PRIMARY PRIVACY NOTICE
Tithe Barn Primary School is committed to ensuring that we’re transparent about the ways in which we use your personal information and that we have the right controls in place to ensure it is used responsibly and is kept safe from inappropriate access, theft or misuse.
This privacy notice explains how we use your personal information and tells you about your privacy rights and how the law protects you.
Personal information can be anything that identifies and relates to a living person. This can include information that when linked with other information, allows a person to be uniquely identified. For example;
- Names of staff and pupils.
- Dates of birth.
- National insurance numbers.
- School marks.
- Medical information.
- Exam results.
- SEN assessments and data.
- Staff development reviews.
The law treats some types of personal information as ‘special’ because the information requires more protection due to its sensitivity. This information consists of:
- racial or ethnic origin
- sexuality and sexual life
- religious or philosophical beliefs
- trade union membership
- political opinion
- physical or mental health
- criminal convictions and offences
We collect, store and maintain information for a number of different reasons, these include;
- to support pupil learning and the delivery of education
- to monitor and report on pupil progress
- to provide appropriate pastoral care
- to assess the quality of our services
- to comply with the law regarding data sharing
- to comply with our statutory obligations
Legal basis for processing data and information sharing
In the majority of cases, schools process personal data as the law requires. For all other processing, schools will collect personal information where:
- you, or your legal representative, have given consent
- you have entered into a contract with us
- it is required by law (such as where this is mandated by statute or under a court order)
- it is necessary for employment related purposes
- it is necessary to deliver health or social care services
- it is necessary to protect you or others from harm (e.g.in an emergency or civil disaster)
- it is necessary to protect public health
- it is necessary for exercising or defending legal rights
- you have made your information publicly available
- it is necessary for archiving, research, or statistical purposes
- it is necessary in the substantial public interest for wider societal benefits and is authorised by law
- it is necessary for fraud prevention and the protection of public funds
- it is in our legitimate interests (or those of a third party) provided your interests and fundamental rights do not override those interests
Your personal information may also be shared with other organisations, such as those who assist us in providing services and those who perform technical operations such as data storage and hosting on our behalf.
These practical arrangements and the laws governing the sharing and disclosure of personal information often differ from one service to another.
For this reason, each of our key service areas provide additional information about how we collect and use your information. These privacy notices explain:
- why we need your information
- who else we obtain or receive it from
- the legal basis for collection and the choices you have
- who we share it with and why
- whether decisions which legally affect you are made solely using machine based technologies
- how long we keep your information
- how to exercise your rights
The specific privacy notices may be accessed here [Link to privacy notice]
Data Transfers beyond EEA
We’ll only send your data outside the European Economic Area (‘EEA’):
- with your consent, or
- to comply with a lawful and legitimate request, or
- if we use service providers or contractors in non EEA countries.
If we do transfer your information beyond the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We will use one of these safeguards:
- Transfer it to a non EU country with privacy laws that give the same protection as the EU. Learn more on the European Commission Justice website.
- Put in place a contract with the recipient that means they must protect it to the same standards as the EEA. More information is available on the European Commission Justice website.
- Transfer it to organisations that are part of the Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA. You can find out more about the Privacy Shield on the European Commission Justice website
If we propose to make a transfer in response to a lawful and legitimate request we will normally tell you in advance unless there are compelling reasons, such as law enforcement or, reasons of safety which justify not doing so.
This is not appropriate for Tithe Barn Primary as we do not currently make[s] decisions which legally affect individuals through the use of a computerised system or programme. All decisions are based on human intervention.
We’ll only keep your personal information for as long as the law specifies. Where the law doesn’t specify this, we’ll keep your personal information for the length of time determined by our business requirements.
Our retention schedule outlines how long we retain certain types of information for and can be viewed below
How we keep your information safe
We’re committed to ensuring your personal information is safe and protected from accidental loss or alteration, inappropriate access, misuse or theft.
As well as technical, physical and organisational controls, we recognise that a well-trained, informed and security alert workforce minimises privacy risks from human error and/or malicious threats.
We require our service providers to implement appropriate industry standard security measures. We only permit them to process your personal information for specified purposes in accordance with our contractual instructions.
Rights of individuals
You may exercise the rights listed below in relation to our use of your personal information. Some rights are absolute and others are not.
To find out more about how these rights apply in particular circumstances, please refer to our Guide to exercising your Rights – document below on page
To exercise these rights, please contact Ceri Barrett, School Business Manager by emailing email@example.com
If you’re not satisfied with the way we have answered a request from you or handled your personal information, you have the right to make a complaint to the Information Commissioner.
This right is not dependant on you raising a complaint with us first but we would encourage you to contact our Data Protection Officer by emailing IGSchoolSupport@stockport.gov.uk so we can consider your concerns as quickly as possible.
Retention Of Records –
If you would like to view how long records will be stored please view the document below .
Data Subject Rights –
If you would like further information on how to exercise your data subject rights please refer to the document below.
How we use looked after children’s and safeguarding information
We collect your information to
- Support these children and monitor their progress
- Provide them with pastoral care
- Assess the quality of our services
- Evaluate and improve our policies on children’s social care
- Monitor welfare and progress of LAC pupils
- To safeguard our students
The categories of this information that we collect, process, hold and share including
- Personal information such as;
- Data of birth, address, contact information
- Special categories of information such as;
- Notes of concern, attendance data, information relating to a child in need (such as referral information, assessment information, Section 47 information, Initial Child Protection information and Child Protection Plan information, outcomes for looked after children (such as whether health and dental assessments are up to date, strengths and difficulties questionnaire scores and offending), adoptions (such as dates of key court orders and decisions), care leavers (such as their activity and what type of accommodation they have), Education Health Care Plans, PEP (Personal Education Plans)
The lawful basis on which we use this information
We are required to process pupil data when undertaking our legal obligations and to comply with our statutory functions. We are either legally required to have this information or alternatively we process the information via our legal obligation as there is a high risk to our pupils.
We follow statutory guidance on;
- Keeping children safe in education 2018 https://www.gov.uk/government/publications/keeping-children-safe-in-education–2
- Working together to safeguard children 2015 https://www.gov.uk/government/publications/working-together-to-safeguard-children–2
Collecting this information
Whilst the majority of looked after children and safeguarding information we process is mandatory, some of it may be provided to us on a voluntary basis. In order to comply with the data protection legislation, we will inform you whether you are required to provide certain information to us or if you have a choice in this.
This information is obtained by the school from both the admissions forms, the relevant local authorities and safeguarding leads and relevant notes of concern.
The information will be handled internally by the safeguarding leads, the Inclusions Manager, the School Business Manager and the Headteacher.
Storing this information
We hold data securely for the set amount of time shown in our data retention schedule. (Detailed above)
Who we share this information with
We routinely share this information with:
- the Department for Education (DfE)
- the local authority (Stockport Metropolitan Borough Council)
- other local authorities where necessary
- other schools or education settings
- Health specialists including the school nurse, safeguarding and Looked After Children nurse
- Any other involved outside agencies, e.g. Behaviour Support Service
Why we share this information
We share children in need and looked after children data with the Stockport Metropolitan Borough Council and other placing Authorities. This is for the purpose of the children accessing the correct services and support, for example, Children’s Social Care, Special Educational Needs support services and School Health. This information is shared in line with our statutory duties.
We do not share information about our children in need or looked after children with anyone without consent unless the law and our policies allow us to do so.
Department for Education (DfE) – We share children in need and looked after children data with the Department on a statutory basis, under Section 83 of 1989 Children’s Act, Section 7 of the Young People’s Act 2008 and also under section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013.
This data sharing helps to develop national policies, manage local authority performance, administer and allocate funding and identify and encourage good practice.
All data is transferred securely and held by DfE under a combination of software and hardware controls which meet the current government security policy framework.
For more information, please see ‘How Government uses your data’ section.
The National Pupil Database (NPD)
The NPD is owned and managed by the Department for Education and contains information about children in England. It provides invaluable information on the background and circumstances on a child’s journey and evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
We are required by law, to provide information about our children to the DfE as part of statutory data collections. Some of this information is then stored in the national pupil database (NPD). The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.
To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information.
The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:
- conducting research or analysis
- producing statistics
- providing information, advice or guidance
The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
- who is requesting the data
- the purpose for which it is required
- the level and sensitivity of data requested: and
- the arrangements in place to store and handle the data
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
For more information about the department’s data sharing process, please visit:
For information about which organisations the department has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received
To contact DfE: https://www.gov.uk/contact-dfe
Requesting access to your personal data
Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, please contact the School Office to make a request or alternatively you can view our Data Subject Rights Policy at [link to website].
You also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress
- prevent processing for the purpose of direct marketing
- object to decisions being taken by automated means
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- claim compensation for damages caused by a breach of the Data Protection regulations
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
If you would like to discuss anything in this privacy notice, please contact:
The School Business Manager
Tithe Barn Primary School
SK4 3 NG
0161 432 firstname.lastname@example.org
Or the Data Protection Officer, Stockport Council
Upper Ground Floor, South
0161 474 4299/IGSchoolSupport@stockport.gov.uk