Menu

St Mary's Catholic

Voluntary Academy

Part of the St Therese of Lisieux Catholic Multi Academy Trust

Privacy Policy

St Thérèse of Lisieux Catholic Multi Academy Trust

Privacy Notice (How we use pupil information) for Pupils and Parents

Under data protection law, individuals have a right to be informed about how the school uses any personal data that we hold about them.  We comply with this right by providing ‘privacy notices’ (sometimes called ‘fair processing notices’) to individuals where we are processing their personal data.

This privacy notice explains how we collect, store and use personal data about pupils.

We St Mary’s Catholic Voluntary Acadmey are the ‘data controller’ for the purposes of data protection law.

The Trust’s Data Protection Officer is Fran Brown, and the Data Protection Controller is Tamer Hodgson.

The categories of pupil information that we collect, hold and share include:

  • personal information (such as name, date of birth and address)
  • characteristics (such as gender, ethnicity and disability)
  • information relating to episodes of being a child in need (such as referral information, assessment information, Section 47 information, Initial Child Protection information and Child Protection Plan information)
  • episodes of being looked after (such as important dates, information on placements)
  • outcomes for looked after children (such as whether health and dental assessments are up to date, strengths and difficulties questionnaire scores and offending)
  • adoptions (such as dates of key court orders and decisions)
  • care leavers (such as their activity and what type of accommodation they have)
  • attendance information (such as sessions attended, number of absences and absence         reasons)
  • assessment information (such as internal tests, pupils progress information and public            examination results)
  • medical information (such as allergies to food, medication that a pupil may require, medical incidents that may have occurred inside or outside of school, records when a pupil has received first aid treatment)
  • special Educational Needs and Disabilities information (such as specific learning difficulties, specific medical needs, previous learning or medical needs)
  • safeguarding information (such as records of concerns, timelines of events, safeguarding referrals, early help assessments, team around the child records, child in need and child protection records)
  • behaviour information (such as rewards, achievements, incident slips and exclusions)
  • epep information including targets set

Why we collect and use this information

We use the pupil data:

 

to support pupil learning

to monitor and report on pupil progress

to provide appropriate pastoral care

to assess the quality of our services

to comply with the law regarding data sharing

The lawful basis on which we use this information

We collect and process information about children in our care and children to whom we provide services under Article 6, and Article 9 under GDPR. This enables the school to process information such as assessments, special educational needs requests, Departmental Censuses under the Education Act 1996 and the Education Act 2005, examination results and other such data processes that relate educational data to the individual within the requirements for the school to provide education for the individual.

Collecting pupil information

Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this.

Storing pupil data

We hold children in need and children looked after data in line with our Data Retention Guidelines which can be asked for on request.

 

Who we share pupil information with

We routinely share this information with:

  • the Department for Education (DfE)
  • the Local Authority
  • the Police and Law Enforcement
  • Children and Young Peoples Nurses
  • the National Health Service (NHS)
  • the Education Welfare Officer
  • Social Services

Why we share pupil information

We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.

We share pupils’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.

We are required to share information about our pupils with the (DfE) under regulation 5 of The Education (Information About Individual Pupils) (England) Regulations 2013.

Data collection requirements:

To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.

Youth support services

Pupils aged 13+

Once our pupils reach the age of 13, we also pass pupil information to our local authority and/or provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996.

This enables them to provide services as follows:

 

  • youth support services
  • careers advisers

A parent or guardian can request that only their child’s name, address and date of birth is passed to their local authority or provider of youth support services by informing us. This right is transferred to the child / pupil once he/she reaches the age 16.

The National Pupil Database (NPD)

The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.

We are required, by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.

To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information.

The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:

  • conducting research or analysis
  • producing statistics
  • providing information, advice or guidance

The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:

  • who is requesting the data
  • the purpose for which it is required
  • the level and sensitivity of data requested: and
  • the arrangements in place to store and handle the data

To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.

For more information about the department’s data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data

For information about which organisations the department has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received

 

To contact DfE: https://www.gov.uk/contact-dfe

 

Requesting Access to your Personal Data

Individuals have a right to make a ‘subject access request’ to gain access to personal information that the school holds about them.

Parents/carers can make a request with respect to their child’s data where the child is not considered mature enough to understand their rights over their own data (usually under the age of 12) or where the child has provided consent.

Parents also have the right to make a subject access request with respect of any personal data the school holds about them.

If you make a subject access request, and if we do hold information about you or your child, we will:

  • Give you a description of it
  • Tell you why we are holding and processing it, and how long we will keep it for,
  • Explain where we got it from, if not from you or your child
  • Tell you who it has been, or will be, shared with
  • Let you know whether any automated decision-making is being applied to the data, and any consequences of this
  • Give you a copy of the information in an intelligible form

 

Individuals also have the right for their personal information to be transmitted electronically to another organisation in certain circumstances.

If you would like to make a request please contact Tamer Hodgson, Data Protection Controller, at Tamer.Hodgson@stl-cmat.org.uk   

 

If a request is made during the school holidays, please be aware that there may be a delay in the request being processed. For further information and for a copy of the Subject Access Request form, please see the STL CMAT Data Protection and Freedom of Information Policy, a copy of which can be found here: https://www.stl-cmat.org.uk

Parents/carers also have a legal right to access their child’s educational record.  To request access please contact Michaela Hamilton at M.Hamilton@st-marys-grantham.lincs.sch.uk or Tamer Hodgson, Data Protection Controller, at Tamer.Hodgson@stl-cmat.org.uk   

 

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations

 

If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/

Contact

If you would like to discuss anything in this privacy notice, please contact:

Tamer Hodgson, Data Protection Controller – Tamer.Hodgson@stl-cmat.org.uk

Top