Privacy

This privacy notice describes how we collect and use personal information about pupils, in accordance with the UK General Data Protection Regulation (UK GDPR), section 537A of the Education Act 1996 and section 83 of the Children Act 1989. 

Following Brexit, Regulation (EU) 2016/679, General Data Protection Regulation (GDPR) is retained EU law and known as UK GDPR. The UK GDPR sits alongside an amended version of the Data Protection Act 2018 that relate to general personal data processing, powers of the Information Commissioner and sanctions and enforcement. The GDPR as it continues to apply in the EU is known as EU GDPR.

Who Collects This Information

Yardley Primary School is a “data controller” of personal data and gathers and uses certain information about pupils and parents. This means that we are responsible for deciding how we hold and use personal information about pupils and parents. Under data protection legislation, we are required to notify you of the information contained in this privacy notice. 

This notice does not form part of any contract to provide services and we may update this notice at any time.

It is important that you read this notice with any other policies mentioned within this privacy notice, so that you are aware of how and why we are processing your information, what your rights are under data protection legislation and the procedures we take to protect your personal data.

Data Protection Principles

We will comply with the data protection principles when gathering and using personal information, as set out in our data protection policy.

Categories of Pupil Information We Collect, Process, Hold and Share

We may collect, store and use the following categories of personal information about you: 

We may also collect, store and use the following more sensitive types of personal information:

How We Collect this Information 

Whilst the majority of information you provide to us is mandatory, some of it is provided to us on a voluntary basis. To comply with the UK General Data Protection Regulation, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

How and Why We Use Your Personal Information 

We will only use your personal information when the law allows us to do so. Most commonly, we will hold pupil data and use it for: 

The Lawful Bases on which we use this Information

We will only use your information when the law allows us to. Most commonly, we will use your information in the following circumstances:

We need all the categories of information in the list above primarily to allow us to comply with legal obligations. Please note that we may process information without knowledge or consent, where this is required or permitted by law.

How we use particularly sensitive personal information  

Special categories of particularly sensitive personal information, such as information about your health, racial or ethnic origin, sexual orientation, or biometrics require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data. We may process special categories of personal information in the following circumstances:

Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.

Sharing Data

We may need to share your data with third parties where it is necessary. There are strict controls on who can see your information. We will not share your data if you have advised us that you do not want it shared unless it’s the only way we can make sure you stay safe and healthy, or we are legally required to do so. 

We share pupil information with: 

The Department for Education request regular data sharing on pupil attendance to help support those vulnerable students and to assist with intervention strategies. 

Information will be provided to those agencies securely or anonymised where possible.

The recipient of the information will be bound by confidentiality obligations, we require them to respect the security of your data and to treat it in accordance with the law.

We may transfer your personal information outside the UK and the EU. If we do, you can expect a similar degree of protection in respect of your personal information.

Automated Decision Making

Automated decision making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision making in limited circumstances.

Pupils will not be subject to automated decision-making, unless we have a lawful basis for doing so and we have notified you.

Retention Periods

Except as otherwise permitted or required by applicable law or regulation, the school only retains personal data for as long as necessary to fulfil the purposes they collected it for, as required to satisfy any legal, accounting or reporting obligations, or as necessary to resolve disputes.

Information about how we retain information can be found in our Data Retention policy. This document can be found on our school website.

Security

We have put in place measures to protect the security of your information (i.e., against it being accidentally lost, used or accessed in an unauthorised way). In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. Details of these measures are available in our Information Security Policy. The school keep information about pupils on computer systems and sometimes on paper. 

You can find further details of our security procedures within our Data Breach policy and our Information Security policy, which can be requested from the school office.

Why we Share this Information

For example, we share students’ data with the DfE on a statutory basis which underpins school funding and educational attainment. To find out more about the data collection requirements placed on us by the DfE click here.

Storing Pupil Data

The School keep information about pupils on computer systems and sometimes on paper. 

Except as required by law, the School only retains information about pupils for as long as necessary in accordance with timeframes imposed by law and our internal policy. 

Full details on how long we keep personal data for is set out in our Data Retention Policy, this can be found on our website.

Automated Decision Making

Automated decision making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision making in limited circumstances.

Pupils will not be subject to automated decision-making, unless we have a lawful basis for doing so and we have notified you.

Retention Periods

Except as otherwise permitted or required by applicable law or regulation, the School only retains personal data for as long as necessary to fulfil the purposes they collected it for, as required to satisfy any legal, accounting or reporting obligations, or as necessary to resolve disputes.

Information about how we retain information can be found in our Data Retention policy. This can be found on our website.

The National Pupil Database (NPD)

The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies. 

We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.

To find out more about the NPD, click here.

The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:

The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:

To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.

For more information about the department’s data sharing process, click here.

For information about which organisations the department has provided pupil information, (and for which project), click here.

 To contact DfE click here.

Requesting Access To Your Personal Data

Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request, please see our Data Protection Policy for the procedures to take.

Your Rights of Access, Correction, Erasure and Restriction

Under certain circumstances, by law you have the right to: 

If you want to exercise any of the above rights, please contact the Headteacher in writing. 

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). 

Right to Withdraw Consent 

In circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Headteacher. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Contact

If you would like to discuss anything within this privacy notice or have a concern about the way we are collecting or using your personal data, we request that you raise your concern with the Headteacher in the first instance. 

We have appointed a data protection officer (DPO) to oversee compliance with data protection and this privacy notice. If you have any questions about how we handle your personal information which cannot be resolved by school, then you can contact the DPO on the details below:


Data Protection Officer: Judicium Consulting Limited

Address: 72 Cannon Street, London, EC4N 6AE

Email: dataservices@judicium.com

Web: www.judiciumeducation.co.uk


 You have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues by clicking here.

Changes to this Privacy Notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.