Privacy Notice for Applemore College
Applemore College is committed to protecting the privacy and security of personal information. This privacy notice describes how the College collects and uses personal information about students in accordance with the General Data Protection Regulation (GDPR), section 537A of the Education Act 1996 and section 83 of the Children Act 1989.
Who Collects This Information
Applemore College is a “data controller.” This means that the College is responsible for deciding how personal information about students is held and used.
The Categories of Student Information That Is Collected, Processed, Held and Shared
The College may collect, store and use the following categories of personal information about students:
- Personal information such as name, admission number, date of birth, gender and contact information;
- Emergency contact and family lifestyle information such as names, relationship, phone numbers and email addresses;
- Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility);
- Attendance details (such as sessions attended, number of absences and reasons for absence);
- Performance and assessment information;
- Behavioural information (including exclusions);
- Special educational needs information;
- Relevant medical information;
- Images of students engaging in College activities, and images captured by the College CCTV system;
- Information about the use of our IT, communications and other systems, and other monitoring information.
Collecting This Information
Whilst the majority of information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain student information to us or if you have a choice in this.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
How We Use Your Personal Information
The College holds student data and uses it for: -
- Student admission (and to confirm the identity of prospective students and their parents);
- Providing education services and extra-curricular activities for students and monitoring their progress and educational needs;
- Informing decisions such as the funding of schools;
- Assessing performance and to set targets for the College;
- Safeguarding student welfare and providing appropriate pastoral care;
- Support teaching and learning;
- Giving and receiving information and references about past, current and prospective students and to provide references to post-16 providers and potential employers of current and past students;
- Managing internal policy and procedure;
- Enabling students to take part in assessments and examinations to publish the results of these and to record their achievements;
- To carry out statistical analysis for diversity purposes;
- Legal and regulatory purposes (for example child protection, diversity monitoring and health and safety) and to comply with legal obligations and duties of care;
- Enabling relevant authorities to monitor College performance and to intervene or assist with incidents as appropriate;
- Monitoring the use of the College IT and communication systems in accordance with the IT security policy;
- Making use of photographic images of students in College publications, website and social media;
- Security purposes, including CCTV; and
- Where otherwise reasonably necessary for College purposes including to obtain appropriate professional advice and insurance.
The Lawful Basis on Which We Use This Information
The College will only use your information when the law allows us to. Most commonly, your information will be used in the following circumstances: -
- Consent: the individual has given clear consent to process their personal data for a specific purpose;
- Contract: the processing is necessary for a contract with the individual;
- Legal obligation: the processing is necessary to comply with the law (not including contractual obligations);
- Vital interests: the processing is necessary to protect someone’s life.
- Public task: the processing is necessary to perform a task in the public interest or for official functions, and the task or function has a clear basis in law; and
- The Education Act 1996: for Departmental Censuses 3 times a year. More information can be found at: https://www.gov.uk/education/data-collection-and-censuses-for-schools.
All the categories of information in the above list are necessary to allow the College to comply with its legal obligations. Please note that information may be processed without prior knowledge or consent, where this is require or permitted by law.
Your data may be shared with third parties where necessary. There are strict controls on who can see your information and this will not be shared if you have advised us that you do not want it to happen unless it is the only way that we can ensure a student is safe and healthy or we are legally required to do so.
The College shares student information with: -
- the Department for Education (DfE) - on a statutory basis under section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013;
- Youth support services – under section 507B of the Education Act 1996, to enable them to provide information regarding training and careers as part of the education or training of 13-19 year olds;
- Other Schools that students have attended or will attend;
- Welfare services (such as social services);
- Law enforcement officials such as the Police, HMRC;
- Local Authority Designated Officer;
- Professional advisors such as lawyers and consultants;
- Support services (including insurance, IT support, information security); and
- The Local Authority.
Information will be provided to those agencies securely or anonymised where possible.
The recipient of the information is bound by confidentiality obligations and they are required to respect the security of your data and to treat it in accordance with the law.
Why We Share This Information
Information about students will not be shared with anyone without consent unless otherwise required by law.
For example, we share student’s data with the DfE on a statutory basis, which underpins College funding and educational attainment. To find out more about the data collection requirements placed on us by the DfE please go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.
Storing Student Data
The College keeps information about students on computer systems and on paper.
Except as required by law, the College only retains information about students for as long as necessary in accordance with time-frames imposed by law and our internal policy.
If you require further information about our retention periods, please refer to the Data Retention Policy.
Measures to protect the security of this information have been put in place i.e. against it being accidentally lost, used or accessed in an unauthorised way.
COVID-19 Lateral Flow and Saliva Testing - Amendment January 2021
As a requirement of the lateral flow and saliva testing programmes, we are required to use pupil information. This will be a temporary amendment to the privacy notice until testing ceases. The legal framework behind using this information is as follows:
Why do we collect and use pupil information?
We collect and use pupil information under:
General Data Protection Regulations
- Article 6(1)(e) – the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Article 9(2)(g) – the processing is necessary for reasons of substantial public interest.
We use the pupil data:
- to protect pupil welfare and carry out safeguarding activities
Youth support services
Students aged 13+
Once students reach the age of 13, we also pass information to the Local Authority and youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996.
The College is required to provide the student’s name, the parent/carer’s name(s) and any further information relevant to the support services role. This enables them to provide services as follows:
- youth support services
- careers advisers
A parent or carer can request that only their child’s name, address and date of birth is passed to the Local Authority or provider of youth support services by informing us. This right is transferred to the student once they reach the age 16.
The National Pupil Database (NPD)
The NPD is owned and managed by the Department for Education (DfE) and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
According to the Education (Information About Individual Pupils) (England) Regulations 2013, we are required by law to provide information about our students to the DfE as part of statutory data collections such as the School Census and Early Years’ Census. Some of this information is then stored in the NPD.
To find out more about the NPD, go to; https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information.
The DfE may share information about our students from the NPD with third parties who promote the education or well-being of children in England by:
- conducting research or analysis
- producing statistics
- providing information, advice or guidance
The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
- who is requesting the data
- the purpose for which it is required
- the level and sensitivity of data requested: and
- the arrangements in place to store and handle the data
To be granted access to student information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
For more information about the DfE’s data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data
For information about which organisations the DfE has provided student information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received
To contact DfE: https://www.gov.uk/contact-dfe
Requesting Access to Your Personal Data
Under data protection legislation, parents/carers and students have the right to request access to information about them held by the College. To make a request for your personal information contact the Headteacher;
You also have the right to: -
- Object to processing of personal data that is likely to cause, or is causing, damage or distress;
- Prevent processing for the purposes of direct marketing;
- Object to decisions being taken by automated means;
- In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- Claim compensation for damages caused by a breach of the data protection regulations.
If you want to exercise any of the above rights, please contact The Headteacher in writing.
The College may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Right to Withdraw Consent
In circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Headteacher. Once notification has been received, that you have withdrawn your consent, the College will no longer process your information for the purpose or purposes you originally agreed to, unless there is a legitimate basis for doing so in law.
If you would like to discuss anything within this privacy notice or have a concern about the way the College collects or uses your personal data, raise your concern with the Headteacher.
The Data Protection Officer (DPO) oversees compliance with data protection and this privacy notice. If you have any questions about how your personal information is handled, which cannot be resolved by the Headteacher, contact the DPO.
Data Protection Officer Details: Judicium Consulting Ltd, 72 Cannon Street, London, EC4N 6AE
Data Protection Officer Email: firstname.lastname@example.org
You have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues at https://ico.org.uk/concerns.
Changes to This Privacy Notice
The College reserves the right to update this privacy notice at any time, and will publish a new privacy notice when any substantial updates are made. The College may also notify you in other ways from time to time about the