Why do we collect personal data?
We collect personal information (data) about our students in order to:
- support their learning;
- monitor and report on their progress;
- provide appropriate pastoral care, and
- assess how well they are doing.
Everyone has rights with regard to how their personal information is handled and we recognise that we need to treat it in an appropriate and lawful manner. Information may be held on paper or on a computer or other media, and is subject to certain legal safeguards specified in the General Data Protection Regulation (GDPR) and other legislation.
The GDPR is a piece of EU-wide legislation which will determine how people’s personal data is processed and kept safe, and the legal rights individuals have in relation to their own data. It has applied since 25 May 2018 to organisations that process or handle personal data, including schools.
Individuals have a right to be informed about how the school uses any personal data (information) that we hold about them. We comply with this right by providing ‘privacy notices’ (sometimes called ‘fair processing notices’) to individuals where we are processing their personal data. The privacy notices can be found as appendices to our Data Protection Policy.
Other organisations such as the examination boards and the Department for Education will process students' personal information. Such organisations will publicise their own privacy notices. For example, the Education and Skills Funding Agency, an executive agency of the Department for Education (DfE), manages the Learning Records Service, through which it is responsible for issuing students with a Unique Learner Number (ULN) and to create Personal Learning Records as part of the function of the DfE. The Learning Record Service has published a privacy notice which can be found here.
Lawful basis for data processing
We can use or process students' personal information as long as there is a lawful basis (or reason) for doing so. 'Processing' means anything done to personal data, such as collecting, recording, organising, structuring, storing, adapting, altering, retrieving, using, sharing, erasing or destroying. Processing can be automated or manual.
The GDPR sets out six possible lawful bases. However, the most common bases for processing students' information would be:
- Public task - this basis covers a lot of our data processing as a school; essentially, we can process personal data if we need to in order for the school to run properly, and to fulfil our official functions as set out in law.
- Legal obligation - where we process personal data to comply with a common law or statutory obligation, for example in relation to health and safety legislation.
- Vital interests - where we can process personal data if it’s necessary to do so to protect someone’s life; this basis could apply if we need to share personal information with the emergency services in a situation where a student's life is at risk, for example through a sudden illness or accident.
- Consent - we will only need to ask you or your son/daughter to give consent to processing their personal data in situations where none of the other bases apply; the most common reason for seeking consent would be to cover the use of photographs on our school website or other publication
Records are retained in line with regulations and retention guidelines, as laid out by the Education and Skills Funding Agency. Further information can be found here.
Data Protection Officer
The school's data protection officer is Mr David Harding, Deputy Headteacher. If parents have any concerns about the school's use of students' personal data they should contact Mr Harding via the main school telephone number 01753 598300 or the email address email@example.com.