Privacy Policy
Northern Saints Catholic Education Trust
Privacy Notice (How we use pupil information)
Covid Testing Privacy Notice can be found here.
Why do we collect and use pupil information?
Under the General Data Protection Regulation (GDPR) we are obliged to inform you of the information we hold on you and your child(ren), what we use it for, who we share it with, and for how long we keep it. This privacy notice (also known as a fair processing notice) aims to provide you with this information.
Northern Saints Catholic Education Trust is the data controller of the personal information that we collect, hold and share about you and your child(ren). This means the school determines the purposes for which, and the way, any personal data relating to pupils and their families is to be processed. We are registered as a data controller with the Information Commissioner’s office with the following data protection registration number ZA179577
We use the pupil data:
- to support pupil learning
- to monitor and report on pupil progress
- to provide appropriate pastoral and medical care
- to assess the quality of our services
- to comply with the law regarding data sharing
- for safeguarding and pupil welfare purposes
- to administer school admissions waiting lists
- for research purposes
- to inform you about events and other things happening in the school
- for dealing with complaints
As a school we do not carry out any solely automated decision-making about pupils. Solely in this context means a decision-making process that is totally automated and excludes any human influence on the outcome.
We may use pupil’s names and other information held about the child for the purposes of creating online user profiles in connection with the use of online software used in the classroom and at home for the purposes of the child’s learning.
We may also receive information from their previous school or college, local authority, the Department for Education (DfE) and the Learning Records Service (LRS).
Note: Schools and local authorities have a (legal) duty under the DPA and the GDPR to ensure that any personal data they process is handled and stored securely.
The categories of pupil information that we collect, hold and share include but are not limited to:
- Personal information (such as name, unique pupil number, address and parent’s national insurance number)
- Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility)
- Attendance information (such as sessions attended, number of absences and absence reasons)
- Assessment information (such as data scores, tracking, and internal and external testing)
- Relevant medical information (such as NHS information, health checks, physical and mental health care, immunisation program and allergies)
- Special educational needs information (such as Education, Health and Care Plans (EHCP’s), applications for support, care or support plans)
- Safeguarding information
- Exclusion information
- Behavioural information
- Photographs (for internal safeguarding & security purposes, school newsletters, media and promotional purposes).
- Payment details
Our lawful basis for processing personal information about pupils
Our lawful basis for collecting and processing pupil information is defined under Article 6(1) of the GDPR, and the following sub-paragraphs apply:
- Data subject gives consent for one or more specific purposes.
- Processing is necessary for the performance of a contract.
- Processing is necessary to comply with the legal obligations of the school.
- Processing is necessary to protect the vital interests of the data subject.
- Processing is necessary for tasks in the public interest or exercise of authority vested in the controller (the provision of education).
Our lawful basis for collecting and processing pupil information is also further defined under Article 9(2) of the GDPR in that some of the information we process is sensitive personal information, for example, personal data relating to race or ethnic origin, religious beliefs, data concerning health) and the following sub-paragraphs in Article 9(2) of the GDPR apply:
- The data subject has given explicit consent to the processing
- Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the school or of pupils and their parents
- Processing is necessary to protect the vital interests of the data subject
- Processing is necessary for the establishment, exercise or defence of legal claims
- Processing is necessary for reasons of substantial public interest
- Processing is necessary for the purposes of preventative or occupational medicine and the provision of health or social care or treatment.
- Processing is necessary for reasons of public interest in the area of public health
A full breakdown of the information we collect on pupils and parents and the lawful basis can be requested from the school office.
Where we have obtained consent to use pupils’ personal data, this consent can be withdrawn at any time. We will make this clear when we ask for consent and explain how consent can be withdrawn.
Some of the reasons listed above for collecting and using pupils’ personal data overlap, and there may be several grounds which justify our use of this data.
An example of how we use the information you provide is:
The submission of the school census returns, including a set of named pupil records, is a statutory requirement on schools under Section 537A of the Education Act 1996.
Putting the school census on a statutory basis:
- means that schools do not need to obtain parental or pupil consent to the provision of information
- ensures schools are protected from any legal challenge that they are breaching a duty of confidence to pupils
- helps to ensure that returns are completed by schools
Collecting pupil information
Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this. Where we have obtained consent to use pupils’ personal data, this consent can be withdrawn at any time. We will make this clear when we ask for consent and explain how consent can be withdrawn.
Storing pupil data
We hold pupil data for no longer than is necessary. Full details of data retention lists can be found in the Records Management Society’s (RMS) Retention Guidelines for Schools (which can be found on the Council Intranet at https://intranet.gateshead.gov.uk/media/1032/Retention- guidelines-for-schools/pdf/schoolsretentionschedulefinal.pdf
Who do we share pupil information with?
We routinely share pupil information with appropriate third parties, including:
- our local authority and other local authorities – to meet our legal obligations to share certain information with it, such as safeguarding concerns and exclusions
- the Department for Education (DfE)
- NHS (for inoculations, etc)
- The pupil’s family and representatives
- Educators and examining bodies
- Ofsted
- Financial organisations, (including the Trust’s Insurer provider)
- Central and local government
- Our auditors
- Survey and research organisations
- Security organisations
- Health and social welfare organisations
- Professional advisers and consultants
- Charities and voluntary organisations
- Police forces, courts, tribunals
- Professional bodies
- Schools that the pupil’s attend after leaving us
- Suppliers and service providers to enable them to provide the service we have contracted them for, or for the purposes of helping school to deliver the national curriculum.
Where we transfer personal data to a country or territory outside the European Economic Area, we will do so in accordance with EU data protection law. When transferring personal information outside the EEA:
- We include standard contractual data protection clauses approved by the European Commission for transferring personal information outside the EEA into our contracts with third parties (these are the clauses approved under Article 46.2 of the GDPR); or
- We ensure that the country in which your personal information will be handled has been deemed “adequate” by the European Commission under Article 45 of the GDPR.
In the absence of an adequacy decision pursuant to Article 45(3) of the GDPR, we may transfer personal data to a third country or an international organisation in accordance with other provisions of the GDPR.
You can find out further information about the rules on data transfers outside the EEA, including the mechanisms that we rely upon, on the European Commission website by clicking here
Aged 14+ qualifications
For pupils enrolling for post 14 qualifications, the Learning Records Service will give us a pupil’s unique learner number (ULN) and may also give us details about the pupil’s learning or qualifications.
Why we share pupil information
We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so. We share pupils’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring. We may share information with third parties that contract with DfE.
We are required to share information about our pupils with the local authority and DfE under section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013.
Data collection requirements:
To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to https://www.gov.uk/education/data-collection- and-censuses-for-schools.
Youth support services
What is different about pupils aged 13+?
Once our pupils reach the age of 13, we also pass pupil information to our local authority and / or provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996.
This enables them to provide services as follows:
- youth support services
- careers advisers
A parent / guardian can request that only their child’s name, address and date of birth is passed to their local authority or provider of youth support services by informing us. This right is transferred to the child / pupil once he/she reaches the age 16.
Our pupils aged 16+
We will also share certain information about pupils aged 16+ with our local authority and / or provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996.
This enables them to provide services as follows:
- post-16 education and training providers
- youth support services
- careers advisers
For more information about services for young people, please visit our local authority website.
The National Pupil Database (NPD)
The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.
To find out more about the pupil information we share with the department, for the purpose of data collections, go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.
To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil- database-user-guide-and-supporting-information.
The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:
- conducting research or analysis
- producing statistics
- providing information, advice or guidance
The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
- who is requesting the data
- the purpose for which it is required
- the level and sensitivity of data requested: and
- the arrangements in place to store and handle the data
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
For more information about the department’s data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data
For information about which organisations the department has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received
To contact DfE: https://www.gov.uk/contact-dfe
Requesting access to your personal data and your Data Protection Rights
Under data protection legislation, parents and pupils have the right to request access to information about them that we hold through a Subject Access Request (SAR). To make a request for your personal information, or be given access to your child’s educational record, contact Emma Harrison on the details below.
Parents/carers can make a request with respect to their child’s data where the child is not considered mature enough to understand their rights over their own data (usually under the age of 12), or where the child has provided consent.
Parents have the right to make a subject access request with respect to any personal data the school holds about them.
If you make a subject access request, and we hold information about you or your child, we will:
- Give you a description of it
- Tell you why we are holding, and processing it, and how long we will keep it for
- Explain where we got it from, if not from you or your child
- Tell you who it has been, or will be, shared with
- Let you know whether any automated decision-making is being applied to the data, and any consequences of this
- Give you a copy of the information in an intelligible form
Individuals also have the right for their personal information to be transmitted electronically to another organisation in certain circumstances.
You also have the right to:
- Object to processing of personal data that is likely to cause, or is causing, damage or distress
- Prevent processing for direct marketing
- Object to decisions being taken by automated means
- In certain circumstances, have inaccurate or incomplete personal data rectified, blocked, restricted, erased or destroyed.
- claim compensation for damages caused by a breach of the Data Protection regulations
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/
Complaints
We take any complaints about our collection and use of personal information very seriously.
If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with Emma Harrison in the first instance. You can also contact the school’s Data Protection Officer if you have any questions, concerns or would like more information about anything mentioned in this privacy notice.
Data Protection Officer (for Schools)
Corporate Services and Governance
Gateshead Council
Civic Centre, Regent Street,
Gateshead, Tyne & Wear, NE8 1HH.
Tel No: (0191) 433 2113 / 2192
Email: DPO@Gateshead.Gov.UK
Alternatively, you can raise a concern or complaint with the Information Commissioner’s Office (ICO). The ICO can be contacted on 0303 123 1113, Monday to Friday 9am – 5pm.
You can also report concerns and make complaints online via https://ico.org.uk/make-a-complaint/
Where can you find out more information?
If you would like to find out more information about how we collect, use and store your personal data, please visit our website http://www.stjosephs.uk.net/our-school/policies/ where you can view or download copies of our data protection policies and procedures.
Cookies
Our website uses cookies which are small text files that originate from us and are stored on your computer or website server. They do not retrieve information about you that is stored on your hard drive and do not corrupt or damage your computer or computer files. They help us identify website visitor behaviour and visitors’ particular preferences. The below explains the cookies we use and why.
Google Analytics: These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
Contact:
If you would like to discuss anything in this privacy notice, please contact:
Miss E Harrison
c/o St Wilfrid’s RC College
Temple Park Road
South Shields
NE34 0QA