Privacy Notice for Pupils, Parents and Carers

Introduction

Under data protection law, individuals have a right to be informed about how the school uses any personal data that we hold about them. We comply with this right by providing ‘privacy notices’ (sometimes called ‘fair processing notices’) to individuals where we are processing their personal data.

This privacy notice explains how we collect, store and use personal data about pupils, parents and carers.

St Hugh’s Catholic Primary School is the ‘data controller’ for data protection law: initial contact, Miss Donna Donaldson PA to Executive Headteacher.

Our data protection officer is Paul Mountford (Liverpool City Council), please get in touch with Liverpool City Council here.

The categories of pupil information that we process include:

  • personal identifiers and contacts (such as name, unique pupil number, contact details and address)
  • characteristics (such as ethnicity, language, and free school meal eligibility)
  • safeguarding information (such as court orders and professional involvement)
  • special educational needs (including the needs and ranking)
  • medical and administration (such as doctors information, child health, dental health, allergies, medication and dietary requirements)
  • attendance (such as sessions attended, number of absences, absence reasons and any previous schools attended)
  • assessment and attainment (such as key stage 1 and phonics results, post 16 courses enrolled for and any relevant results)
  • behavioural information (such as exclusions and any relevant alternative provision put in place)
  • Additional activities (extra curricular activities, educational visits)
  • Pupil Premium Children (areas for entitlement)
  • Information provided by parents or carers (letters, emails, or telephone conversations)

This list is not exhaustive. We may also hold data about pupils that we have received from other organisations, including schools, local authorities and the Department for Education (DfE).

Why do we collect and use pupil information

The personal data collected is essential, for the school to fulfil their official functions and meet legal requirements.

We collect and use pupil information, for the following purposes:

   a) to support pupil learning

   b) to monitor and report on pupil attainment progress

   c) to provide appropriate pastoral care

   d) to assess the quality of our services

   e) to keep children safe (food allergies, or emergency contact details)

   f) to meet the statutory duties placed upon us by the Department for Education

   g) to keep you informed about the running of the school (such as emergency closures) and events

Use of your personal data in automated decision making and profiling

We do not currently process any personal data through automated decision making or profiling. If this changes in the future, we will amend any relevant privacy notices to explain the processing to you, including your right to object to it.

Our lawful basis for using this data

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing pupil information are:
• for the purposes of (a), (b), (c) & (d) in accordance with the legal basis of Public task: collecting the data is necessary to perform tasks that schools are required to perform as part of their statutory function
• for the purposes of (e) in accordance with the legal basis of Vital interests: to keep children safe (food allergies, or medical conditions)
• for the purposes of (f) in accordance with the legal basis of Legal obligation: data collected for DfE census information

Some of the reasons listed above for collecting and using pupils’ personal data overlap, and there may be several grounds which justify our use of this data.

Collecting this information

Pupil data is essential for the schools’ operational use. Whilst most of the pupil information you provide to us is mandatory, some of it is provided to us voluntarily. To comply with UK GDPR we will inform you at the point of collection, whether you are required to provide certain pupil information to us or if you have a choice in this and we will tell you what you need to do if you do not want to share this information with us.
We collect personal information about pupils, parents and carers via the following methods:
   – Registration forms
   – Common Transfer File (CTF) from a previous school
   – Child protection plans
   – Written records from other settings

How we store this data

We keep personal information about pupils, parents and carers while they are attending our school. We may also keep it beyond their attendance at our school if this is necessary to comply with our legal obligations. Our record retention management policy sets out how long we keep information about pupils.

Data sharing

We do not share information about pupils with any third party without consent unless the law and our policies allow us to do so.

Where it is legally required or necessary (and it complies with data protection law), we may share personal information about pupils with:

  • Our local authority – to meet our legal obligations to share certain information with it, such as safeguarding concerns and exclusions
  • The Department for Education
  • The pupil’s family and representatives
  • Educators and examining bodies
  • Our regulator [Ofsted, Liverpool Archdiocese)
  • Suppliers and service providers – to enable them to provide the service we have contracted them for
  • Financial organisations
  • Central and local government
  • Our auditors
  • Survey and research organisations
  • Health authorities
  • Security organisations
  • Health and social welfare organisations
  • Professional advisers and consultants
  • Charities and voluntary organisations
  • Police forces, courts, tribunals
  • Professional bodies

We do not share information about pupils with any third party without consent unless the law and our policies allow us to do so.

All data is transferred securely and held by DfE under a combination of software and hardware controls, which meet the current government security policy framework.

Department of Education

National Pupil Database

We are required to provide information about pupils to the Department for Education as part of statutory data collections such as the school census.

Some of this information is then stored in the National Pupil Database (NPD), which is owned and managed by the Department of Education and provides evidence on school performance to inform research.

The database is held electronically so it can easily be turned into statistics. The information is securely collected from a range of sources including schools, local authorities and exam boards.

The Department for Education may share information from the NPD with other organisations which promote children’s education or wellbeing in England. Such organisations must agree to strict terms and conditions about how they will use the data.

For more information, see the Department’s webpage on how it collects and shares research data.

You can also contact the Department for Education with any further questions about the NPD.

Local Authority

We may be required to share information about our pupils with the local authority to ensure that they can conduct their statutory duties under

How government uses your data
The pupil data that we lawfully share with the DfE through data collections:
   • underpins school funding, which is calculated based on the number of children and their characteristics in each school.
   • informs ‘short term’ education policy monitoring (for example, school GCSE results or Pupil Progress measures).
   • supports ‘longer term’ research and monitoring of educational policy. (for example, how certain subject choices go on to affect education or earnings beyond school)

Data collection requirements
To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to data-collection-and-censuses-for-schools

Requesting access to your personal data

Individuals have a right to make a ‘subject access request’ to gain access to personal information that the school holds about them.

Parents/carers can make a request with respect to their child’s data where the child is not considered mature enough to understand their rights over their own data (usually under the age of 12), or where the child has provided consent.

If you make a subject access request, and if we do hold information about you or your child, we will:

  • Give you a description of it
  • Tell you why we are holding and processing it, and how long we will keep it for
  • Explain where we got it from, if not from you or your child
  • Tell you who it has been, or will be, shared with
  • Let you know whether any automated decision-making is being applied to the data, and any consequences of this
  • Give you a copy of the information in an intelligible form

Individuals also have the right for their personal information to be transmitted electronically to another organisation in certain circumstances.

Parents/carers also have a legal right to access their child’s educational record.

Other rights

Under data protection law, individuals have certain rights regarding how their personal data is used and kept safe, including the right to:

  • Object to the use of personal data if it would cause, or is causing, damage or distress
  • Prevent it from being used to send direct marketing
  • Object to decisions being taken by automated means (by a computer or machine, rather than by a person)
  • In certain circumstances, have inaccurate personal data corrected, deleted or destroyed, or restrict processing
  • Claim compensation for damages caused by a breach of the data protection regulations

To exercise any of these rights, or to request access, please see the contact details below

Contact us

If you have any questions, concerns, or would like more information about anything mentioned in this privacy notice, please contact, Donna Donaldson, PA to Executive Headteacher (Initial contact), or contact Paul Mountford, Data Protection Officer (Liverpool City Council).

Complaints,

We take any complaints about our collection and use of personal information very seriously.

If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance.

To make a complaint, please contact, Donna Donaldson PA to Executive Headteacher. (Initial contact), or Paul Mountford, Data Protection Officer, (Liverpool City Council)

Alternatively, you can make a complaint to the Information Commissioner’s Office:

  • Report a concern online at www.ico.org.uk/concerns/
  • Call 0303 123 1113
  • Or write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF