Skip to content ↓
Chandos Primary School

Chandos Primary School

Privacy Statement - General Data Protection Regulations

Under the General Data Protection Regulation (GDPR) individuals have a right to be informed about how we use any personal data that we hold about them. As an academy within The Elliot Foundation Academy Trust we comply with this right by providing a Privacy Notice to individuals where we are processing their personal data.

For the purposes of data protection law The Elliot Foundation Academy Trust is the ‘data controller’. The Data Protection Officer for the trust, who oversees how we collect, use, share and protect your information, is Jem Shuttleworth (jem.shuttleworth@elliotfoundation.co.uk).

For the purposes of data protection law we, Chandos Primary School, are the ‘data processor’.

Our Local Compliance Officer, who works with staff in the school to process and protect your data, is Mrs Smith, our school business manager.

This Privacy Notice explains how we collect, store and use personal data about children

Categories of pupil information that we process include, but are not restricted to:

  1. Personal identifiers, contacts and characteristics (such as names, unique pupil number, contact details and address)

  2. Characteristics (such as ethnicity, language and free school meal / pupil premium eligibility)

  3. Safeguarding and child protection information (such as court orders and professional involvement)

  4. Special educational needs (such as professional involvement, care packages, plans and support providers)

  5. Medical and administration (such as doctors information, child physical and mental health, dental health, allergies, medication and dietary requirements)

  6. Attendance (such as sessions attended, number of absences, absence reasons and any previous schools or settings attended)

  7. Assessment and attainment (such as results of internal and externally set tests and teacher judgements)

  8. Behavioural information (such as reports, exclusions and any support put in place)

GDPR specifically defines ‘special category’ as data relating, but not restricted, to:

  1. Racial or ethnic origin

  2. Political opinions

  3. Religious or philosophical beliefs

  4. Health

Within our school we also process some sensitive information about our pupils that is not identified as ‘special category’. However we consider it appropriate to treat such information with the same care.

We may also hold data about pupils that we have received from other organisations, including other schools, local authorities and the Department for Education.

Online systems that we use to process pupil information:

We use a variety of online systems to support the day-to-day running of the academy, pupil assessment and behaviour strategies. Access for staff to these systems is determined by their role and whether they have a recognised need to access the information.

The systems listed below all hold and process personal pupil information.

  1. ScholarPack - used for the day-to-day running of the academy and primarily holds pupil information

  2. Google Drive - a cloud based service that allows users to store and share files

CCTV system that we use:

We operate a CCTV system.  This system is in operation 24 hours per day and runs on a 21 day loop.  CCTV is in place to support security of the academy site. The system operated by the academy has no recording facility and the images taken are overwritten after 21 days.  The system is monitored by the site manager and the head teacher. If you require any further information regarding the CCTV system in operation, please contact the head teacher.

Security services that we use:

G4S wear body cameras when performing cash collections on school grounds.  The footage captured is overwritten every few seconds apart from in the event of the body camera being activated.  In the event of the body camera being activated the recorded footage can only be accessed by authorised personnel at G4S. All footage is encrypted.

Why we collect and use personal data:

We only collect and use pupils’ personal data when the law allows us to.

We obtain pupil information via registration forms/medication forms/Common Transfer Files from previous schools/Child Protection Plans. We do this at the start of each academic year and as is required throughout the academic year.

While the majority of information we collect about pupils is mandatory, there is some information that can be provided voluntarily. Whenever we seek to collect information from you we make it clear whether providing it is mandatory or optional. If it is mandatory, we will explain the possible consequences of not complying.

Most commonly, we collect and process this pupil information where we need to perform an official task in the public interest and/or we need to comply with a legal obligation.

  1. To protect and keep safe all pupils

  2. To provide appropriate pastoral care

  3. To support pupil learning

  4. To monitor and report on pupil attainment and progress

  5. To met the statutory duties placed upon us

  6. To assess the quality of our services

Less commonly, we may also process pupils’ personal data in situations where we have obtained consent to use it in a certain way and/or we need to protect the individual’s vital interests (or someone else’s interests).

Some of the reasons listed above overlap and there may be several grounds which justify our use of this data.

Where we have obtained consent to use pupils’ personal data this consent can be withdrawn at any time. We will make this clear when we ask for consent, and explain how consent can be withdrawn.

We share news items on social media to celebrate pupil and academy achievements.  Consent for sharing of images/videos and names of pupils on social media is sought from parents in advance.  Consent for sharing these images may be withdrawn at any time. Parents are invited to follow the academy twitter and facebook accounts but do this through their own choice.  These social media accounts are not for marketing purposes, and are solely to communicate upcoming events, news and celebrations. Parents can withdraw from the academy twitter and facebook feeds at any time by clicking ‘unfollow’.  

How we store this data:

We keep personal information about pupils securely for the duration of time they are on-roll.  The pupil files are then transferred to the pupil’s next education setting (either to the next primary school or the pupil’s secondary school).  

However, specific pupil information is retained if the pupil has been involved with a Child Protection concern, has identified Special Educational Needs or has been involved in a reported accident. In these cases, personal pupil information is held securely for 25 years from the birth date of the pupil.

The Elliot Foundation Academy Trust Records Management and Retention Policy can be found on the trust website and sets out further information about how long we keep information about pupils.

Who we share this data with:

We do not share information about pupils with any third party without consent unless the law and our policies allow us to do so.

Where it is legally required or necessary (and it complies with data protection law) we may share personal information about pupils with:

  1. Schools that the pupil’s attend after leaving the academy

  2. Our Local Authority

  3. Examining Bodies and our regulator, Ofsted

  4. The Department for Education (DfE)

  5. National Health Service (NHS) and their commissioned health services

  6. Child and Adolescent Mental Health Service (CAMHS)

  7. Birmingham SEN/Inclusion Support Services

  8. Birmingham SEN services (where the pupil resides in Birmingham Local Authority)

  9. Social Services and other social welfare organisations

  10. The Elliot Foundation Academies Trust

  11. Police forces, courts and tribunals

  12. Trip locations (such as swimming pools etc) to support accessibility and health and safety

  13. Suppliers and service providers to enable them to provide the service we, or the trust, have contracted them for

The National Pupil Database

We are required to provide information about pupils to the Department for Education as part of statutory data collections such as the school census.

Some of this information is then stored in the National Pupil Database (NPD) which is owned and managed by the Department and provides evidence on school performance to inform research.

The database is held electronically so it can easily be turned into statistics. The information is securely collected from a range of sources including schools, local authorities and exam boards.

The Department may share information from the NPD with other organisations which promote children’s education or wellbeing in England. Such organisations must agree to strict terms and conditions about how they will use the data.

For more information please contact the Department - https://www.gov.uk/contact-dfe

Requesting access to your child’s personal information:

Individuals have a right to make a ‘subject access request’ (SAR) to gain access to personal information that the school holds about them.

Parents/carers can make a request with respect to your child’s data where the child is not considered mature enough to understand their rights over their own data (usually under the age of 12).

If you make a SAR, and if we do hold information about your child, we will:

  1. Give you a description of it

  2. Tell you why we are holding and processing it, and how long we will keep it for

  3. Explain where we got it from, if not from you or your child

  4. Tell you who it has been, or will be, shared with

  5. Let you know whether any automated decision-making (by a computer or machine, rather than by a person) is being applied to the data, and any consequences of this

  6. Give you a copy of the information in an intelligible form

To make a request for your child’s personal information, or be given access to your child’s educational record, please contact Mrs Smith, our school business manager (and Local Compliance Officer).

SARs must be made in writing. If you cannot make a request in writing, please contact the Local Compliance Officer as they will be able to support you with making a request.  

We will not charge for carrying out a SAR unless the request is ‘excessive’ or a copy of information that has already been given.  SARs may take up to one month to action.

Other rights:

Under GDPR individuals have certain rights regarding how their personal data is used and kept safe, including the right to:

  1. Object to the use of personal data if likely to cause, or is causing, damage or distress

  2. Prevent processing for the purpose of direct marketing

  3. Object to decisions being taken by automated means

  4. In certain circumstances, have inaccurate personal information rectified, blocked, erased or destroyed

  5. Claim compensation for damages caused by a breach of the General Data Protection Regulations

To exercise any of these rights please contact the Data Protection Officer for the trust -

jem.shuttleworth@elliotfoundation.co.uk

Complaints:

As a school, and as part of The Elliot Foundation Academies Trust, we take any complaints about our collection and use of personal information very seriously.

If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with the Local Compliance Officer in the first instance.

To make a formal complaint please contact the Data Protection Officer for the trust.

Contact us:

If you have any questions, concerns or would like more information about anything mentioned in this Privacy Notice, please contact Mrs Smith, school business manager and the Local Compliance Officer on phone number 0121 464 3881.