GDPR and Privacy Notice
PRIVACY NOTICE and GENERAL DATA PROTECTION REGULATION (GDPR)
Why do we collect and use student information and Legal Basis for Using Information
We collect and use student information under section 537A of the Education Act 1996, and section 83 of the Children Act 1989. We also comply with Article 6(1)(c) and Article 9(2)(b) of the General Data Protection Regulation (GDPR).
How we use student information
We use the student data:
- As part of our admissions process
- To support student teaching and learning
- To monitor and report on student progress to provide appropriate pastoral care
- To assess the quality of our services
- To comply with the law regarding data sharing
- To access our school meals, payments and school communication system
- To support you to decide what to do after you leave school
- Categories of student information that we collect, hold and share include:
- Personal information (such as name, unique student number and contact details)
- Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility)
- Attendance information (such as sessions attended, number of absences and absence reasons)
- National curriculum assessment results, special educational needs information, relevant medical information
- Biometric fingerprints for school meals
- Collecting student information
Whilst the majority of student information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain student information to us, or if you have a choice in this.
Storing student information
St Julian’s School keeps information about you on computer systems and also sometimes on paper.
We hold your education records securely (computerised and paper) in accordance with guidance issued by the Local Authority regarding document retention i.e. to comply with legal requirements e.g. date of birth plus 25 years for prime documents linked to safeguarding, SEN, Educational Psychology, School Admissions, EWS and 7 years for census information, SEN registers, School Action Plans, GEMS intervention referrals, admissions reports, school meals reports etc. after which they are safely destroyed. Biometric fingerprint data is destroyed as students leave school.
Access to the school’s IT and Data Systems is restricted to authorised individuals only and is underpinned and protected by our Digital Safety and Acceptable Usage Policies. Access is logged and routinely monitored to protect users and the integrity and security of systems and data.
Access to data on all laptop computers is secured through encryption or other means, to provide confidentiality of data in the event of loss or theft of equipment.
Backups are also encrypted, files and data at source during backup.
After the following retention periods the data is deleted securely from our systems.
Where data resides on third party systems e.g. Google Apps, Meraki DM solutions contracts exist to ensure data security, integrity and retention periods match legislation with St Julian’s School in-house systems.
All system backups are encrypted and are held in multiple, physically secure locations as part of the school’s disaster recovery plan.
There are strict controls on who can see your information. We will not share your data if you have advised us that you do not want it shared unless it is the only way we can make sure you stay safe and healthy, are legally required to do so or the data is required for operational purposes.
Paper records are held in lockable cabinets. All visitors to the school have a photograph taken and are logged into an electronic visitors access system. Access to areas where records are stored is restricted – students and visitors are not permitted to access any such area unless required and under the supervision of a staff member.
Who do we share student information with?
We routinely share student information with:
- Other Schools or colleges that students attend after leaving us
- Our local authority (Newport City Council) and the Education Achievement Service (EAS)
- Welsh Assembly Government
- Trusted partners where information is required to provide key educational services for our students and/or parents and carers
Why we share student information
We do not share information about our students with anyone without consent unless the law and our policies allow us to do so.
We share students’ data with the Welsh Assembly Government on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.
To find out more about the data collection requirements placed on us by the Welsh Assembly Government (for example; PLASC and Post 16 data, go to http://gov.wales/topics/educationandskills/schoolshome/schooldata
To ensure that our records are accurate and up to date we ask all parents/carers to inform the school as soon as possible if any of your personal data changes (eg. Address, Telephone number etc).
Requests for Information
All recorded information held by the School may be subject to requests under the Freedom of Information Act 2000, and the General Data Protection Regulations. Subject Access Requests will be dealt with within one month (including weekends) of the date of receipt by the school. Please note that no charge is made for this information. Requests should be marked for the attention of Mr Ryan Owen, School Operations Manager and emailed to firstname.lastname@example.org.
The Data Protection Act/GDPR gives you a number of rights. Please note that not all of your rights are absolute and we will need to consider your request upon receipt.
You have the right to request;
- to have your data rectified if it is inaccurate or incomplete.
- to have your data erased.
- to restrict the processing of your data.
- to exercise your right to data portability.
- to object to the processing for the purposes of direct marketing, profiling and automated decision making.
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance by contacting one of the two School contacts detailed below or directly to the Information Commissioner’s Office at:- https://ico.org.uk/concerns/
If you would like to get a copy of the information about you that Newport City Council provides to other providers, please contact Newport City Council’s Information Management Team on 01633 656656 or by emailing at email@example.com.
If you would like to discuss anything in this privacy notice, please contact our School Operations Manager - Mr Ryan Owen, using firstname.lastname@example.org