Fair Processing Notice:
PRIVACY NOTICE RELATING TO PUPIL AND PARENT INFORMATION
What is the purpose of this Notice?
This is the Privacy Notice of Mount Pleasant Primary School (“the School”) which is intended to provide you with information about how and why we process pupil and parent information. It is also intended to provide you with other information which is required under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA). The GDPR and DPA contain the key laws relating to data protection.
It is important to the School, and a legal requirement, that we are transparent about how we process pupil information. As a school that processes pupil information, we are known as a “data controller”. This means that we collect and use personal information for specified purposes which this Privacy Notice has been designed to tell you about.
The Data Protection Officer
The School has an appointed Data Protection Officer (DPO), HY Professional Services, who can be contacted in writing at HY Professional Services, 1 Reed House, Hunters Lane, Rochdale, OL16 1YL or by telephone on 0161 804 1144. The DPO is responsible for dealing with data protection issues within the School and you can contact the DPO should you wish to discuss any issues or concerns that you have about data protection.
What pupil information do we collect?
The types of pupil information that we collect include:
• Pupil names, unique pupil numbers, contact details including emergency contacts
• Characteristics such as ethnicity, language, nationality, country of birth
• Free school meal and pupil premium eligibility
• Medical information and dietary requirements
• Admissions information
• Attendance information (such as sessions attended, number of absences and absence reasons)
• Information relating to pupil exclusion and behaviour
• Attainment records and assessment results
• Reported accidents
• Safeguarding information
• Special educational needs information
We may also receive some information from our Local Authority, other schools and the DfE.
What is the purpose of us collecting and using pupil information
The purposes for which the School collects personal information are as follows: -
• To provide appropriate pastoral care
• Census reporting
• To provide free school meals
• To support children with medical conditions, allergies and SEN
• To manage admissions
• To monitor attendance
• To manage exclusions and behaviour
• For assessment and examination purposes
• For health and safety purposes
• To address safeguarding concerns
• To promote the school and celebrate educational achievement
• To ensure that the school is safe and secure
• To allow cashless payments to be made
Why is it lawful to collect this pupil information?
As a school, we are subject to a wide range of laws which we must comply with to further pupil education and to safeguard their well-being. To comply with these laws, we only process personal information as far as is necessary to meet those obligations. We also process some of the information described in this privacy notice to carry out public tasks vested in us to effectively manage the School.
Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the GDPR, we will inform you whether you are required to provide certain pupil information to us or if you have a choice. If you have a choice, then we will obtain your consent first. Even if you consent to us collecting and using personal information, you have a right to withdraw consent at any time.
Some types of pupil information are regarded as more sensitive under the GDPR and referred to as being a ‘special category’ of personal information. Where we process this type of personal information, it will often be processed for reasons of substantial public interest. In other circumstances, we will obtain your explicit consent first.
Who will we share pupil information with?
Those who we may share pupil information with include the following: -
• Our local authority;
• The Department for Education (DfE);
• Other Education Providers;
• School nurse;
• Health and Safety Executive;
• Multi-agency partners
• Service providers who provide learning platforms and communication tools.
Why we share pupil information
We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.
We share pupils’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.
We are required to share information about our pupils with our local authority (LA) and the Department for Education (DfE) under The Education (Information About Individual Pupils) (England) Regulations 2013.
Data collection requirements:
To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools
National Pupil Database (NPD)
The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.
To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information
The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:
• conducting research or analysis
• producing statistics
• providing information, advice or guidance
The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
• who is requesting the data
• the purpose for which it is required
• the level and sensitivity of data requested: and
• the arrangements in place to store and handle the data
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
For more information about the department’s data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data
For information about which organisations the department has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received
To contact DfE: https://www.gov.uk/contact-dfe
How long will we hold pupil information for?
We will hold pupil information for a period of time specified by law and as detailed within our retention policy. For more information, please contact the DPO.
Requesting access to your personal data
Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, please contact the School Business Manager.
You also have the right to:
• Object to processing of personal data that is likely to cause, or is causing, damage or distress;
• Prevent processing for the purpose of direct marketing
• Object to decisions being taken by automated means
• In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed and
• Claim compensation for damages caused by a breach of the Data Protection Regulations
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with the Data Protection Officer in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/