GDPR
ST MARYS CE (VA) PRIMARY SCHOOL PRIVACY NOTICE
WHY DO WE COLLECT AND USE PUPIL INFORMATION?
We collect and use pupil information under the principle of the General Data Protection Regulations (GDPR) which states that data is used for “specified, explicit and legitimate purposes”. We use pupil data to:
- support pupil learning;
- monitor and report on pupil progress;
- provide appropriate pastoral care;
- assess the quality of our services; and
- comply with the law regarding data sharing.
Pupil information which we collect, hold and share include:
- personal information (i.e. name, unique pupil number and address);
- characteristics (i.e. ethnicity, language, nationality, country of birth and free school meal eligibility);
- attendance information (i.e. sessions attended, number of absences and absence reasons).
COLLECTING PUPIL INFORMATION
We process pupil information in order to “exercise the official authority vested in us” to deliver education to your child. Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with GDPR we will inform you when your consent is required, for example
in respect of racial or ethnic origin, religion, or where we intend to use photographs or biometric finger prints.
STORING PUPIL DATA
We keep personal information about pupils while they are attending our school. We may also keep it beyond their attendance at our school if this is necessary in order to comply with our legal obligations.
WHY WE SHARE PUPIL INFORMATION
We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.
We are required to share information about our pupils with the (DfE) under Regulation 5 of The Education (Information About Individual Pupils) (England) Regulations 2013. This data sharing underpins school funding and educational attainment policy and monitoring.
WHO DO WE SHARE PUPIL INFORMATION WITH?
We routinely and/or occasionally share pupil information with:
- Wakefield Local Authority
- Department for Education (DfE)
- Ofsted
- NHS (school nursing service)
- School Management Information Service
- School IT Service Provider
- Police
- Social Services
- Educational Psychology Department
- Speech & Language Therapists (SALT)
- Children & Adolescent Mental Health Services (CAMHS)
- Other schools/academies/MATs (during pupil transfer)
- Residential trip organisers (and insurers)
- School Photographers currently Tempest
- School Texting – Teachers 2 Parents
- School Cash Collecting – Parentpay
- School emailing – Parentpay
- School Assessment Tool – Insight
DATA COLLECTION REQUIREMENTS
To find out more about the data collection requirements placed on us by the Department for Education (for example the school census) go to:
https://www.gov.uk/education/data-collection-and-censuses-for-schools
THE NATIONAL PUPIL DATABASE (NPD)
The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies
commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.
To find out more about the pupil information we share with the department, for the purpose of data collections, go to:
https://www.gov.uk/education/data-collection-and-censuses-for-schools
To find out more about the NPD, go to:
The Department may share information about our pupils from the NPD with third parties who promote the education or wellbeing of children in England by:
- conducting research or analysis.
- producing statistics; and
- providing information, advice or guidance.
The Department has robust processes in place to ensure that the confidentiality of our data is maintained, and there are stringent controls in place regarding access and use of the data.
Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
- who is requesting the data;
- the purpose for which it is required;
- the level and sensitivity of data requested; and
- the arrangements in place to store and handle the data.
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security
arrangements and retention and use of the data. For more information about the department’s data sharing process, please visit:
https://www.gov.uk/guidance/data-protection-how-we-collect-and-share-research-data
For information about which organisations the department has provided pupil information, (and for which project), please visit the following website:
https://www.gov.uk/government/publications/dfe-external-data-shares
To contact DfE:
https://www.gov.uk/contact-dfe
REQUESTING ACCESS TO YOUR PERSONAL DATA
Under GDPR, parents/carers have the right to request access to information about them or their child, which we hold. To make a request for your personal information, please submit a request in writing, either by letter or email to the Data Protection Officer (contact details below). Including:
- Name of individual
- Correspondence address
- Contact number and email address
- Details of the information requested
To be given access to your child’s educational record please contact The Headteacher in the first instance.
You also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress;
- prevent processing for the purpose of direct marketing;
- object to decisions being taken by automated means;
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed;
- claim compensation for damages caused by a breach of the Data Protection Regulations.
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/
Contact:
If you would like to discuss anything in this privacy notice, please contact:
Mr N Stott, Data Protection Officer dpo@wntai.co.uk
OTHER DISCLOSURES
We will advise you at the time, should we wish to disclose your child’s data to any other appropriate third party (i.e. new contractors/partners), and this Privacy Notice will be updated.
GDPR FILE BOX