Menu
Home Page

Privacy Notice

This policy meets the requirements of the Data Protection Act 1998, and is based on guidance published by the Information Commissioner’s Office and model privacy notices published by the Department for Education.

It also takes into account the expected provisions of the General Data Protection Regulation, which is new legislation due to come into force in 2018.

In addition, this policy complies with regulation 5 of the Education (Pupil Information) (England) Regulations 2005, which gives parents the right of access to their child’s educational record.

This policy complies with our funding agreement and articles of association.

 

Definitions

Term

Definition

Personal data

Data from which a person can be identified, including data that, when combined with other readily available information, leads to a person being identified

Sensitive personal data

Data such as:

  • Contact details
  • Racial or ethnic origin
  • Political opinions
  • Religious beliefs, or beliefs of a similar nature
  • Where a person is a member of a trade union
  • Physical and mental health
  • Sexual orientation
  • Whether a person has committed, or is alleged to have committed, an offence
  • Criminal convictions

Processing

Obtaining, recording or holding data

Data subject

The person whose personal data is held or processed

Data controller

A person or organization that determines the purposes for which, and the manner in which, personal data is processed

Data processor

A person, other than an employee of the data controller, who processes the data on behalf of the data controller

 

The data controller

Our school processes personal information relating to pupils, staff and visitors, and, therefore, is a data controller. Our school delegates the responsibility of data controller to the Data protection officer.

The school is registered as a data controller with the Information Commissioner’s Office and renews this registration annually.

 

Data protection principles

The Data Protection Act 1998 is based on the following data protection principles, or rules for good data handling:

  • Data shall be processed fairly and lawfully

  • Personal data shall be obtained only for one or more specified and lawful purposes

  • Personal data shall be relevant and not excessive in relation to the purpose(s) for which it is processed

  • Personal data shall be accurate and, where necessary, kept up to date

  • Personal data shall not be kept for longer than is necessary for the purpose(s) for which it is processed

  • Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act 1998

  • Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data, and against accidental loss or destruction of, or damage to, personal data

  • Personal data shall not be transferred to a country or territory outside the European Economic Area unless the country or territory ensures an adequate level of protection for the rights and freedoms of data in relation to the processing of personal data

 

Roles and responsibilities

The governing board has overall responsibility for ensuring that the school complies with its obligations under the Data Protection Act 1998.

Day-to-day responsibilities rest with the head teacher, or the Business manager in the head teacher’s absence. The head teacher will ensure that all staff are aware of their data protection obligations, and oversee any queries related to the storing or processing of personal data.

Staff are responsible for ensuring that they collect and store any personal data in accordance with this policy. Staff must also inform the school of any changes to their personal data, such as a change of address.

 

Privacy/fair processing notice

Pupils and parents

We hold personal data about pupils to support teaching and learning, to provide pastoral care and to assess how the school is performing. We may also receive data about pupils from other organizations including, but not limited to, other schools, local authorities and the Department for Education.

This data includes, but is not restricted to:

  • Contact details

  • Results of internal assessment and externally set tests

  • Data on pupil characteristics, such as ethnic group or special educational needs

  • Exclusion information

  • Details of any medical conditions

We will only retain the data we collect for as long as is necessary to satisfy the purpose for which it has been collected.

We will not share information about pupils with anyone without consent unless the law and our policies allow us to do so. Individuals who wish to receive a copy of the information that we hold about them/their child should refer to sections 8 and 9 of this policy.

We are required, by law, to pass certain information about pupils to specified external bodies, such as our local authority and the Department for Education, so that they are able to meet their statutory obligations.

We will only retain the data we collect for as long as is necessary to satisfy the purpose for which it has been collected.

We will not share information about staff with third parties without consent unless the law allows us to.

We are required, by law, to pass certain information about staff to specified external bodies, such as our local authority and the Department for Education, so that they are able to meet their statutory obligations.

Any staff member wishing to see a copy of information about them that the school holds should contact the Business Manager who will forward the request to the Data Protection Officer

Top