Privacy Notice – General Data Protection Regulation (GDPR)

This Privacy Notice has been written to inform parents and pupils of New Brighton Primary School about what we do with your personal information. This Notice may be subject to change as the Data Protection Bill progresses.

Who are we?
New Brighton Primary School is a ‘Data Controller’ as defined by Article 4 (7) of GDPR. This means that we determine the purposes for which, and the manner in which, your personal data is processed. We have a responsibility to you and your personal data and will only collect and use this in ways which are compliant with data protection legislation.

The school has appointed Veritau Ltd to be its Data Protection Officer (DPO). The role of the DPO is to ensure that the school is compliant with GDPR and to oversee data protection procedures. Veritau’s contact details are:
Information Governance
Veritau Ltd
County Hall
Racecourse Lane
Northallerton
DL7 8AL
schoolsDPO@veritau.co.uk
01609 53 2526

What information do we collect?
The categories of information that we collect, hold and share include the following:
Personal information of pupils and their family members e.g. name, pupil number, DOB and address
Educational attainment
Free school meal eligibility
Attendance information
Assessment information
Behavioural information
Safeguarding information

We will also process certain ‘special category’ data about our pupils including:
Relevant medical information- please note that where the pupil has a severe allergy or is thought to be at risk of needing emergency care for a medical issue then this will be shared with all the staff. We may do this in the form of photo identification in the staff room to ensure that all staff are aware of the issues should an emergency situation arise
Special Educational Needs and Disabilities information
Race, ethnicity and religion

Why do we collect your personal data?
We use the information we collect:
to support pupil learning
to monitor and report on pupil progress
to provide appropriate pastoral care
to assess the quality of our services

Any personal data that we process about our pupils and parents is done so in accordance with Article 6 and Article 9 of GDPR:

Our legal basis for processing your personal data, in line with Article 6(1)(c) include:
Education Act 1944,1996, 2002
Education and Adoption Act 2016
Education (Information About Individual Pupils)(England) Regulations 2013
Education (Pupil Information) (England) Regulations 2005
Education and Skills Act 2008
Children Act 1989, 2004
Children and Families Act 2014
Equality Act 2010
Education (Special Educational Needs) Regulations 2001

We also process information in accordance with Article 6(e) and Article 9(2)(g) as part of the official authority vested in us as Data Controller and for reasons of substantial public interest. Such processing, which is not mandatory but is considered to be in our pupils’ interests, include:

School trips
Extra curricular activities

Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. When we do process this additional information we will ensure that we ask for your consent to process this.

Who do we obtain your information from?
Much of the information we process will be obtained directly from you (pupils and parents). We will also process information received from:

Department for Education (DfE)
Wirral Education Authority
Previous schools attended

Who do we share your personal data with?
We routinely share pupil information with:
schools that the pupils attend after leaving us
our Local Education Authority – Wirral
the Department for Education (DfE)
National Health Service bodies

For more information on information sharing with the DfE (including the National Pupil Database and Census) please go to: https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information

We will not share any information about you outside the school without your consent unless we have a lawful basis for doing so.

How long do we keep your personal data for?
New Brighton Primary School will keep your data in line with our Information Policy. Most of the information we process about you will be retained as determined by statutory obligations. Any personal information which we are not required by law to retain will only be kept for as long as is necessary to fulfil our organisational needs.

What rights do you have over your data?
Under GDPR parents and pupils have the following rights in relation to the processing of their personal data:
to be informed about how we process your personal data. This notice fulfils this obligation
to request access to your personal data that we hold, and be provided with a copy of it
to request that your personal data is amended if inaccurate or incomplete
to request that your personal data is erased where there is no compelling reason for its continued processing
to request that the processing of your personal data is restricted
to object to your personal data being processed

If you have any concerns about the way we have handled your personal data or would like any further information, then please contact our DPO on the address provided above.

If we cannot resolve your concerns you may also complain to the Information Commissioner’s Office (the Data Protection Regulator) about the way in which the school has handled your personal data. You can do so by contacting:

First Contact Team
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow Cheshire
SK9 5AF
casework@ico.gsi.gov.uk
Tel: 03031 231113

 

Top