Menu
Home Page

Data Protection & Privacy Notices

Data Protection and the GDPR

 

As the UK transitional arrangements expired on 31 December 2020, there are some practical changes for Data Protection and the GDPR.

To comply with the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 please note that every policy, notice and procedural guide that refers to ‘GDPR’ shall now be read as ‘UK GDPR’.

The rights, responsibilities and data protection that the Data Protection Act 2018 and the GDPR are not changed. Our procedures and arrangements will not change.

If you have any queries please contact the Headteacher.

 

Our Data Protection Lead is Mrs S Kavanagh, Headteacher.

Our Data Protection Officer is Mr J Walker, PHP Law.

 

Privacy Notice – Pupil and Family Data

Introduction

 

As a school we collect a significant amount of information about our pupils. This notice explains why we collect the information, how we use it, the type of information we collect and our lawful reasons to do so.

 

Why do we collect data?

 

We collect and use pupil data to:-

  • Fulfil our statutory obligations to safeguard and protect children and vulnerable people
  • Enable targeted, personalised learning for pupils
  • Manage behaviour and effective discipline
  • Monitor our effectiveness
  • Comply with our legal obligations to share data
  • Support pupils to fulfil their potential
  • Keep pupils, parents and carers informed about school events and school news

 

Our Legal Obligations

 

We must make sure that information we collect and use about pupils is in line with the GDPR and Data Protection Act. This means that we must have a lawful reason to collect the data, and that if we share that with another organisation or individual we must have a legal basis to do so.

 

The lawful basis for schools to collect information comes from a variety of sources, such as the Education Act 1996, Regulation 5 of The Education (Information About Individual Pupils) (England) Regulations 2013, Article 6 and Article 9 of the GDPR.

The Department for Education and Local Authorities require us to collect certain information and report back to them. This is called a ‘public task’ and is recognised in law as it is necessary to provide the information.

 

We also have obligations to collect data about children who are at risk of suffering harm, and to share that with other agencies who have a responsibility to safeguard children, such as the police and social care.

 

We also share information about pupils who may need or have an Education Health and Care Plan (or Statement of Special Educational Needs). Medical teams have access to some information about pupils, either by agreement or because the law says we must share that information, for example school nurses may visit the school.

 

Sharing information


Other services, organisations and people we may share information with include:
•    schools or academies that the students attend after leaving us 
•    relevant local authority/(ies) 
•    youth support services (students aged 13+) 
•    the Department for Education (DfE) 
•    the NHS as required 
•    school nursing service
•    parent/carer 
•    suppliers and service providers 
•    health professionals 
•    health & social welfare organisations 
•    professional bodies 
•    charities and voluntary organisations 
•    auditors 
•    survey & research organisations 
•    social care organisations 
•    police forces and court services
•    suppliers of software and apps that are used in the school
 

We must keep up to date information about parents and carers for emergency contacts.

 

 

 

How we use the data.

 

In school we also use various third-party tools to make sure that pupils best interests are advanced. We also record details about progress, attainment and pupil development to support future planning and learning.

We use data to manage and monitor pastoral needs and attendance/absences so that suitable strategies can be planned if required.

 

We use systems to take electronic payments for school meals. This includes financial software to manage school budgets, which may include some pupil data. We use software to track progress and attainment. 

 

Data can be used to monitor school effectiveness, the impact of intervention and learning styles across groups of pupils as well as individual children.

We may use consultants, experts and other advisors to assist the school in fulfilling its obligations and to help run the school/academy properly. We might need to share pupil information with them if this is relevant to their work.

We also use contact information to keep pupils, parents, carers up to date about school/academy events.

 

What type of data is collected?

 

The DfE and government requires us to collect a lot of data by law, so that they can monitor and support schools and academies more widely, as well as checking on individual schools and academies effectiveness.

 

The categories of pupil information that the school collects, holds and shares include the following:

  • personal information – e.g. names, dates of births, pupil numbers and addresses
  • characteristics – e.g. ethnicity, vulnerability categories, language, nationality, country of birth and free school meal eligibility
  • attendance information – e.g. number of absences and absence reasons
  • assessment information – e.g. national curriculum assessment results
  • relevant medical information and social care
  • information relating to SEND and health needs
  • behavioural information – e.g. number of temporary exclusions
  • CCTV, photos and video recordings

 

The National Pupil Database (NPD)

 

The NPD is owned and managed by the DfE and contains information about pupils in schools/academies in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.

 

We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.

 

To find out more about the pupil information we share with the department, for the purpose of data collections, go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.

 

To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information.

 

The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:

  • conducting research or analysis
  • producing statistics
  • providing information, advice or guidance

 

The department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:

  • who is requesting the data
  • the purpose for which it is required
  • the level and sensitivity of data requested: and
  • the arrangements in place to store and handle the data

 

To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.

 

For more information about the department’s data sharing process, please visit:

https://www.gov.uk/data-protection-how-we-collect-and-share-research-data

 

For information about which organisations the department has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received

To contact DfE: https://www.gov.uk/contact-dfe

 

Requesting access to your personal data

 

Under data protection legislation, parents and pupils have the right to request access to information about them that we hold.

 

To make a request for your personal information, or be given access to your child’s educational record, contact Mrs S Kavanagh, Headteacher at admin@parkhouse.derbyshire.sch.uk.

 

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/.

 

Contact

 

If you would like to discuss anything in this privacy notice, please contact Mrs S Kavanagh.

 

More information about data protection and our policies

 

How we manage the data and our responsibilities to look after and share data is explained in our data protection policy, and connected policies, which are also available on our website.

If you feel that data about your child is not accurate, or no longer needed please contact the school office. Our complaints policy explains what to do if there is a dispute. Subject Access Requests are dealt with by the specific policy on the website.

 

Review

 

The school will update this privacy notice from time to time. Any substantial changes that affect your rights will be provided to you directly as far as is reasonably practicable.

 

 

Privacy Notices

Consent

 

As a school we will seek consent from staff, volunteers, young people, parents and carers to collect and process their data. We will be clear about our reasons for requesting the data and how we will use it. There are contractual, statutory and regulatory occasions when consent is not required.

However, in most cases data will only be processed if explicit consent has been obtained.

 

Consent is defined by the GDPR as “any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.

 

We may seek consent from young people also, and this will be dependent on the child and the reason for processing.

 

Consent and Renewal

 

On the school website we have ‘Privacy Notices’ that explain how data is collected and used. It is important to read those notices as it explains how data is used in detail.

 

Obtaining clear consent and ensuring that the consent remains in place is important for school. We also want to ensure the accuracy of that information.

 

For Pupils and Parents/Carers

 

On arrival at school you will be asked to complete a form giving next of kin details, emergency contact and other essential information. We will also ask you to give consent to use the information for other in school purposes, as set out on the data collection/consent form.

 

We review the contact and consent form on an annual basis. It is important to inform school if details or your decision about consent changes. A form is available.

 

Pupil consent procedure

 

Where processing relates to a child under 16 years old, school will obtain the consent from a person who has parental responsibility for the child.

 

Pupil’s may be asked to give consent or to be consulted about how their data is obtained, shared and used in certain situations.

 

Withdrawal of Consent

 

Consent can be withdrawn, subject to contractual, statutory or regulatory constraints. Where more than one person has the ability to provide or withdraw consent the school will consider each situation on the merits and within the principles of GDPR and also child welfare, protection and safeguarding principles.

 

Please complete the appropriate form.

Additional documents

Covid-19 specific GDPR documents

Track and trace privacy notice

DfE Privacy notice regarding FSM vouchers

Top

Cookies

Unfortunately not the ones with chocolate chips.

Our cookies ensure you get the best experience on our website.

Please make your choice!

Cookies

Some cookies are necessary in order to make this website function correctly. These are set by default and whilst you can block or delete them by changing your browser settings, some functionality such as being able to log in to the website will not work if you do this. The necessary cookies set on this website are as follows:

Website CMS

A 'sessionid' token is required for logging in to the website and a 'crfstoken' token is used to prevent cross site request forgery.
An 'alertDismissed' token is used to prevent certain alerts from re-appearing if they have been dismissed.
An 'awsUploads' object is used to facilitate file uploads.

Matomo

We use Matomo cookies to improve the website performance by capturing information such as browser and device types. The data from this cookie is anonymised.

reCaptcha

Cookies are used to help distinguish between humans and bots on contact forms on this website.

Cookie notice

A cookie is used to store your cookie preferences for this website.

Cookies that are not necessary to make the website work, but which enable additional functionality, can also be set. By default these cookies are disabled, but you can choose to enable them below: