Roath Park Primary School aims to ensure that all personal data collected about staff, pupils, parents/legal guardians, governors, visitors and other individuals is collected, stored and processed in accordance with the General Data Protection Regulation (GDPR) and the expected provisions of the Data Protection Act 2018 (DPA 2018) as set out in the Data Protection Bill. This Privacy Notice explains how we collect, store and use personal data about your child.
We, Roath Park Primary School, are the ‘data controller’ for the purposes of data protection law.
How we use pupil information
The categories of pupil information that we collect, hold and share include:
· Personal information (such as name, unique pupil number and address)
· Characteristics (such as relevant medical information, special educational needs information, ethnicity, language, nationality, country of birth and free school meal eligibility)
· Attendance information (such as sessions attended, number of absences and absence reasons)
· Assessment Results
Why we collect and use this information
We use the pupil data:
· to enable us to look after your child’s wellbeing and contact you, or a nominated person, in an emergency
· to support pupil learning
· to monitor and report on pupil progress
· to provide appropriate pastoral care
· to assess the quality of our services
· to comply with the law regarding data sharing
The lawful basis on which we use this information
Our main legal bases for using this information are:
· processing is necessary for the performance of a public task (i.e. in order to provide your child with an education)
· we are under legal obligation to process this information
Occasionally, we may also use this information where:-
· you have given your explicit consent for us to process this personal information
· we need to protect your child’s vital interests
For more information on legal basis, please visit www.ico.org.uk
Collecting pupil information
Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this and we will explain possible consequences of failing to provide that personal data.
Storing pupil data
To ensure our pupil information is kept safe we have the following controls/limitations in place:
· the information will not be used for any purpose other than those stated in this notice
· the information will be held within secure systems/locations, with appropriate levels of security, that comply with relevant data protection legislation
· the information will only be shared for lawful purposes and with an appropriate level of security that complies with relevant data protection legislation
· the information will only be held for the periods agreed in Cardiff County Council’s Retention Schedule, after which it will be destroyed. The Retention Schedule is available on request
· the information will be held, used and shared in accordance with the Data Protection Act 1998 legislation and the General Data Protection Regulation (GDPR).
Who we share pupil information with
We routinely share pupil information with:
· schools that the pupil’s attend after leaving us
· Cardiff Council and their commissioned providers of local authority services.
· Cardiff City Council and their commissioned providers of local authority services
· Welsh Government
· Department for Education
· Central South Consortium Joint Education Service (CSCJES)
· Parent Pay
· GL Assessment
· Class Dojo
· Approved sporting providers
· Shared Resource Service Wales
· The PTFA
Why we share pupil information
We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so. When you give your consent for your child’s information to be held and/or shared for any purpose, you can withdraw that consent at any time, by contacting the Data Protection Officer named above.
We are required, by law, to pass certain information about our pupils to Cardiff City Council and Welsh Government.
Welsh Government will only provide data for a specific purpose and for a limited time period, after which the organisation must confirm that it has been destroyed. Any analysis produced must follow Welsh government disclosure rules to ensure that individual pupils cannot be identified.
For research purposes wider than education, Welsh Government will use techniques that ensure the data are anonymised before any research takes place. Sharing of anonymised data is outside of the GDPR.
Requesting access to your child’s personal data
Under data protection legislation, parents and pupils have the right to make a ‘Subject Access Request’ to gain access to information about them that we hold. To make a request for your child’s personal information, or to be given access to your child’s educational record, contact the school.
You also have the right to:
· have any information we hold about your child corrected
· have any information we hold about your child erased
· restrict how information we hold about your child can be used or shared
· object to information about your child being held
· have any information we hold about your child transferred to a third party
· challenge decisions relating to your child made using automated decision making and profiling means (generally, there are no decisions made in our school that solely rely upon automated decision making or profiling alone. For further information, contact the Data Protection Officer named above).
For further information, please refer to www.ico.org.uk
If you have any concerns or complaints about how we obtain, use, store or share your personal data, please contact the school.
If however you are dissatisfied with our response to your concerns you can contact:
Information Commissioners Office
Tel: 0303 123 1113 (local rate) or 029 2067 8400