Privacy Notice

Who we are

The Society of Old Framlinghamians (SOF) is aware of its obligations under the General Data Protection Regulation (GDPR), effective 25th May 2018, and is committed to processing the data of pupils, former pupils, and Honorary members securely and transparently. This privacy notice sets out, in line with GDPR, the types of data that we hold on you, in any one of those categories. It also sets out how we use that information, how long we keep it, and other relevant information about your personal data.

This notice applies to current and former pupils of Framlingham College and Framlingham College Prep School (jointly “the College”), and to Honorary members of the SOF. Because the College is the SOF’s initial source of all pupil data, this notice should be cross-referred to the College’s
Privacy Notice.

The SOF’s objects are:

  1. to enable past members of the school to keep in touch with one another;
  2. to promote a bond of union between past and present members of Framlingham College
    to their mutual pleasure and advantage; and
  3. to promote the interests of the School in every possible way.

The SOF holds and processes personal data directly in support of these objects.

What this privacy notice is for

This policy is intended to provide information about how the SOF will use (or ‘process’) personal data about current and past pupils and honorary members of the Society.

This information is provided because GDPR, and associated UK law, gives individuals rights to

understand how their data is used. Parents, including carers or guardians (referred to jointly as “parents”), past and present pupils (“pupils”) and Honorary OFs are all encouraged to read this Privacy Notice and understand the Society’s obligations to its entire community.

This Privacy Notice applies alongside any other information the SOF may provide about a particular use of personal data, for example when collecting data via an online or paper form.

Responsibility for data protection

The SOF is a Data Controller, meaning that it determines the processes we employ when using your personal data. Our contact details are as follows: Society of Old Framlinghamians,
Framlingham College, College Road, Framlingham, Suffolk, IP13 9EY;
The SOF has appointed its President as its Compliance Officer (email:, to endeavour to ensure that all personal data is processed in compliance with this policy, the GDPR and Data Protection Law, and to oversee requests and
enquiries concerning the SOF’s uses of personal data.

Data protection principles

In relation to your personal data, we will:

  • process it fairly, lawfully and in a clear, transparent way
  • collect your data only for reasons that we find proper for the fulfilment of the SOF’s objects
  • only use it in the way that we have told you about
  • seek to ensure it is correct and up to date
  • process it in a way that ensures it will not be used for anything that you are not aware of or have consented to (as appropriate), lost or destroyed

Why the SOF needs to process personal data

The fulfilment of the SOF’s objects is supported by a range of activities. These include:

  • Communication, by electronic and print media, with an entire mailing-list or selected interest-groups, of news, reports, and forthcoming events.
  • Support for the organisation and management of social and sporting sections of the Society
  • Providing the means for former pupils and members of the SOF to make contact with other former pupils and members.

The legal basis for most of the SOF’s uses of personal data will be in accordance with the Society’s legitimate interests in the furtherance of its objects, provided that these are not outweighed by the impact on individuals. Some of this activity will be necessary to fulfil the Society’s legal rights, duties or obligations – including those under contract.

Types of personal data processed by the SOF

This will include, by way of example:

  • For current pupils: Full name, College registration number, gender, date of birth, school House, initial and current year-group, prior or current family members at the school
  • For pupils in years 12 and 13: the addition of a College-maintained personal email address
  • For alumni: on leaving, the addition of the parental address and the final year-group
  • Subsequently: Social, sporting and other group preferences, contact preferences and exclusions. The SOF’s database also provides for the recording of career path, social and sporting interests, university attended, and school career highlights

How the SOF collections data

The SOF receives its initial pupil personal data from the College, under the terms of its own Privacy Notice for Parents, Pupils and Alumni. The College operates a staged information process to parents and pupils which reflects the age of each pupil as that pupil progresses through the schools, and includes provision for the holding of alumni data when a pupil leaves. The SOF obtains personal data from its Honorary OFs when they confirm their willingness to take up their membership.

Personal data on alumni may subsequently be provided by third parties: a friend or relative may, for example, provide an email or postal address, or news about career or sporting interests.

Who has access to which personal data

Current pupils up to and including Year 11: Only the database administration team. Current pupils in Years 11 and 12, Alumni and Honorary OFs: The database administration team has full access to all personal data. Those members (and Provisional Members in the case of pupils in years 12 and 13) of the SOF who have provided proof of their identity, and completed a website registration process, can then (via a username and password process) update and amend or remove certain of their own data, and interrogate the database to look up limited personal data on those individuals who have not, either themselves or through the
administration team, made themselves ex-directory. The personal data of alumni under the age of eighteen is automatically rendered ex-directory by the database system.

With who does the SOF share personal data

The SOF will not generally disclose information unless the individual has given their consent, or one of the specific exemptions under the GDPR or Data Protection Act applies. However, the SOF will disclose such data as is necessary to its officers, or to third parties, for the following

  • To Framlingham College in support of promotional purposes, for example in marketing a College-sponsored event to a relevant age or geographic group of alumni.
  • To Framlingham College for fundraising and marketing in support of the College and its mission.
  • To Framlingham College for integration with its own mailing-list for the distribution of an annual magazine to, in particular, parents and alumni.
  • To the SOF’s supper, sporting and social secretaries directly in connection with their need to communicate with their groups. Some of the SOF’s supper secretaries are in foreign locations, with a supporters’ list largely resident in their location. The SOF database provides vital support to their endeavours, which requires the transfer of personal data across international borders from time to time.
  • Periodic returns to HMRC relating to those alumni who make donations to the SOF Charitable Trust, and have completed Gift Aid Declarations.


How long we keep personal data

The SOF database is, in addition to its active communications remit, a historical archive. To that end, a limited and reasonable amount of information will be kept permanently. Where you have requested that we no longer keep in touch with you, we will need to keep a record of the fact in order to fulfil your wishes (called a “suppression record”).

If you have any specific queries about how our retention policy is applied, or if you wish to request that personal data, which you believe to be no longer relevant, is considered for erasure, please contact the Compliance Officer. However, please bear in mind that the SOF may have lawful and necessary reasons to hold on to some personal data even following such a request.
Last Reviewed: 30th April 2021

Keeping in touch and support the SOF

The SOF will use the contact details of alumni and Honorary OFs to keep them informed about the activities of alumni and members, and of the school community through the sending of
newsletters, magazines or bulletins, by email or post. Unless an individual objects, the SOF will also:

  • Contact alumni by post and email in order to promote and raise funds for the SOF Charitable Trust or for the College;
  • Collect information from publicly available sources about former pupils’ occupation and activities, in order to offer more targeted invitations to them or to other alumni to participate in relevant opportunities that may arise, for example work experience for pupils or school-hosted business seminars.

Should you wish to limit or object to any such use, or would like further information about them, please contact the Compliance Officer in writing. You always have the right to withdraw consent, where given, or otherwise object to direct marketing or fundraising. However, the SOF is nonetheless likely to retain some of your details (not least to ensure that no more communications are sent to that particular address, email or telephone number).

Your rights

Rights of Access etc.
Individuals have various rights, under GDPR and Data Protection Law, to access and understand data about them held by the SOF, and if they are not able to access their database
entry themselves – to ask for it to be amended or erased, or for the SOF to stop processing it in one, or more, or all ways – but subject to certain exemptions and limitations.

Any individual wishing to know what data the SOF holds about them on its systems, or who wishes to amend their personal data but is unable to access it directly through the website’s registration system, or who has some other objection to how their personal data is used, should put their request in writing to the Compliance Officer.

The SOF will endeavour to respond to any such written request as soon as is reasonably practicable, and in any event within statutory time-limits (which is one month in the case of
requests for access to information).

The SOF will be better able to respond quickly to smaller, targeted requests for information.

Requests That Cannot be Fulfilled.
You should be aware that the right of access is limited to your own personal data, and that certain data is exempt from the right of access. This will include information which identifies
other individuals.

You may have heard of the “right to be forgotten”. However, we will sometimes have compelling reasons to refuse specific requests to amend, delete or stop processing your personal
data: for example, where it falls within a legitimate interest identified in this Privacy Notice. All such requests will be considered on their own merits.

The SOF relies on the College and its age-appropriate process for the initial transfer of pupil and alumni data to its systems. Please refer to the College’s Privacy Notice. In fulfilment of its objects, the SOF subsequently gathers personal information about alumni and its Honorary OFs, both from those individuals and from third-party sources, and does not rely on consent but on
other lawful reasons to hold and process that data even without their consent. That reason will usually have been asserted under this Privacy Notice, or may otherwise exist under some form of
contract or agreement with the individual.

Whose Rights?
The rights under Data Protection Law belong to the individual to whom the data relates.

Data accuracy and security

The SOF will endeavour to ensure that all personal data, held in relation to an individual, is as up to date and accurate as possible. However, in doing so, it is largely dependent on alumni and Honorary OFs to either update their own information, or to provide its administration team, or the Compliance Officer, with updates to their contact and biographical details.

An individual has the right to request that any out-of-date, irrelevant or inaccurate information about them is erased or corrected (subject to certain exemptions and limitations under Data Protection Law). See above for details of why the SOF may need to process your data, and who you may contact if you disagree.

The SOF will take appropriate technical and organisational steps to ensure the security of personal data about individuals, including policies around use of technology and devices, and access to our systems.