General Data Protection Regulations (GDPR)

Under data protection law, individuals have a right to be informed about how the school uses any personal data that we hold about them. We comply with this right by providing ‘privacy notices’ (sometimes called ‘fair processing notices’) to individuals where we are processing their personal data.

This privacy notice explains how we collect, store and use personal data about pupils.

We, St James (Daisy Hill) CE Primary School, are the ‘data controller’ for the purposes of data protection law and the school’s Chief Privacy Officer is Catherine Watkin, Headteacher.

The personal data we hold
Personal data that we may collect, use, store and share (when appropriate) about pupils includes, but is not restricted to:

  • Contact details, contact preferences, date of birth, identification documents
  • Results of internal assessments and externally set tests
  • Pupil and curricular records
  • Characteristics, such as ethnic background, eligibility for free school meals, or special educational needs
  • Details of any medical conditions, including physical and mental health
  • Attendance information
  • Safeguarding information
  • Exclusion information
  • Details of any support received, including care packages, plans and support providers
  • Photographs

We may also hold data about pupils that we have received from other organisations, including other schools, local authorities and the Department for Education.

Why we use this data
We use this data to:

  • Support pupil learning
  • Monitor and report on pupil progress
  • Provide appropriate pastoral care
  • Protect pupil welfare
  • Assess the quality of our services
  • Administer admissions waiting lists
  • Comply with the law regarding data sharing

Our legal basis for using this data
We only collect and use pupils’ personal data when the law allows us to. Most commonly, we process it where:

  • We need to comply with a legal obligation
  • We need it to perform an official task in the public interest

Less commonly, we may also process pupils’ personal data in situations where:

  • We have obtained consent to use it in a certain way
  • We need to protect the individual’s vital interests (or someone else’s interests)

Where we have obtained consent to use pupils’ personal data, this consent can be withdrawn at any time. We will make this clear when we ask for consent, and explain how consent can be withdrawn. Some of the reasons listed above for collecting and using pupils’ personal data overlap, and there may be several grounds which justify our use of this data.

Collecting this information
Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis.  In order to comply with the General Data Protection Regulation (GDPR), we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this.

How we store this data
We keep personal information about pupils while they are attending our school. We may also keep it beyond their attendance at our school if this is necessary in order to comply with our legal obligations. Our Information Management Policy sets out how long we keep information about pupils.  A copy of this policy is available on request from the School Office.

Data sharing
We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so. Where it is legally required or necessary (and it complies with data protection law) we may share personal information about pupils with:

  • Our local authority – to meet our legal obligations to share certain information with it, such as safeguarding concerns and exclusions
  • The Department for Education
  • The pupil’s family and representatives
  • OfSTED
  • Suppliers and service providers – to enable them to provide the service we have contracted them for
  • Survey and research organisations
  • Health authorities
  • Police forces, courts, tribunals
  • Professional bodies

National Pupil Database
We are required to share information about our pupils with the Local Authority (LA) and the Department for Education (DfE) under section 3 of the Education (Information About Individual Pupils) (England) Regulations 2013.

Some of this information is then stored in the National Pupil Database (NPD).  The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.

We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.

To find out more about the pupil information we share with the department, for the purpose of data collections,

go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.

To find out more about the NPD, go to: https://www.gov.uk/government/publications/national-pupil-databaseuser-guide-and-supporting-information.

The DfE may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:

  • conducting research or analysis
  • producing statistics
  • providing information, advice or guidance

The DfE has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:

  • who is requesting the data
  • the purpose for which it is required
  • the level and sensitivity of data requested: and
  • the arrangements in place to store and handle the data

To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.

For more information about the DfE’s data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data

For information about which organisations the DfE has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received

To contact DfE: https://www.gov.uk/contact-dfe

Transferring data internationally
Where we transfer personal data to a country or territory outside the European Economic Area, we will do so in accordance with data protection law.

Parents and pupils’ rights regarding personal data
Individuals have a right to make a ‘subject access request’ to gain access to personal information that the school holds about them.  To make a request for your personal information, or be given access to your child’s educational record, contact Catherine Watkin, Headteacher.

Other rights
Under data protection law, individuals have certain rights regarding how their personal data is used and kept safe, including the right to:

  • Object to the use of personal data if it would cause, or is causing, damage or distress
  • Prevent it being used to send direct marketing
  • Object to decisions being taken by automated means (by a computer or machine, rather than by a person)
  • In certain circumstances, have inaccurate personal data corrected, deleted or destroyed, or restrict processing
  • Claim compensation for damages caused by a breach of the data protection regulations

Complaints
We take any complaints about our collection and use of personal information very seriously.  If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, we request that you raise your concern with us in the first instance.  Alternatively, you can contact the Information Commissioner’s Office:

  • Report a concern online at https://ico.org.uk/concerns/
  • Call 0303 123 1113
  • Or write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Contact us
If you have any questions, concerns or would like more information about anything mentioned in this privacy notice, please contact our Chief Privacy Officer.
Contact details:
Chief Privacy Officer
Catherine Watkin
St James (Daisy Hill) CE Primary School
Westhoughton
Bolton
BL5 2JU

Tel: 01942 634688

Email: office@st-james-daisy-hill.bolton.sch.uk

Title
Confidentiality Policy
184.46 KB 		Download
Data Protection Policy
161.27 KB 		Download