Close Search
Prospectus

General Data Protection Regulations 2018

Conyers School Privacy Notice

 

1. How we use student information

As a school, we need to collect, store and use data about you, your family and your child. The data we collect, use and share allows us to operate in the public interest as a school. Without this, school improvement and the supporting, educating and safeguarding of your child would not be possible.  We collect and hold personal information relating to our students and may also receive information about them from their previous school, local authority and/or the Department for Education (DfE).

A.  The categories of student information that we collect, hold and share include:

  • Personal information (such as name, address DOB, unique student number and medical/dietary needs)
  • Characteristics (such as ethnicity, language, nationality, country of birth, SEN information, and entitlements (free school meals / student premium))
  • Key contact information (parental / other emergency contact details).
  • Attendance information (such as sessions attended, number of absences and absence reasons and exclusions)
  • Data which directly relates to personal welfare, wellbeing and performance of students, or that required by the Department for Education.
  • Internal assessment records (grades, scores etc.)
  • Current performance indicators.
  • Effort and attitude to learning indicators.
  • School based and nationally set performance targets.
  • Relevant academic measures and standardised scores
  • External examination records.
  • Behavioural concerns and academic success.
  • Post 16 learning information.
  • ‘Child in need’ information for pastoral support, safeguarding and wellbeing such as:-
  • information relating to instances of being a child in need (such as referral information, assessment information, Section 47 information, Initial Child Protection information and Child Protection Plan information)
  • instances of being looked after (such as important dates, information on placements)
  • outcomes for looked after children
  • adoptions (contact and support information).

B.   Why we collect and use this information

The primary use of data is to support your child throughout their education from both personal and academic perspectives and to provide rich learning experiences. We will also use data for internal analysis and, local and national statistical performance measures required by the Department of Education.

We use student data primarily to:-

  • support student learning, mentoring, intervention, and overall academic performance.
  • monitor and report on student progress.
  • provide appropriate pastoral care including wellbeing and safeguarding.
  • assess the quality of our services and overall school performance.
  • comply with the law regarding data sharing.
  • comply with Department for Education requirements.
  • communicate with parents.
  • plan and coordinate internal and external examinations.
  • coordinate trips, visits and school events.
  • provide access to digital services.
  • analyse student performance at individual and group level.
  • evaluate and improve our policies and working practices.

C.   The lawful basis on which we use this information

We collect and use student information under  Article 6, and Article 9 where data processed is ‘special category data’ from the GDPR-from 25 May 2018, and for data collection purposes under the Education Act 1996 https://www.gov.uk/education/data-collection-and-censuses-for-schools.

In some specific circumstances direct consent will be required for systems or processes which enhance the organisation offer such as:

  • Biometric data for cashless systems.
  • Media publicity (photographs / videos etc.)
  • Exams processing (reviews of marking, access to scripts, results publicity).
  • Access to digital platforms (via acceptable use policies).

We collect and use student information under:

  • The Education Act (various years)
  • The Education (Student Registration) (England) Regulations
  • The School Standards and Framework Act 1998
  • The School Admissions Regulations 2012
  • Children and Families Act 2014
  • The Special Educational Needs and Disability Regulations 2014
  • Article 6, and Article 9 (GDPR) – from 25 May 2018 (includes special category data)

2. Collecting student information

Whilst the majority of student information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain student information to us or if you have a choice in this.

A.   Storing student data: retention period

We hold student data for a maximum of 15 years within the school’s management information system. Additional digital systems have a specific retention policy, as outlined in the document: GDPR – IT Systems – Data Processing Summary accessible via the school website.

B.   Who we share student information with

We routinely share relevant and specific student information with:

  • schools that the student’s attend after leaving us.
  • Stockton-on-Tees Local Authority.
  • the Department for Education (DfE) and their connected systems.
  • digital technology and IT platform providers (basic details to provide access).
  • Digital hardware providers (such as iPads for Learning companies).
  • Management information system hosts and hosted data analysis systems (for internal use).
  • Examination boards and academic assessment organisations.
  • Careers guidance / NEET analysis organisations.
  • Referral organisations (where applicable).
  • System partners (e.g. Uniform / iPads for learning providers).
  • Financial systems (e.g. ParentPay / iPad payment management).
  • Special Educational Needs organisations (where applicable).
  • Sporting organisations (e.g. events).
  • Media agencies (publishing of exam results – if consent given).
  • Website host (promotion of school activities and events – if consent given).

We are required, by law, to pass certain information about our students to our local authority (LA) and the Department for Education (DfE).

The DfE may also share student level personal data that we supply to them, with third parties. This will only take place where legislation allows it to do so and it is in compliance with the General Data Protection Regulations and Data Protection Act.

Decisions on whether the DfE releases this personal data to third parties are subject to a robust approval process and are based on a detailed assessment of who is requesting the data, the purpose for which it is required, the level and sensitivity of data requested and the arrangements in place to store and handle the data. To be granted access to student level data, requestors must comply with strict terms and conditions covering the confidentiality and handling of data, security arrangements and retention and use of the data.

Student data may be shared with relevant parties within the Mutli-Academy Trust for all reasons outlined in section 1B of this privacy notice.

3.  Why we share student information

We do not share information about our students with anyone without consent unless the law and our policies allow us to do so. Systems which access basic student level data in school are required to access hosted school services (e.g. network, email, learning platform etc.)

We share students’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.

We are required to share information about our students with the (DfE) under regulation 5 of The Education (Information About Individual Students) (England) Regulations 2013.

4. Data collection requirements

To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.

5. Youth support services

A.   Students aged 13+

Once our students reach the age of 13, we also may pass student information to our local authority and / or provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996.  This enables them to provide services as follows:

  • youth support services
  • careers advisers

A parent or guardian can request that only their child’s name, address and date of birth is passed to their local authority or provider of youth support services by informing us. This right is transferred to the child / student once he/she reaches the age 16.

B.   Students aged 16+

We will also share certain information about students aged 16+ with our local authority and / or provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996.

This enables them to provide services as follows:

  • post-16 education and training providers
  • youth support services
  • careers advisers

For more information about services for young people, please visit our local authority website.

C.   The National Student Database (NPD)

The NPD is owned and managed by the Department for Education and contains information about students in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.

We are required by law, to provide information about our students to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Students) (England) Regulations 2013.

To find out more about the NPD, go to https://www.gov.uk/government/publications/national-student-database-user-guide-and-supporting-information.

The department may share information about our students from the NPD with third parties who promote the education or well-being of children in England by:

  • conducting research or analysis
  • producing statistics
  • providing information, advice or guidance

The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:

  • who is requesting the data
  • the purpose for which it is required
  • the level and sensitivity of data requested: and
  • the arrangements in place to store and handle the data

To be granted access to student information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.

For more information about the department’s data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data

For information about which organisations the department has provided student information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-student-database-requests-received

To contact DfE: https://www.gov.uk/contact-dfe

D.   Requesting access to your personal data

Under data protection legislation, parents and students have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact the school Data Protection Officer, Rachel Houchen via:
dataprotection@conyers.org.uk

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations

If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/

6. Contact

If you would like to discuss anything in this privacy notice, please contact Rachel Houchen via dataprotection@conyers.org.uk