Ashlands Church of England Primary School Privacy Notice
What is your ‘Personal Data’?
Personal data is information that says something about you as an individual, so it would normally include your name, and/or contact details, or even a photograph of you.
What kind of information do we hold about you?
Apart from information you give us, we may also receive information about you from your previous schools, the local authority and the Department of Education (DfE).
This information will include your and your parents/guardians contact details, your assessment results, attendance information, any exclusion information, where you go after you leave us and personal characteristics such as your ethnic group and any medical conditions, special educational or dietary needs you want us to know about. .
Without your consent, we will not process any personal data about you which we do not need.
Why do we need your information?
We need to use your personal data in order to
· support your learning
· monitor and report your progress
· provide appropriate pastoral care
· provide services needed while at the school; and
· assess the quality of our service
The purpose of processing your information is to provide you with the best education we can, as well as to meet our other legal requirements.
The legal basis for using this personal data are various Acts of Parliament including the Education Act 2011, Children’s Act 2004 and Equality Act 2010.
For certain “special categories” of data (like health or ethnicity information) we rely on your consent. This means you will be asked if you agree to us processing it, and if you refuse to consent we will not record it.
How do we look after your personal data and keep it safe?
Access to your personal data will be limited to school staff who need to know about you.
Information held on paper files are securely stored at the school and information stored on computer will be held securely behind passwords and other measures.
Information held on electronic files may also be stored for the school on ‘cloud-based’ servers providing that we are satisfied that our personal data will be held securely and protected from any unauthorised access.
Who may we share your data with?
We are required, by law, to pass certain information about you to our local authority (LA) and the Department for Education (DfE).
For more information about how the local authority use your information, please contact email@example.com
For more information about how the DfE use your information please visit https://www.gov.uk/guidance/data-protection-how-we-collect-and-share-research-data
In exceptional circumstances we may be legally obliged to provide your information to certain other public authorities, for example where it is needed to save a life, or to detect a crime.
No one else will be allowed to access your personal data.
How long will we keep your information?
We will keep your data as long as you are at the school. We will pass your records onto your next school or other establishment when you request us to.
Once we no longer need your records for the purposes above they will be deleted to legal requirements and advice from the Information and Record Management Society (http://www.irms.org.uk/groups/public-sector/resources/134-records-management-toolkit-for-schools).
What are your privacy rights?
Our Data Protection Officer (DPO) is Our Data Protection Officer is Ian Gover at Somerset County Council and you can contact him by email: firstname.lastname@example.org
They are responsible for ensuring we look after your information properly, and you can contact them if you have any questions or concerns about this.
If you would like to know what information we hold about you, you can make a “subject access request” by contacting our DPO.
If you believe the information we process on you is incorrect you should let the DPO know, and you may request to have it corrected or deleted.
If you wish to raise a complaint about how we have handled your personal data, you may contact our DPO who will investigate the matter and try to resolve any problems you have.
If you are unhappy with how your complaint was dealt with by us, or believe we are processing your personal data outside the law, you can appeal to our regulator who is the Information Commissioner’s Office (ICO). They will then investigate the problem, decide whether we are at fault, and tell us what we need to put right.
Contact details can be found here: https://ico.org.uk/concerns/