Privacy Notice
This policy meets the requirements of the Data Protection Act 2018, and is based on guidance published by the Information Commissioner’s Office and model privacy notices published by the Department for Education.
It also takes into account the provisions of the General Data Protection Regulation.
In addition, this policy complies with regulation 5 of the Education (Pupil Information) (England) Regulations 2005, which gives parents the right of access to their child’s educational record.
This policy complies with our funding agreement and articles of association.
Definitions
Term |
Definition |
Personal data |
Data from which a person can be identified, including data that, when combined with other readily available information, leads to a person being identified |
Sensitive personal data |
Data such as:
|
Processing |
Obtaining, recording or holding data |
Data subject |
The person whose personal data is held or processed |
Data controller |
A person or organization that determines the purposes for which, and the manner in which, personal data is processed |
Data processor |
A person, other than an employee of the data controller, who processes the data on behalf of the data controller |
The data controller
Our school processes personal information relating to pupils, staff and visitors, and, therefore, is a data controller. Our school delegates the responsibility of data controller to the Data protection officer.
The school is registered as a data controller with the Information Commissioner’s Office and renews this registration annually.
Data protection principles
The Data Protection Act 2018 is based on the following data protection principles, or rules for good data handling:
-
Data shall be processed fairly and lawfully
-
Personal data shall be obtained only for one or more specified and lawful purposes
-
Personal data shall be relevant and not excessive in relation to the purpose(s) for which it is processed
-
Personal data shall be accurate and, where necessary, kept up to date
-
Personal data shall not be kept for longer than is necessary for the purpose(s) for which it is processed
-
Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act 1998
-
Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data, and against accidental loss or destruction of, or damage to, personal data
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless the country or territory ensures an adequate level of protection for the rights and freedoms of data in relation to the processing of personal data
Roles and responsibilities
The governing board has overall responsibility for ensuring that the school complies with its obligations under the Data Protection Act 2018.
Day-to-day responsibilities rest with the head teacher, or the Business manager in the head teacher’s absence. The head teacher will ensure that all staff are aware of their data protection obligations, and oversee any queries related to the storing or processing of personal data.
Staff are responsible for ensuring that they collect and store any personal data in accordance with this policy. Staff must also inform the school of any changes to their personal data, such as a change of address.
Privacy/fair processing notice
Pupils and parents
We hold personal data about pupils to support teaching and learning, to provide pastoral care and to assess how the school is performing. We may also receive data about pupils from other organizations including, but not limited to, other schools, local authorities and the Department for Education.
This data includes, but is not restricted to:
-
Contact details
-
Results of internal assessment and externally set tests
-
Data on pupil characteristics, such as ethnic group or special educational needs
-
Exclusion information
- Details of any medical conditions
We will only retain the data we collect for as long as is necessary to satisfy the purpose for which it has been collected.
We will not share information about pupils with anyone without consent unless the law and our policies allow us to do so. Individuals who wish to receive a copy of the information that we hold about them/their child should refer to sections 8 and 9 of this policy.
We are required, by law, to pass certain information about pupils to specified external bodies, such as our local authority and the Department for Education, so that they are able to meet their statutory obligations.
We will only retain the data we collect for as long as is necessary to satisfy the purpose for which it has been collected.
We will not share information about staff with third parties without consent unless the law allows us to.
We are required, by law, to pass certain information about staff to specified external bodies, such as our local authority and the Department for Education, so that they are able to meet their statutory obligations.
Any staff member wishing to see a copy of information about them that the school holds should contact the Business Manager who will forward the request to the Data Protection Officer