At St. Anrdew's Primary School we take the processing and security of your data very seriously. This page will outline our approach to data protection, provide a list of our policies and procedures and inform you of your rights as set out in the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
Any information relating to an identified, or identifiable, individual. This may include the individual’s:
It may also include factors specific to the individual’s physical, physiological, genetic, mental, economic, cultural or social identity.
|Special categories of personal data||
Personal data which is more sensitive and so needs more protection, including information about an individual’s:
|Processing||Anything done to personal data, such as collecting, recording, organising, structuring, storing, adapting, altering, retrieving, using, disseminating, erasing or destroying. Processing can be automated or manual.|
|Data subject||The identified or identifiable individual whose personal data is held or processed.|
|Data controller||A person or organisation that determines the purposes and the means of processing of personal data.|
|Data processor||A person or other body, other than an employee of the data controller, who processes personal data on behalf of the data controller.|
|Personal data breach||A breach of security leading to the accidental or
unlawful destruction, loss, alteration, unauthorised
disclosure of, or access to personal data.
Why we collect and use your information.
We use the data:
- to support pupil learning;
- to monitor and report on pupil progress;
- to provide appropriate pastoral care;
- to assess the quality of our services;
- to comply with the law regarding data sharing.
- We collect and use pupil information under a task performed in the public interest where it relates to a child’s educational progression;
- Some photographs and videos are used only after gaining explicit consent, where appropriate;
- Where medical data is being processed, this is processed under a legal obligation;
- Safeguarding data is processed under a legal obligation to promote the wellbeing of pupils and take a view to the safeguarding of children at the school.
- We collect and process pupil information under Article 6 of the GDPR to perform our official function.
We hold pupil data based on the retention schedule provided in the IRMS School Toolkit.
Who we share pupil information with
- schools that the pupil’s attend after leaving us;
- our local authority;
- the Department for Education (DfE);
- suppliers that we have contracted with to provide educational services and those related to the operations of the school.
We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.
We share pupils’ data with the DfE on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.
We are required to share information about our pupils with our local authority and the DfE.
Other information we collect and hold
The categories of other information that we collect, hold and share include:
- Parents’ and carers information (such as name, address, contact information, relationship to the child, involvement with volunteer groups or parents association);
- Visitor information (such as name, business, car registration, DBS certification, purpose of visit);
- Governors’ information (such as name, address, contact information, business interests, financial interests and governance roles in other schools);
- Volunteers’ information (such as name, address, contact information, DBS certification).
Requesting access to your personal data
Under data protection legislation, you have the right to request access to information that we hold about you. To make a request for your personal information, contact the School Office at firstname.lastname@example.org.
You also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress;
- prevent processing for the purpose of direct marketing;
- object to decisions being taken by automated means;
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed and;
- claim compensation for damages caused by a breach of the Data Protection regulations.
If you have a concern about the way we are collecting or using your personal data, we ask that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/.