Parent Carer Privacy Notice

Parent Carer & Pupil Privacy Notice for Briarwood School

Briarwood School is committed to protecting the privacy and security of personal information.  Under Data Protection Law, individuals have a right to be informed about how the school collects and uses any personal data that we hold about them. We comply with this right by providing ‘privacy notices’ to individuals where we are processing their personal data, this is in accordance with the General Data Protection Regulation (GDPR); Section 537A of the Education Act 1996 and Section 83 of the Children Act 1989.

Who Collects This Information

Briarwood School is a “data controller.” This means that we are responsible for deciding how we hold and use personal information about pupils. Our Data Protection Officer is Craig Stilwell, please see contact details for further information.

The Data We Collect, Process, Hold and Share

Personal data that we may collect, use, store and share (when appropriate) about pupils includes but is not restricted to:

  • Personal information such as name, pupil number, date of birth, gender, contact information, identification documents;
  • Emergency contact and family information such as names, relationship, phone numbers, email addresses;
  • Characteristics such as looked after children status, asylum status, language, nationality, country of birth, free school meal eligibility, pupil premium eligibility;
  • Attendance details such as sessions attended, number of absences and reasons for absence;
  • Exclusion information;
  • Financial details such as dinner money records, trip contributions, sixth form bursaries, pupil premium records, SEN provision maps and high needs funding;
  • Post 16 learning information such as ASDAN accreditation;
  • Attainment and assessment information;
  • Pupil and curricular records such as learning maps, pen profiles, engagement profiles, transport records, intervention plans;
  • Behavioural information such as positive behaviour plans, behaviour data;
  • Special educational needs information such as education health care plans (EHCP), educational psychologist reports;
  • Safeguarding Data such as cause for concern records, accident and incident records, personal emergency evacuation plans, risk assessments, eating and drinking protocols, external support information;
  • Special categories of personal data including:
  • Medical Information such as care plans, intimate care plans, medical history, administration of medication records, medical protocols, dietary requirements;
  • Religion and Ethnicity
  • Images of pupils pertinent to medical, safeguarding, and curricular information;
  • Information about the use of our IT, communications and other systems, and other monitoring information;

We may also hold data about pupils that we have received from other organisations including other schools, local authorities, the Department for Education, health and social care providers.

Collecting This Information

Whilst the majority of information we collect about pupils is mandatory, there is some information that can be provided voluntarily. Whenever we seek to collect information from parents/carers about their child, we make it clear whether providing it is mandatory or optional. If it is mandatory, we will explain the possible consequences of not complying.

It is important that the personal information we hold about pupils is accurate and current. Please keep us informed if personal information changes during your working relationship with us.

How We Use Your Personal Information

We hold pupil data and use it to:

  • Inform pupil selection;
  • Monitor and report on pupils progress;
  • Inform decisions such as the funding of schools;
  • Assess performance and to set targets for schools;
  • Safeguard pupils’ welfare;
  • Provide appropriate pastoral and medical care;
  • Support teaching and learning;
  • Manage internal policy and procedure;
  • Carry out research;
  • Enable pupils to take part in assessments and record pupil achievements;
  • Carry out statistical analysis for diversity and provision planning purposes;
  • Comply with Legal and regulatory purposes for example child protection, diversity monitoring and health and safety;
  • Comply with legal obligations and duties of care;
  • Enable relevant authorities to monitor the school’s performance;
  • Monitor the use of the School’s IT and communications systems in accordance with the School’s E Safety policy;
  • Where otherwise reasonably necessary for the school’s purposes, including to obtain appropriate professional advice;
  • Comply with the law regarding data sharing.
  • To provide support to pupils after they leave school.

Our Legal Basis for using this Data

We will only use personal information when the law allows us to. Most commonly, we will use information in the following circumstances:

  • Consent: We have obtained consent to use the data in a certain way;
  • Legal obligation: the processing is necessary to comply with the law;
  • Vital interests: the processing is necessary to protect someone’s vital interests;
  • Public task: the processing is necessary to perform a task in the public interest; and
  • The Education Act 1996: for Departmental Censuses 3 times a year. More information can be found at: https://www.gov.uk/education/data-collection-and-censuses-for-schools.

Some of the reasons listed above for collecting and using pupil’s personal data overlap, and there may be several grounds which justify our use of this data.

Please note that we may process information without knowledge or consent, where this is required or permitted by law.  Where we have obtained consent to use pupils personal data, this consent can be withdrawn at any time, we will make this clear when we ask for consent and explain how consent can be withdrawn.

How We Store Data

The School keep information about pupils on computer systems and sometimes on paper.

We keep personal information about pupils while they are attending our school.  We also keep it beyond their attendance at our school if this is necessary in order to comply with our legal obligations and our internal policy.

Our data retention policy sets out how long we keep information about pupils.  If you require further information about our retention periods, please let the School’s named Data Controller know who can provide you with a copy of our policy.

Sharing Data

We may need to share personal data with third parties where it is necessary. There are strict controls on who can see personal information. We will not share pupil data if consent is not given unless the sharing of data ensures pupils stay safe and healthy or we are legally required to do so.

We share pupil information with:

  • the Department for Education (DfE) – on a statutory basis under section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013;
  • Ofsted;
  • Local Authority / Youth Support Services – under section 507B of the Education Act 1996, to enable them to provide information regarding training and careers as part of the education or training of 13-19 year olds;
  • Other Schools that pupils have attended/will attend;
  • NHS;
  • Welfare services such as social care;
  • Law enforcement officials;
  • Local Authority Designated Officer;
  • Professional advisors such as lawyers and consultants;
  • Support services (including insurance, IT support, information security) to enable them to provide the service we have contracted them for; and
  • The Local Authority.

Information will be provided to those agencies securely or anonymised where possible. The recipient of the information will be bound by confidentiality obligations, we require them to respect the security of your data and to treat it in accordance with the law.

Transferring Data Internationally

Where we transfer personal data to a country or territory outside the European Economic Area, we will do so in accordance with data protection law.

Why We Share This Information

We do not share information about our pupils with anyone without consent unless otherwise required by law or to keep pupils safe.

For example, we share student’s data with the DfE on a statutory basis which underpins school funding and educational attainment. To find out more about the data collection requirements placed on us by the DfE please go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.

National Pupil Database

We are required to provide information about pupils to the Department for Education as part of statutory data collections such as the school census.  The law that allows this is the Education (information about individual pupils) (England) Regulations 2013.

Some of this information is then stored in the National Pupil Database (NPD), which is owned and managed by the Department and provides evidence on school performance to inform research.

The database is held electronically so it can easily be turned into statistics. The information is securely collected from a range of sources including schools, local authorities and exam boards.

The Department for Education may share information from the NPD with other organisations which promote children’s education or wellbeing in England. Such organisations must agree to strict terms and conditions about how they will use the data.

For more information, see the Department’s webpage on how it collects and shares research data.

You can also contact the Department for Education with any further questions about the NPD.

Youth support services

Once our pupils reach the age of 13, we are legally required to pass on certain information about them to Bristol City Council, as they have a legal responsibility regarding the education or training of 13-19 year-olds under section 507B of the Education Act 1996. This information enables the Local Authority to provide youth support services, post-16 education and training services, and careers advisers. Parents/carers, or pupils once aged 16 or over, can contact our data protection officer to request that we only pass the individual’s name, address and date of birth to the Local Authority Preparing for Adulthood team.

Automated Decision Making

Automated decision making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision making in limited circumstances. Pupils will not be subject to automated decision-making, unless we have a lawful basis for doing so and we have notified you.

Security

We have put in place measures to protect the security of your information (i.e. against it being accidentally lost, used or accessed in an unauthorised way). A copy of our E-Safety Policy and Information Security Policy is available on request.

Requesting Access to Your Personal Data

Individuals have a right to make a ‘subject access request’ to gain access to personal information that the school holds about them. Parents/carers can also make a request with respect to their child’s data where the child is not considered mature enough to understand their rights over their own data, where the child is considered to lack capacity to understand their rights over their own data, or where the child has provided consent.

If a subject access request is made, and if we do hold information about you or your child, we will:

  • Give you a description of it
  • Tell you why we are holding and processing it, and how long we will keep it for
  • Explain where we got it from, if not from you or your child
  • Tell you who it has been, or will be, shared with
  • Let you know whether any automated decision-making is being applied to the data, and any consequences of this
  • Give you a copy of the information in an intelligible form

Individuals also have the right for their personal information to be transmitted electronically to another organisation in certain circumstances.

If you would like to make a request please contact our data protection officer. Parents/carers also have a legal right to access to their child’s educational record. To request access, please contact the School’s named Data Controller.

You also have the right to: –

  • Object to processing of personal data that is likely to cause, or is causing, damage or distress;
  • Prevent processing for the purposes of direct marketing;
  • Object to decisions being taken by automated means;
  • In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • Claim compensation for damages caused by a breach of the data protection regulations.

If you want to exercise any of the above rights, please contact the School’s Data Protection Officer in writing.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Right to Withdraw Consent

In circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the School’s Data Controller. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Contact

If you would like to discuss anything within this privacy notice or have a concern about the way we are collecting or using your personal data, we request that you raise your concern with the School’s Data Controller in the first instance.

Data Controller Name: Alistair Mackintosh

Data Controller Contact Details: ICT & GDPR Strategic Lead, Briarwood School, Briar Way, Fishponds, Bristol, BS16 4EA

Data Controller Email: Alistair.mackintosh@bristol-schools.uk

We have also appointed a data protection officer (DPO) to oversee compliance with data protection and this privacy notice. If you have any questions about how we handle your personal information which cannot be resolve by the School’s Data Controller, then you can contact the DPO on the details below: –

Data Protection Officer: Craig Stilwell
Company: Judicium Consulting Ltd
Address: 72 Cannon Street, London, EC4N 6AE
Email: dataservices@judicium.com
Telephone: 0203 326 9174

You have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues at https://ico.org.uk/concerns.

Changes to This Privacy Notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.