St Bartholomew’s School needs to hold and process personal data, including sensitive personal data, relating to you in the course of your education and engagement with the school. For these purposes, we (the school) will act as your Data Controller, pursuant to the General Data Protection Regulations (GDPR).
We are committed to protecting your personal information and your rights in line with the UK privacy legislation. This notice explains how and why we collect personal information about our students (and where relevant about their parents and carers) and what we do with that information.
- How we collect personal information about you
We may collect personal information about you when you apply for admission to the school, and during our interactions with you during and after your education or other engagement with us.
We gather this information directly from you in the course of school-related activities. These may include, for example, through:
- The school admission process;
- Letters, telephone calls and voicemail messages, and other communications;
- Email and instant messaging systems;
- Intranet and internet facilities;
- Computer networks and connections;
- CCTV and access control systems;
- Biometrics information (linked to our catering system);
- Previous schools and educational settings.
- What personal information do we process about you?
We may process your personal information including:
- Personal information, such as name, unique pupil number, address and contact details;
- Attendance information (such as sessions attended, number of absences and absence reasons);
- Assessment and attainment information;
- Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility);
- Relevant medical information;
- Special educational needs information;
- Behavioural information, including exclusions;
- Information obtained through electronic means such as your use of our information and communication systems, swipe card or biometric access records, computer and CCTV;
- Details of others such as ‘next of kin’ – this may be the contact details of a parent or guardian;
- Information from previous schools and educational settings as part of your student record;
- Post 16 learning information;
- Other ad hoc information.
Whilst most of the information you provide to us is mandatory, some of it is provided to us on a voluntary basis so we will always inform you if the information must be provided or where you have a choice.
- Why do we process your personal information?
We only process your personal information where it is fair and lawful to do so. As an academy we mainly process student information under the category “Public Task”, in the public interest or for the official function in law of providing education.
We use the student data to:
- Support student learning;
- Monitor and report on student progress;
- Provide appropriate pastoral care;
- Assess the quality of our services;
- Comply with the law regarding data sharing;
- Comply with a legal obligation – for example, for pupil census data collection under the Education Act 1996, to disclose information to the local authority or the police, or for health & safety purposes;
- When in someone’s vital interests – such as preventing someone being seriously harmed;
- Where we have been given consent (and this consent can be withdrawn at any time), for example:
- we will share contact information with the Parents’ Association;
- we process biometric data for cashless catering and access systems.
In addition, we comply with an additional condition for the processing of ‘special’ categories of data – such as where information is needed to provide any medical purposes, for the protection the vital interests of a person and for legal claims. This is typically based on your explicit consent, but this can be withdrawn at any time.
If we need to use your personal information for a different, unrelated purpose, we will notify you and will explain the legal basis which allows us to do so.
For information on the conditions for processing, please contact the Data Protection Officer: DPO@stbarts.co.uk
- Who do we share this information with?
We routinely share student information with:
- Schools that students attend after leaving us;
- Our local authority;
- The Department for Education.
We do not share information about our students with anyone without consent unless the law and our policies allow us to do so.
We share students’ data with the Department for Education (DFE) on a statutory basis, under regulation 5 of the Education (Information About Individual Pupils) (England) Regulations 2013. This data sharing underpins school funding and educational attainment policy and monitoring.
We also share information with:
- For students aged 13 and above, under section 507B of the Education Act 1996, with our local authority for youth support services and careers advisers and post 16 for education and training providers;
- Our legal advisors, for the purpose of obtaining legal advice;
- Consultants, experts or other advisors, to assist the School in fulfilling its obligations and to help run the School effectively;
- Our insurance company, in the case of a serious incident at the School;
- With others, in the case of an emergency;
- Selected third party data processors (such as educational publications and software applications) that are subject to the requirements and controls set out in the School’s Data Protection Policy.
We understand the importance of protecting your privacy and we will ensure your personal information is safeguarded and held securely in accordance with our obligations under the Data Protection laws. Appropriate technical and organisational measures have been implemented to ensure personal information is protected and to prevent your personal data from being lost, used, accessed in an unauthorised way, altered or disclosed. We also limit access to your personal information to third parties who need to have access to it. We have procedures to deal with any potential data security breaches.
Details of these security measures are available upon request from the Data Protection Officer: DPO@stbarts.co.uk
- Retaining your personal information
This data will be retained in our records for no longer than is necessary to fulfil the purposes we collected it for and in line with the statutory guidance. For student data, this is held until 25 years after the birth of the student.
Details of retention periods are available in our Records and Data Retention Policy, which is available on request from : DPO@stbarts.co.uk
- Your rights and requesting information to your personal data
Under data protection legislation, you or your parents/ guardians have the right to request access to information about you that we hold. To make a request for your personal information, contact the School Data Protection Officer: DPO@stbarts.co.uk or by post to DPO, St Bartholomew’s School, Andover Road, Newbury, Berkshire, RG14 6JP.
You may also have the right (where the lawful basis allows and where there is no exemption) to:
- Ask us to correct your information if it is incorrect;
- Ask us to delete the information that we hold about you in certain circumstances, for example, where we no longer need the information;
- Ask us to send you, or another organisation, certain types of information about you in a format that can be read by computer;
- Restrict certain processing of your information, for example, if you tell us that the information is inaccurate we can only use it for limited purposes while we check its accuracy.
If you wish to discuss these rights, to make any changes to the personal information we process about you, or, if have a concern about the way we are collecting or using your personal data, please speak to the School’s Data Protection Officer.
If you consider that our processing of your personal information infringes Data Protection legislation, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues https://ico.org.uk/concerns/
25 MAY 2018