GDPR

AscDesc
TitlePublish Date

    GDPR & Data Protection

    Introduction

    Our school is committed to protecting the privacy and rights of all pupils, parents, and staff.  We comply with this by providing ‘privacy notices’ to individuals where we are processing their personal data.  This privacy notice explains how we collect, store and use personal data about pupils, parents and staff.  We comply fully with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.  This means that we take responsibility for the personal information we collect, use, and store, and we ensure it is handled lawfully, fairly, and transparently. 

    What Personal Data We Collect

    We collect and process personal data to support education, safeguard pupils, and meet our legal obligations.  The personal data we hold, collect, use, store and share (where appropriate) about pupils and parents includes, but is not restricted to:

    • Pupil information: name, date of birth, gender, contact details, academic progress, attendance, medical information, and safeguarding records.
    • Parent/guardian information: names, addresses, phone numbers, email addresses, and emergency contact details.
    • Staff information: employment records, qualifications, payroll details, and performance information.
    • Administrative data: financial records, consent forms, and communication logs.
    • IT and online services: email accounts, learning platforms, and digital activity logs.

    Why We Collect Data

    We use personal data for the following purposes:

    • To provide education and pastoral support
    • Monitor and report on pupil progress
    • To safeguard and promote pupil welfare
    • To communicate effectively with parents and guardians
    • To manage staff employment and payroll
    • To meet statutory and legal requirements set by the Department for Education and other authorities

    In order to meet statutory requirements around appropriate education provision and to fulfil safeguarding requirements, we share information about school history and the latest known pupil and parent address and contact details in the event of a Child Missing Education or becoming Electively Home Educated.  This information also supports the in-year admissions process.

    Our Legal Basis for Using This Data

    Our school collects and uses personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.  The lawful bases we rely on include: public task, where processing is necessary for us to carry out our official functions and statutory duties; legal obligation, where we are required to share information by law; and consent, where we ask for permission to use data such as photographs or non-essential information. We may also process pupils’ personal data in situations where; we have obtained consent to us it in a certain way, we need to protect he individual’s vital interests (or someone else’s interests), or where we have obtained consent to use pupils’ personal data, this consent can be withdrawn at any time.

    We will make this clear when we ask for consent and complain how consent can be withdrawn.  The above list is not exhaustive and some of the reasons listed above for collecting and using personal data overlap and there may be several grounds which justify our use of this data.

    Collecting this information

    Our school collects personal information to help us provide the best education and support for every student.  This may include details such as names, contact information, attendance records, academic progress, and health or safeguarding information where necessary. Information is gathered directly from students, parents, and staff, and sometimes from trusted partners like local authorities.  We only collect what is needed, keep it secure, and use it for clear educational purposes.  Everyone has the right to know what data we hold, why we hold it, and how it is used, in line with the General Data Protection Regulation (GDPR).

    How We Protect Your Data

    We take data security seriously and use a range of measures to protect personal information:

    • Secure servers and encrypted systems
    • Restricted access to authorized staff only
    • Regular audits and compliance checks
    • Pupil’s records are stored securely in paper files
    • Staff training on data protection and confidentiality

    Sharing of Data

    The school may disclose personal data to third parties where such disclosure is lawful, necessary, and proportionate for the purposes of education, safeguarding, administration, or compliance with statutory obligations.  Recipients of such data may include local authorities, examination boards, health services, regulatory bodies, and government departments.  Any transfer of personal data is conducted in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, ensuring that appropriate safeguards are in place.  The school does not sell personal data or permit its use for direct marketing.  All disclosures are limited to the minimum information required and are subject to strict confidentiality and security obligations.

    National Pupil Database (NPD)

    Our school contributes information to the National Pupil Database (NPD), a secure data collection managed by the Department for Education.  The NPD brings together detailed information about pupils in schools across England, including exam results, attendance, and characteristics.  This helps the government, researchers, and policymakers to understand educational outcomes, improve standards, and ensure that funding and support are directed where they are most needed.  Data is handled with strict confidentiality and is only shared for legitimate educational purposes.  Parents and carers can find more information about how pupil data is used on the Department for Education’s website.

    Transferring Data Internationally

    Where we transfer personal data to a country or territory outside the European Economic Area, we will do so in accordance with data protection law.

    Your Rights Under GDPR

    Under GDPR, you have the following rights:

    • Right of access – to request a copy of the personal data we hold about you
    • Right to rectification – to request corrections to inaccurate or incomplete data
    • Right to erasure – to request deletion of data in certain circumstances
    • Right to restrict processing – to limit how we use your data
    • Right to data portability – to request transfer of your data to another organization
    • Right to object – to object to certain uses of your data, such as direct marketing

    Individuals have a right to make a ‘subject access request’ to gain access to personal information that the school holds about them.  Where the child is not considered mature enough to understand their rights over their own data (usually under the age of 12), or where the child has provided consent, parents/carers can make a request with respect to their child’s data

    If you make a subject access request and if we do hold information about you or your child, we will:

    • Give you a description of it
    • Tell you why we are holding and processing it and how long we will keep it for
    • Explain where we got it from, if not from you or your child
    • Tell you who it has been, or will be, shared with
    • Let you know whether any automated decision-making is being applied to the data and any consequences of this
    • Give you a copy of the information in an intelligible form, individuals also have the right for their personal information to be transmitted electronically to another organisation in certain circumstances

    Data Retention

    We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.  When data is no longer needed, it is securely deleted or destroyed.

    Contact Us

    If you have any questions about how we use your data, or if you wish to exercise your GDPR rights, please contact the school in the first instance.

    To make a complaint, please contact our Headteacher.

    Alternatively, you can make a complain to the Information Commission’s Office:

    • Report a concern online at https://ico.org.uk/concerns/
    • Call 0303 123 1113
    • Writie to Information Commissioner’s Office, Whycliffe house, Water Lane, Wilmslow, Cheshire, SK9 5AF