Privacy Policy

Privacy Notice (How we use pupil information)

Axe Beacon Federation is the data controller for personal information about your child and their family to enable us to fulfil our obligations under law. We use this information to keep your child safe, to keep parents and carers informed and to ensure that learners and staff are able to access the curriculum in more effective ways.

We have a responsibility under law to share this information with the Department for Education, the Local Educational Authority and with future schools your child will attend. We also use other organisations to process this data (e.g. Parentmail and Capita SIMS) under strict and clear terms that abide by our obligations under the law.

Where the processing of pupil information stands outside our legal responsibilities, we will seek consent from parents and carers to hold and process that information. Consent would be, for example, that pupil information (name and photograph) may be used on our Federation or school’s website.

The categories of pupil information that we collect, hold and share include:

  • Personal information (such as name, unique pupil number and address)
  • Characteristics (such as ethnicity, language, nationality, country of birth, religion and free school meal eligibility)
  • Contact details (such as address, phone numbers and email)
  • Medical information (such as Doctor’s surgery and specific conditions)
  • Dietary information (such as intolerances or special preferences, i.e. vegetarian)
  • Attendance information (such as sessions attended, number of absences and absence reasons)
  • Assessment information (such as progress against age-related expectations, photographs)
  • Safeguarding information (such as necessary information to keep a child safe)
  • Behaviour information (such as a record of temporary exclusions)
  • SEND information (such as Individual Education Plans, reports from professionals e.g. Educational Psychologists)

Why we collect and use this information

We use the pupil data:

 

  • to keep pupils safe
  • to support pupil learning
  • to monitor and report on pupil progress
  • to provide appropriate pastoral care
  • to assess the quality of our services
  • to comply with the law regarding data sharing

The lawful basis on which we use this information

We collect and use pupil information under Article 6.1(e) of the General Data Protection Regulation (GDPR), “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.”

We collect and use special categories of personal data under Article 9.2(g) if the General Dat Protection Regulation (GDPR), “processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject”. The special categories of personal data are: racial and ethnic origin, religious or philosophical beliefs and data concerning health.

An example of how legislation applies to the processing of pupil information in Axe Beacon Federation.

Axe Beacon Federation submits pupil data in the School Census to the LA for each of our schools, this includes special categories of data (nationality and country of birth). We are required to share information about our pupils with our local authority (LA) and the Department for Education (DfE) under section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013. For more information see https://dfemedia.blog.gov.uk/2016/10/31/information-about-the-school-census-and-the-national-pupil-database/

There occasions, where we process data, that are not identified under current legislation. In these circumstances, we would process data under Article 6.1(a) of GDPR, “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”. Please note that all primary age children are below the age of consent for personal information and those with parental responsibility must give this consent.

An example of how consent would be sort for the processing of pupil information in Axe Beacon Federation.

To evidence and track pupil learning, photographs are taken. We would seek consent to process this information in a public manner through posting on the Federation or school’s website.

 

Collecting pupil information

Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain pupil or personal information to us or if you have a choice in this.

Storing pupil data

We hold the majority of pupil data for the time they spend at our school. When a pupil transfers to another school, the pupil record goes with them and is removed from our system in accordance with our Data Retention policy. Not all pupil data is covered by this and some elements are retained for longer. SEND and safeguarding information is retained until the child reaches the age of 25. Attendance registers are retained for 3 years after creation. Records are kept securely in the cloud, on protected staff computers and on our premises.

Who we share pupil information with

We routinely share pupil information with:

 

  • schools that the pupil’s attend after leaving us
  • our local authority
  • the Department for Education (DfE)
  • medical professionals
  • Capita SIMS (our primary data processor)
  • ParentMail (our processor for communication and payment data)
  • Safeguard Software (our Safeguarding recording platform)
  • staff within our Federation (for monitoring and moderated progress)

We also share basic information (name and occasionally date of birth) with third-party curriculum platform providers. These providers help us fulfil our duty as schools to provide high quality eduation. For example, Nessy.com or Times Table Rock Stars. This is done under strict privacy assurances that these third-party providers apply the same privacy standards that we do as a Federation.

Third parties that currently process personal information – all privacy notices have been verified. If you wish for further information, please click on the link for each specific privacy policy.

123Comms (Parentmail – contact information)

Ashley Wood Studios (Photographs)

Blue Duck (Manga High – basic pupil information used)

Capita SIMS (Primary data processor for administration – pupil records)

Cool Milk (School milk supplier – registered parents and children’s names)

Maths Circle Ltd (Times tables rock stars – pupils names and classes)

Microsoft Office 365 (Cloud service – curriculum and assessment information)

Nessy (Spelling support – pupils names and classes)

Oxford University Press (mymaths provider – pupil names and classes

Renaissance Place (Accelerated Reader – pupil names, dates of birth and classes)

The Foundation Stage Forum Ltd (Tapestry – pupil names and photographs)

Tempest Photography (School photographs)

 

Why we share pupil information

We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.

We share pupils’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring. We are required to share information about our pupils with our local authority (LA) and the Department for Education (DfE) under section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013.

We also share basic pupil information (typically name, date of birth and class) with providers of curriculum content online, for example Nessy and Times Table Rockstars. We do this to enrich our curriculum and to support us in deliver education to your child. This is part of our legal obligation to teach children, please see the previous section for the current third parties who we share information with.

 

Data collection requirements:

To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.

The National Pupil Database (NPD)

The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.

We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.

To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information.

The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:

  • conducting research or analysis
  • producing statistics
  • providing information, advice or guidance

The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:

  • who is requesting the data
  • the purpose for which it is required
  • the level and sensitivity of data requested: and
  • the arrangements in place to store and handle the data

To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.

For more information about the department’s data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data

For information about which organisations the department has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received

 

To contact DfE: https://www.gov.uk/contact-dfe

 

Requesting access to your personal data

Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact Simon Lewis, Data Protection Officer for Axe Beacon Federation.  

 

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations

If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/

Contact

If you would like to discuss anything in this privacy notice, please contact:

Simon Lewis

Data Protection Officer

Axe Beacon Federation

Seaton Primary School

Valley View

Seaton

Devon

EX12 2HF

Phone: 01297 20922

dpo@axebf.org.uk

 

 

Axe Beacon Federation Privacy Notice

Updated 21st May 2018