Pixmore Junior School is a local authority (Hertfordshire County Council) maintained junior school catering for children aged between 7-11 years of age.
General Data Protection Regulations 2018
We, Pixmore Junior School, are a data controller for the purposes of the General Data Protection Regulations (GDPR).
The purpose of this document is to conform with your legal right to be informed about how the school collects, stores, uses or shares any information we hold about you or your child. For the purpose of this document, ‘pupil information’ includes any relevant details about parents, carers or persons responsible for the child.
Why do we collect and use pupil information?
Under Article 6 of the General Data Protection Regulation (GDPR), we collect and use information because we are legally required to collect some information about pupils and staff and we need to process this information due to our legal obligation (6,c) to provide an education to our pupils. This includes sharing information with exam boards, other schools and the Department of Education (DfE) where necessary. Our operation necessitates the use of contracts (6,b) including home-school contracts and contracts with staff and suppliers. In addition, due to our safeguarding responsibilities, we also collect information for the reason of vital interest (6,d) where the processing is necessary to protect someone’s life. A separate CCTV policy exists. Occasionally we collect and process data as a requirement for a public task (6,e), which could include collecting evidence of our duty to educate children, in the form of a learning or communication platform, or the capture of images/video/sound at school events, such as sports day and concerts/productions.
Under Article 6 and Article 9 of GDPR, where the above lawful bases do not allow us to collect essential personal information, we will use consent (6,a) where the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
We may receive information about them from their previous school, the Department for Education (DfE) and Hertfordshire County Council. We hold this personal data to:
- support the learning in our school
- monitor and report on pupil progress
- provide appropriate pastoral care
- assess the quality of our services
- keep our pupils and staff safe
- comply with the law regarding data sharing
The categories of information that we collect, hold and share include:
Personal details (such as name, Unique Pupil Number and address), national curriculum assessment results, attendance information (such as sessions attended, number of absences and absence reasons), any exclusion information, where they go after they leave us, personal characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility), any special educational needs they may have as well as relevant medical information. Sensitive personal information may also be processed for safeguarding purposes (on the Legal Basis of Vital Interest) at any time. Explicit consent would be sought if biometric data was ever to be collected/used by the school in the future.
Collecting pupil information
We collect pupil information by using registration forms, data collection forms (which may be used annually) or file transfer from previous schools.
Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulations, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this.
An annual sweep of the school network will be used to ensure that data is removed from general access where appropriate. We shred or destroy redundant data onsite.
We may hold data on USB memory sticks if adequately protected, although their use is discouraged.
Photographs, videos and sound media will be captured by the school using school equipment and in line with any consent granted.
Data is backed up onsite daily and external backup is provided by our IT service provider (details can be obtained from the School Office), including ARBOR. We maintain a supplier compliance log to ensure that Data Processors (our suppliers) are compliant and effectively safeguard your data.
The school has robust processes in place to minimise the risk of data breaches. In the unlikely event of a Data Breach, the school has an internal Data Breach Procedure and documentation which would be followed. These documents are overseen by the school’s Data Protection Officer (DPO). In the event of a data breach, we would act in accordance with the General Data Protection Regulations 2018.
Data will be retained by the school for the duration of the pupil’s time with us. We cannot agree to delete data during this time.
We will agree to remove data held on pupils, if requested, after they have left us (provided we are not required to keep it due to ratified policy or law). We will have to send their information to a new school or education establishment if applicable.
We hold pupil data until they reach 25 years of age for pupils with SEN* (Data will be securely deleted in the academic year of their 25th birthday). Ordinarily, data will be removed from general access two years after they have left the school, where educational records and/or child protection records have been passed to an alternative provision (or to Herts or another county or country). A yearly sweep of school documentation will be carried out to ensure that such data is protected and removed from general access where appropriate.
Some school data will be kept for 6 years – this includes financial accounting information (legal reasons) and Data Breach Logs.
* and children without SEN if there is a major incident (for example, a safeguarding or critical/medical incident requiring external agency support). We may be required to keep the entire file until the youngest child involved turns 25 years of age, or longer for specific and regulated incidents.
Who do we share information with?
We will not give information about you or your child to anyone without your consent unless the law and our policies allow us to.
Where our school is involved in collaborative delivery with other schools and learning providers, pupil information may also be shared to aid the preparation of learning plans and the use of data to achieve the objectives identified above or with schools that the pupil attends after leaving us. We need to share information, on occasion with (but not limited to) Virtual Schools, Education Psychologist, transfer schools, Social Services Assessment Team, Children’s Services, school governors/trustees, local authority support services including the NHS, police and courts as necessary, and other health related assessment teams including disability allowance. We are required, by law, to share some information with the Department for Education (DfE). This information will, in turn, then be made available for the use by the Local Authority. Additionally, the curriculum may require the use of third party web-based learning platforms, if GDPR compliant. We may share information with our Parents’ Association if we have your consent.
Why we share information
We are required to share information about our pupils with the (DfE) under regulation 4 and 5 of The Education (Information About Individual Pupils) (England) Regulations 2013.
Whilst we share information as an ongoing school management requirement, which would include non-standard operational activity such as promoting the school and complaints/legal proceedings as required, we do not share information about our pupils with anyone without your consent unless the law and our policies allow us to do so.
GDPR does not prevent, or limit, the sharing of information for the purposes of keeping children safe. Legal and secure information sharing between schools, Children’s Social Care, and other local agencies, is essential for keeping children safe and ensuring they get the support they need. Information can be shared without consent if to gain consent would place a child at risk. Fears about sharing information must not be allowed to stand in the way of promoting the welfare and protecting the safety of children. As with all data sharing, appropriate organisational and technical safeguards should still be in place.
Data collection requirements
To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.
If you need more information about how our local authority and/or DfE collect and use your information, please visit:
the DfE website at https://www.gov.uk/data-protection-how-we-collect-and-share-research-data
How Government uses your data
The pupil data that we lawfully share with the DfE through data collections:
- underpins school funding, which is calculated based upon the numbers of children and their characteristics in each school.
- informs ‘short term’ education policy monitoring and school accountability and intervention (for example, school GCSE results or Pupil Progress measures).
- supports ‘longer term’ research and monitoring of educational policy (for example how certain subject choices go on to affect education or earnings beyond school)
The National Pupil Database (NPD)
Much of the data about pupils in England goes on to be held in the National Pupil Database (NPD).
The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department.
It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
To find out more about the NPD, go to: https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information
To contact DfE: https://www.gov.uk/contact-dfe
Requesting access to your personal data
Under data protection legislation, parents, carers have the right to request access to any information that we hold about them. To make a request for your personal information, or be given access to your child’s educational record, contact the appropriate school office or email the Data Protection Officer (see ‘Contact’ below). Please be aware that in certain situations such as, but not restricted to safeguarding, this data may not be disclosed.
You also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress
- prevent processing for the purposes of direct marketing
- object to decisions being taken by automated means
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed
- claim compensation for damages caused by a breach of the Data Protection regulations
- withdraw any consent that you have provided**
To find out more about your rights, visit https://ico.org.uk/your-data-matters/
**Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
No fee usually required
You will not usually have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We understand that there are penalties for inadequately protecting your data or for non-compliance with the GDPR. If you have a concern about the way we are collecting or using your personal data, you can raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/, on 0303 123 1113 or via email by visiting https://ico.org.uk/global/contact-us/email/
If a parent/carer wishes to access personal data held about them or their child, please contact:
- Pixmore Junior School, Rushby Mead, Letchworth Garden City, Hertfordshire, SG6 1RS
- Email: email@example.com
Additional Contact Details
- LA’s Data Protection Office: Information Governance Unit, Room C1, County Hall, Pegs Lane, Hertford, SG13 8DQ, email: dataprotectionhertscc.gov.uk
- QCA’s Data Protection Officer: 83 Piccadilly, London, W1J 8QA
- DfE’s Data Protection Office Caxton House, Tothill St, London, SW1H 9NA
- Ofsted Data Protection Office: Alexandra House, 33 Kingsway, London, WC2B 6SE
Policy Review – GDPR
This policy will be reviewed in full by the Governing Body every three years. We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
The policy was last reviewed and agreed by Governing Body on 4th October 2021