PRIVACY STATEMENT
PRIVACY STATEMENT
The General Data Protection Regulation (GDPR) was introduced in May 2018.
This Privacy Notice describes how the Trust gathers and processes the personal data of staff, Trustees and volunteers at the Trust (Workforce). The Trust is a ‘data controller’ and must comply with the Data Protection regulations.
The processing of personal information by the Trust is predominantly for employment purposes and the effective support of Trustees and volunteers. The processing assists in the running of the Trust and contributes to local and national planning.
Whilst the majority of information you provide is mandatory, some of it is provided to the Trust on a voluntary basis. In order to comply with data protection legislation, the Trust will inform you whether you are required to provide certain Trust workforce information to us or if you have a choice in this.
The categories of workforce information gathered and processed include:
personal information (name, contact details, employee reference, national insurance number)
special categories of data including characteristics information such as gender, age, ethnic group, union membership
contract information (job title, responsibilities and salary information)
payroll information (tax code, timesheets, expenses, pension, sick pay, memberships)
absence from work (number of absences and reasons)
qualifications and recruitment information (subject qualifications, references, employment checks, interview records and references)
medical information (GP information, health data, disabilities, allergies, workplace assessments, accident records)
DBS registrations information
performance management data, appraisals, disciplinary, grievance and training data
digital footprint from use of communication and IT equipment
next of kin name & contact details
photographs, CCTV, video and audio recordings
governance details such as; role, start and end dates, including the date of resignation and governor ID
pecuniary and non-pecuniary interests, including business interests, other governance positions and any relationships with staff or other trustees. This is required for a register of interests published on the Trust website
meeting attendance data to be published on the Trust website
the committees and panels that you serve on and the link area of responsibility you have
information related to your appointment, such as a work or personal reference
personal information provided as a biography to be published on the website
The information gathered is used to:
keep staff, Trustees and volunteers safe
enable staff to be paid and contractual obligations fulfilled
support staff health and medical emergencies and record absence
maintain the quality of workforce data in the sector
enable effective performance management and training needs
support the development of recruitment and retention policies
enable accurate financial modelling and planning
fulfil statutory obligations under legislation (the Equality Act 2010, Keeping Children Safe in Education (KCSIE), Safeguarding Vulnerable Groups Act 2006, Health and Safety at Work Act 1974, Equality Act (Gender Pay Gap Information) Regulations 2017, Education (Health Standards) (England) Regulations 2003, Immigration, Asylum and Nationality Act 2006, Immigration Act 1971, Education and Skills Act 2008
The Trust processes workforce data under the following legal bases:
Contract - to meet the contractual obligations with its workforce during the recruitment process and following employment.
Legal Obligation – to record, process and share data regarding its workforce to comply with employment law. This includes the legal duty to process governance information in respect to Trustees.
Public Interest – where processing is required in the performance of a task in the public interest.
Consent – where another legal basis is not already present, consent will be requested before processing personal data. Consent may be withdrawn at any time.
Workforce data is held in accordance with the Trust’s Retention Schedule. This is normally seven years from the date of leaving employment with the Trust, but in some instances (such as Asbestos exposure) this may be longer when a legal basis is present.
We do not share information about workforce members with anyone without consent unless the law and our policies allow us to do so.
Workforce data is shared with:
The local Authority to support the management of workforce data across the County (section 5 of the Education - Supply of Information about the School Workforce - (England) Regulations 2007 and amendments)
The Department for Education (DfE) and regulatory bodies such as Ofsted
Payroll and personnel service providers
Training, catering, occupational health providers
Professional bodies, trade unions and associations
We are required to share information about our workforce with the DfE under section 5 of the Education (Supply of Information about the School Workforce) (England) Regulations 2007 and amendments. This data sharing underpins workforce policy monitoring, evaluation and links to school funding/expenditure and the assessment of educational attainment.
The department has robust processes in place to ensure that the confidentiality of personal data is maintained and there are stringent controls in place regarding access to it and its use.
Trust auditors
Companies House
the Local Authority Governor’s database
the Department for Education (DfE) and regulatory bodies such as Ofsted
Other Board members
On our Trust website
The Trust has appropriate security measures in place to prevent personal information being accidentally lost or accessed in an unauthorised way. The Trust limits access, via tiered levels of security access, to personal information to those individuals with a genuine need to processes it.
Those processing personal data will do so only in accordance with Trust policies and procedures, and subject to a duty of confidentiality.
The Trust has procedures in place to deal with any suspected data security breach. The Trust will work with its Data Protection Officer and any applicable regulator (such as the Information Commissioners’ Office), in the event of a suspected data security breach.
Data protection legislation gives individuals specific rights, which include the right to access their data. The Trust has an Individual Rights Request Form that it will use to support individuals to access their information. To make a request for your personal information, please contact Sonia Howat - Trust Director of Resources - showat@thesouthfieldtrust.com
The other rights allow individuals to:
object to processing of personal data that is likely to cause, or is causing, damage or distress
have inaccurate personal data rectified
to restrict or erase information that no longer has a legal basis to be held
In some circumstances, where a legal reason exists, the Trust may decline a request by an individual about their data. In this case an explanation will be provided as to why the Trust is unable to support the request.
The Trust has appointed an independent Data Protection Officer as its DPO.
The Data Protection Officer is Roger Simmons and may be contacted via email at rsimmonsltd@gmail.com and via telephone on 07704 838512.
However, please contact the Trust in the first instance if you have a query regarding this Privacy Notice or how your information is used.
Further information about the Principles of GDPR, the Rights of Individuals and the legal basis for processing data is available in the Trust’s Data Protection and Information Security Policy.
The General Data Protection Regulation (GDPR) was introduced in May 2018. This Privacy Notice describes how the Trust gathers and processes personal data relating to parents and pupils in its role as a ‘data controller’ under Data Protection legislation.
The processing of personal information by the Trust is predominantly for the statutory provision of education in a safe environment. The processing assists in the provision of the pupil’s education and in the safeguarding and welfare of that child.
The Trust gathers information from other schools, local authorities, Department for Education, other public bodies and from parents / carers.
The categories of pupil and parent data collected and processed include:
personal information of pupil and parent/carer (name, contact details, age, unique pupil number, identification)
protected characteristics (ethnicity, language, nationality, country of birth and eligibility for free school meals)
attendance record (sessions attended, absences and absence reasons)
relevant medical or dietary information (doctor information, medical conditions allergies, medication and dietary requirements)
special educational needs and disability information
behavioural information (rewards, sanctions, exclusions)
safeguarding information (court orders and involvement of other professionals)
any support received from social services
school test and exam results
video and audio recordings, including CCTV images
The information is required so that the Trust can provide pupils with an education and to keep them safe. The Trust must also comply with other legal obligations.
The data is used to:
keep pupils safe
meet the Trust’s statutory duties
monitor and report on pupil progress
support pupil learning
provide pastoral care and support
assess the quality of the Trust’s teaching and learning
meet statutory requirements for the sharing of pupil data
provide effective catering services
provide payment and booking systems for catering, photographs, activities and trips
celebrate achievement (within the Trust community through newsletters and website, with the wider community through press releases and social media – subject to the appropriate consent)
The Trust processes pupil and parent data to meet the statutory obligation to provide education to the pupil in a safe environment. The legal basis for processing parent and pupil data is detailed below:
Legal Obligation – school admission, sharing data with the DfE and the Local Authority, special educational needs and keeping children safe in education.
Public Task – sharing of data with other schools in support of education and transition, monitoring of attendance and behaviour, use of online learning applications and tools to support the administration of the Trust and the learning of pupils, use of CCTV to protect parents and pupils.
Consent – where another legal basis is not already in place, such as Trust photographs, video and audio recordings, healthcare plans and the external sharing of personal information. Consent is gathered from parents and can be withdrawn at any time.
Legitimate Interest – such as contact with parents to provide important information, the gathering of financial information to provide appropriate catering and activities.
Pupil data is held in accordance with the Trust’s Retention Schedule. Pupil data is normally transferred between schools when a pupil joins or leaves the Trust. In some instances (such as accident reports) information may be held longer when a legal basis is present. The Retention Schedule identifies how long personal data is held by the Trust for all processing activities.
When we share information with others, we make sure it is kept safe and secure, following the requirements set out in law. We share information with organisations so that we can provide the best education to pupils and enable access to services that support the family.
Individual data is shared with:
the next school that the pupil joins, for the on-going continuity of education
East Sussex County Council, for the monitoring and improvement of educational standards
the Department for Education (DfE) and the National Pupil Database, for the evaluation of educational attainment, funding and policy development at a National level
the School Nurse, for the monitoring of pupil health
catering provider, for the provision of meals
the providers of educational software, for the support and improvement of educational standards
parental communication tools
Police, Social Services and other appropriate professional groups
Data protection legislation gives individuals specific rights, which include the right to access their data. The Trust has an Individual Rights Request Form in place that supports individuals to access their rights over their personal data. To make a request for your personal information, or to exercise any of your individual rights, please contact Sonia Howat, Trust Director of Resources - showat@thesouthfieldtrust.com.
The other rights allow individuals to:
object to processing of personal data that is likely to cause, or is causing, damage or distress
have inaccurate personal data rectified
to restrict or erase information that no longer has a legal basis to be held
In some circumstances, where a legal reason exists, the Trust may decline a request by an individual about their data. In this case an explanation will be provided as to why the Trust is unable to support the request.
Data Protection Officer
The Trust has appointed an independent Data Protection Officer as its DPO.
The Data Protection Officer is Roger Simmons and may be contacted via email at rsimmonsltd@gmail.com and via telephone on 07704 838512.
However, please contact the Trust in the first instance if you have a query regarding this Privacy Notice or how your information is used.
Further information about the Principles of GDPR, the Rights of Individuals and the legal basis for processing data is available in the school’s Data Protection and Information Security Policy.