:

  • personal information: title, surname, forename(s), preferred name, relationship to Client (e.g. parent), name and year group of children
  • contact details: home address, work address, telephone numbers (home, work, mobile), e-mail addresses (personal, work)
  • your opinions: your views in relation to the market research project you are participating in
  • Special Categories of Personal Data: only where you have voluntarily provided this information to us

05.How is your personal data used?

Depending on your interaction with us, the purposes for which your Personal Data may be Processed may include:

Candidates, Sources and Participants

  • providing our leadership appointment, training, succession planning, transition management and Leadership Development services to you – including communicating by phone, text message, letter, email and website forms or by attending meetings with you; and otherwise communicating with you in order to deliver the above services
  • providing leadership appointment, succession planning, transition management and Leadership Development services to our Clients – including communicating by phone, text message, letter, email and website forms or by attending meetings with them; and otherwise communicating with them in order to deliver the above services
  • mapping the market – conducting research to enable clients to understand the market. Any personal data we collect will not be passed to Clients without your consent
  • marketing communications – informing you about news items, career opportunities and other RSAcademics services, as well as those of our trusted partners, events and training courses that you or your current employer may be interested in via email, telephone, letter, text message, social media, or in person
  • management of our business – operation and management of our website, communication and IT systems, financial and sales processes record-keeping for health & safety purposes and compliance with our legal obligations, aggregated statistical analysis (we make every effort to ensure no Personal Data is disclosed in the latter)
  • improving our business – consulting you via email, telephone, online survey, social media, or in person to obtain your views on relevant topics such as improvements to existing services and potential new services
  • thought leadership – seeking your views or comments by phone, letter, email, surveys, website forms or by attending meetings with you for the purposes of thought leadership research

Research Respondents

  • undertaking market research services on behalf of our Clients – including communicating by phone, video conference, meeting, text message, letter, email and website forms
  • reporting back our findings – survey reports will usually be provided to Clients in an anonymised format. If the client wishes to see personal data that we have collected during the survey, we will ask for specific consent for this at the end of the survey
  • aggregating data to identify trends and generate benchmarks – anonymised market research survey responses and data will be kept for the purposes of analysing trends necessary for us to gain useful insights from that data for RSAcademics’ own purposes

Co-operation in market research surveys is voluntary at all times regardless of what the survey is about or who our client is. You are entitled at any stage to ask that your personal data, or part or all of the record of your survey responses, be destroyed or deleted and we will carry out such a request. This can be requested during the interview itself or afterwards.

All Processing is subject to the applicable law as explained in clause 6.

You have the right to object to this processing if you wish, by emailing dp@rsacademics.co.uk. Please bear in mind that if you object this may affect our ability to carry out tasks above for your benefit.

06.What is the lawful basis for processing your personal data?

When we collect and Process your personal information in connection with the purposes set out in this privacy notice, we will ensure this is only done in accordance with at least one of the legal grounds available to us under data protection law:

  • legitimate interest – we have a legitimate interest in carrying out the Processing. Where we rely on this legal basis, our legitimate interests are:
    • the provision of services to you and our Clients (such as finding potential candidates and assessing suitability for potential roles or market research with parents)
    • the operation and management of our business
    • the promotion of our business
    • the publication of thought leadership research
  • consent – we have obtained your explicit consent (such as when you allow us to process special category data for current or future job applications or where we wish to undertake market research on a sensitive topic)
  • contract – the Processing is necessary for us to comply with our contractual obligations with you or our Client
  • legal obligation – the Processing is required by applicable law
  • vital interests – the Processing is necessary to protect the vital interests of any individual

We only collect or Process Special Categories of Personal Data when:

  • we have obtained your explicit consent (as above, this legal basis is not applicable for Processing that is necessary or obligatory in any way)
  • the Processing is required by applicable law
  • the Processing is necessary for the detection or prevention of crime
  • the Processing is necessary for the establishment, exercise or defence of legal rights

07.Who will we share your personal data with?

We take technical and organisational steps to ensure that your Personal Data is only shared with Personnel who need to have access to it for the performance of their role. We will also share your data with our Clients for the purposes of providing our services to them.

Other scenarios in which we may have to disclose personal data to a third party are limited to:

  • accountants, auditors, lawyers and other outside professional advisors – subject to binding contractual obligations of confidentiality;
  • third party Processors – such as the IT software or online platforms that we use in delivering our services, or providers of background or online checking services. These may be located anywhere in the world, subject to binding obligations explained below
  • legal and regulatory authorities – upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
  • any relevant party, law enforcement agency or court – to the extent necessary for the establishment, exercise or defence of legal rights;
  • any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security
  • any relevant party in the event where some or all of our assets are acquired by a third party
  • plugins – our website may use third party plugins or content (e.g. Facebook, Twitter, and LinkedIn). If you choose to interact with any such plugins or content, your Personal Data may be shared with the relevant third party

If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to only Process the Personal Data in accordance with our written instructions and take all reasonable measures to protect the confidentiality and security of your Personal Data.

Should a third-party Processor be located outside the EEA, we’ll only make a transfer data if adequate levels of protection are in place to protect any information held in that country, or the local service provider complies with applicable privacy laws at all times.

We will not sell or rent your information to third parties. 

08.Information about Criminal Convictions: Candidates

Where we are recruiting for a role which is eligible for an enhanced DBS check, we will  ask you to provide information about your suitability to work with children by completing a self-declaration form should you reach the shortlist. In this form you will be required to provide details of all spent and unspent convictions and cautions which are not filtered in accordance with DBS filtering rules.

We will share this information with the relevant Client so that they can assess it with reference to their recruitment policies, including their policy on the recruitment of ex-offenders.  Any criminal records information that is disclosed will be handled in accordance with any guidance and/or code of practice published by the DBS.

Roles are eligible for an enhanced DBS check if they are listed in the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 and specified in the Police Act 1997 (Criminal Records) Regulations. Enhanced DBS checks will be carried out by our Client, not by RSAcademics.

09.How long do we keep your personal data?

We keep your personal data for as long as necessary to provide our services and to fulfil our legal, tax or accounting responsibilities.

You may withdraw your permission at any time by contacting dp@rsacademics.co.uk.

10.Transferring your information outside of Europe

  • We regularly work with Clients and Personnel permanently or temporarily located in countries outside the European Economic Area (“EEA“). For this reason, we may transfer your Personal Data to a country outside the EEA when it is necessary for the performance of a contract and with your consent.

11.What else do I need to know?

  • data accuracy – we will endeavour to keep your Personal Data accurate and up-to-date. We rely on you to keep us informed of any changes, or if you find any errors in the Personal Data we hold for you, let us know and we will make the necessary corrections as is soon as reasonably possible and make sure they are conveyed to anyone we may have misinformed
  • data security – we have taken appropriate organisational and technical measures to protect your Personal Data from unlawful or unauthorised processing, and against the accidental loss of, alteration or damage to, Personal Data stored by us from collection through to destruction. You are responsible for ensuring that any Personal Data you send to us, is done so securely
  • your legal rights are as follows:
    • the right to request access to or a copy of the Personal Data controlled or Processed by us
    • the right to restrict or object to our Processing activities of your Personal Data that we control
    • the right to request erasure of Personal Data that we control
    • the right to request rectification of any inaccuracies in your Personal Data
    • the right to port your Personal Data to another Controller, where applicable
    • the right to withdraw your Consent, where we control your Personal data on that basis

We keep lists of people who have objected to Processing or asked for further use of their Personal Data to be restricted or erased, to make sure the restriction is respected in future.

To exercise any of these rights, make your request by emailing dp@rsacademics.co.uk. In some cases (if your request is particularly complex or repetitive) we may charge you a fee to cover our administrative costs

You also have the right to lodge a complaint regarding the processing of your Personal Data with a supervisory authority such as the Information Commissioner’s Office https://ico.org.uk/concerns/. This does not affect your statutory rights.

12.Use of 'cookies'

Like many other websites, the RSAcademics website uses cookies. ‘Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual.

You can disable any cookies already stored on your computer, but these may stop our website from functioning properly. Click here for information on how to disable cookies.

13.Review of this Notice

We keep this notice under regular review. It was last updated in February 2025. Should we make any significant amends we will flag this on the homepage of our website and/or contact you by email to inform you. Please check this page occasionally to ensure that you’re happy with any changes.

Any questions regarding this notice and our privacy practices should be sent by email to dp@rsacademics.co.uk.

If you have any questions about either of these notices

Email us at dp@rsacademics.com