Privacy Notice Policy (How we use pupil information)

 

Policy Start Date	Policy Review Date	Frequency	Committee / Governor Responsible
Summer 2023	Summer 2024	Annually	Resources & Premises Committee (R&P)

 

Data Controller	UK GDPR Team	Data Protection Officer (DPO)
Dcn Tito Pereira	Gill Wickham Dcn Tito Pereira Eileen Dhak Susie Debono	Judicium Education Duty DPO Address: 72 Cannon St,                  London, EC4 6AE Email: dataservices@judicium.com Phone: 020 3326 9174
Deputy Data Controller
Susie Debono

 

Privacy Notice (How we use pupil information):

This Privacy Notice is intended to provide information about how the school will use (or "process") personal data about individuals including: its staff; its current, past and prospective pupils; and their parents, carers or guardians.

The school identifies itself as a data controller for the purposes of the relevant legislation.

Why do we collect and use pupil information?

We collect and use pupil information under Article 6 EU UK GDPR “Lawfulness of Processing.”

‘’processing is necessary for the purpose of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’’

And also under Article 9 EU UK GDPR ‘’processing of special categories of personal data.’’

 

 

We use the pupil data:

• to support pupil learning
• to monitor and report on pupil progress
• to provide appropriate pastoral care
• to assess the quality of our services
• to comply with the law regarding data sharing

The categories of pupil information that we collect, hold and share include:

• Personal information (such as name, unique pupil number and address)
• Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility)
• Attendance information (such as sessions attended, number of absences and absence reasons)
• Assessment information.
• Special educational needs information
• Safeguarding and behaviour reports.
• Relevant medical information and use of the medical room for injuries/illness patterns.
• CCTV images of the external school site are held for security reasons for thirty days before being deleted.

Collecting pupil information:

Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this. Where from time to time other data is sought by the school a full disclosure of the purpose and reason will be supplied to comply with the UK GDPR criteria in Article 6 whereby "The data subject (parent) has given consent to the processing." (UK GDPR Article 6).

Storing pupil data:

We hold pupil data for seven years after the child reaches the age of majority (their eighteenth birthday).

Who do we share pupil information with?

We routinely share pupil information with:

• schools that the pupil’s attend after leaving us
• our local authority
• the Department for Education (DfE)
• selected third party software providers

Why we share pupil information:

We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so. We share pupils’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.

We are required to share information about our pupils with our local authority (LA) and the Department for Education (DfE) under section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013.

Data collection requirements:

To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.

The National Pupil Database (NPD)

The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.

We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.

To find out more about the pupil information we share with the department, for the purpose of data collections, go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.

 

To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information.

The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:

• conducting research or analysis
• producing statistics
• providing information, advice or guidance

The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:

• who is requesting the data
• the purpose for which it is required
• the level and sensitivity of data requested: and
• the arrangements in place to store and handle the data

To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.

For more information about the department’s data sharing process, please visit:

https://www.gov.uk/data-protection-how-we-collect-and-share-research-data

For information about which organisations the department has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received

To contact DfE: https://www.gov.uk/contact-dfe

Third Party software Providers:

Data is also shared with selected third party software providers.  This enables pupils to access their own learning programmes from multiple providers in and out of school. All providers are checked by the school to ensure they comply with the UK GDPR and satisfy the criteria of the DfE’s guidance for Cloud software.

Our current (April 2020) software partners are:

SIMS – School Information Management System.

SIMS stores the essential data we need about your child, name, date of birth, address, emergency contacts, siblings in school. We get this data from you, the parent, and store it so that we can create class lists etc. We need the data in case your child has an accident or we need to contact an adult. Your child’s educational progress is stored on SIMS and that information is shared with you during Parents evenings. Attendance data and copies of reasons for absence are stored. The data is shared under strict regulation. There is a statutory duty to pass certain data to the local authority and the DfE, eg end of key stage assessments and which children are on roll. There is a regulatory duty to share data with social care if a child is considered to be at risk or an assessment of risk needs to take place. FMS (Financial Management System) in SIMS also stores contact information and purchasing history for each of our suppliers.

 

Harrison Catering Services Ltd

The school has appointed Harrison Catering Serviced Ltd to provide a school meals service to our pupils and staff.  In pursuance of this legitimate interest, the school will share relevant personal data with the caterer including pupil names, class, parental names, parental phone numbers and pupil dietary needs.

 

London Grid for Learning – Virtual Learning Environment (VLE)

Is an Online Learning Platform which provides learning resources for the children and staff.  In pursuance of this legitimate interest, the school will share relevant personal data with the VLE including pupil names, class, staff names, email addresses and electronic learning documents.

Further Information can be found on https://static.lgfl.net/LgflNet/downloads/policies/LGfL%20Privacy%20Notice.pdf

 

Bug Cub

Bug Club is an interactive online teaching and homework subscription website for schools that builds pupil engagement and consolidates English knowledge. It is a digital space for pupils and teachers enabling the tracking of pupil progress and attainment.

(https://www.activelearnprimary.co.uk)

 

My Maths

My Maths is an interactive online teaching and homework subscription website for schools that builds pupil engagement and consolidates Maths knowledge. It is a digital space for pupils and teachers enabling the tracking of pupil progress and attainment. (https://www.mymaths.co.uk/primary.html)

 

Teachers 2 Parents

Teachers 2 Parents is an on-line messaging service to send texts and emails to the first named contact on the SIMS information sheet.

 

Primary Site

Hosts our school website, the personal data collected includes:

Name, School and school Address, Business email, Telephone number, Mobile telephone number, Pupil information, Parental contact information. We collect information in the below ways: -

• Online forms
• CMS user information
• MIS data

 

 

Medical Room Records / Accident Records

We enter all incidents onto a locally held database so we can search it by child’s name, location of accident, time of day, date etc. This enables us to risk assess and make the environment safer for all and alerts us to children using the medical room excessively.

 

Behaviour Log

Electronic Behaviour Log file / information is stored securely in “Staff Shared.”

 

Safeguarding Files

Staff may log a Safeguarding on paper and pass the information directly to the designated safeguarding leads. All Safeguarding information is stored securely in a locked filing cabinet in the Headteacher / Designated Safeguarding Lead’s Office. Electronic Safeguarding information is stored securely in “Shared.”

 

 

SEN/D Information

SEN/D information is shared with parents when provision maps are updated or at annual reviews. All SEN/D information is stored securely in a locked filing cabinet in the Headteacher’s Office. Electronic SEN/D information is stored securely in “Shared.”

 

Medical Files

These hold essential medical information passed to the school by the parent. Medical information is stored securely in the Medical room.

 

Previous School Reports

Each child receives an annual report in the summer, we keep a copy in case we need to look back in time to assess a child’s needs. If a child has moved school the previous school’s files are stored.

 

Admissions Information

We retain the information parents provide at the point of seeking admission to the school and the data from the LA regarding the distance from school of parents’ residences until the end of the admission round. The data is then destroyed safely.

 

Personnel Information

We hold data about all our employees and volunteers for the purposes of safeguarding, performance management, staff discipline and welfare, and remuneration. The data is held within a LBE sponsored programme, I-Trent, and in individual staff personnel files.

Requesting access to your personal data

Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact the Headteacher.

You also have the right to:

• object to processing of personal data that is likely to cause, or is causing, damage or distress
• prevent processing for the purpose of direct marketing
• object to decisions being taken by automated means
• in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
• claim compensation for damages caused by a breach of the Data Protection regulations

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/

Does St Anselm’s Catholic Primary School comply with the UK GDPR data principles?

1. Processed lawfully, fairly and transparently.

Data falls into three main groups, basic data such as name address etc and attendance. This data is largely provided by the parent and the registers taken every am and pm. It is checked at least annually with the parent. Secondly attainment data, children’s progress is always moderated by teams of teachers before being finally recorded and progress is shared with parents at parental consultations. Finally behaviour, safeguarding and additional needs data, here again no member of staff acts in isolation judgements are always checked by at least one other member of staff. Records are available so long as disclosure does not place the child at risk.

 

2. Collected for specific explicit and legitimate purposes.

We care about your child, need to keep them safe and need to assess their learning and support their development. That is why records are kept.

 

3. Adequate, relevant and limited to what is necessary.

We review the data we collect regularly and seek only to hold the minimum necessary for the efficient running of the school.

 

4. Accurate and up to date.

Our various policies and procedures are current, up to date and compliant.

 

5.  Kept for no longer than is necessary.

The DfE and the LA give advice on how long records should be kept. Stored historical data is kept within our archive cupboard and School follows the “Information Management Toolkit for Schools,” Tribal, February 2016.

 

6. Kept securely.

Electronic data is subject to our Acceptable Users Policy for IT signed by every member of staff. Passwords are strong and protected and regularly changed. The use of USB and other storage devices is restricted. Sensitive paper data is locked in filing cabinets with access by approved staff only. Designated Safeguarding Leads may take relevant Safeguarding data offsite to Social Care meetings. Safeguarding data in care of the School Designated Safeguarding Lead will be returned to the locked cabinet immediately after returning from the meeting.

 

Transfers of personal data to third countries or international organisations. (UK GDPR Article 44)

Should a child relocate to a country outside the EU or EEA we will ask the parents specific consent before transferring data electronically or manually. Should the school use computer packages hosted by countries outside the EU/EEA, such as Dropbox and others we will seek best practice re UK GDPR compliance from our Data Protection Officer (DPO.)

 

Does St Anselm’s Catholic Primary School have a named Data Protection Officer?

Data Controller	UK GDPR Team	Data Protection Officer (DPO)
Dcn Tito Pereira	Gill Wickham Dcn Tito Pereira Susie Debono Eileen Dhak	DPO: Judicium Education   Address: 72 Cannon St,                  London,                  EC4 6AE Email: dataservices@judicium.com Phone: 020 3326 9174
Deputy Data Controller
Susie Debono

Contact:

If you would like to discuss anything in this privacy notice, please contact:

• The Headteacher.

If you need more information about how our local authority and/or DfE collect and use your information, please visit:

• our Local Authority at http://www.ealing.gov.uk/info/200527/your_child_at_school/710/schools_privacy_notice or

 

• the DfE website at https://www.gov.uk/data-protection-how-we-collect-and-share-research-data

 

 

 

 

 

If you are unable to access these websites we can send you a copy of this information. Please contact the LA or DfE as follows:

 

•    Data Protection Officer,

            Perceval House,

            14-16 Uxbridge Road,

            Ealing,

            London,

            W5 2HL.

            Email:             dataprotection@ealing.gov.uk
            Tel:                 020 8825 8282
 

 

• Public Communications Unit
  Department for Education
  Sanctuary Buildings
  Great Smith Street
  London
  SW1P 3BT

         Website:            www.education.gov.uk

         email:                http://www.education.gov.uk/help/contactus     
Telephone:       0370 000 2288

 

 

                                                                  

 

 

 

Headteacher:		Date:	Summer 2023
Chair of Governing Body:		Date:	Summer 2023

 

 

Cookies Used

Necessary

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.

You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.