English
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Luxembourgish
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sudanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu
Welcome to our Data Privacy and COVID Notice
Aims
Our school aims to ensure that all data collected about staff, pupils, parents and visitors is collected, stored and processed in accordance with the General Data Protection Regulation (GDPR) that came into force in May 2018.
This policy applies to all data, regardless of whether it is in paper or electronic format.
Legislation and Guidance
This policy meets the requirements of GDPR, and is based on guidance published by the Information Commissioner’s Office and model privacy notices published by the Department for Education.
Definitions
| Term | Definition |
| Personal Data | Data from which a person can be identified, including data that, when combined with other readily available information, leads to a person being identified |
| Sensitive Personal Data | Data such as:
· Contact details · Racial or ethnic origin · Political opinions · Religious beliefs, or beliefs of a similar nature · Where a person is a member of a trade union · Physical and mental health · Sexual orientation · Whether a person has committed, or is alleged to have committed, an offence · Criminal convictions
|
| Processing | Obtaining, recording or holding data |
| Data Subject | The person whose personal data is held or processed |
| Data Controller | A person or organisation that determines the purposes for which, and the manner in which, personal data is processed |
| Data Processor | A person, other than an employee of the data controller, who processes their data |
The Data Controller
Our school processes personal information relating to pupils, staff and visitors, and, therefore, is a data controller.
Data Protection Principles
- processed lawfully, fairly and in a transparent manner
- collected for specified, explicit and legitimate purposes (‘purpose limitation’);
- adequate, relevant and limited to what is necessary
- accurate and, where necessary, kept up to date
- kept in a form which permits identification of data subjects for no longer than is necessary
- processed in a manner that ensures appropriate security of the personal data
Roles and Responsibilities
The governing board has overall responsibility for ensuring that the school complies with its obligations. Day-to-day responsibilities rest with the headteacher, or the deputy headteacher. The headteacher will ensure that all staff are aware of their data protection obligations, and oversee any queries related to the storing or processing of personal data. It is a legal requirement to appoint an independent Data Protection Officer. Lynette Cox has been appointed and is contactable via email Lynette.cox@e2e-education.co.uk.
Staff are responsible for ensuring that they collect and store any personal data in accordance with this policy.
Privacy/Fair Processing Notice
Pupils and Parents
We hold personal data about pupils to support teaching and learning, to provide pastoral care and to assess how the school is performing. We may also receive data about pupils from other organisations including, but not limited to, other schools, local authorities and the Department for Education.
This data includes, but is not restricted to:
- Contact details
- Results of internal assessment and externally set tests
- Data on pupil characteristics, such as ethnic group or special educational needs
- Exclusion information
- Details of any medical conditions
We will only retain the data we collect for as long as is necessary to satisfy the purpose for which it has been collected.
We will not share information about pupils with anyone without consent unless the law and our policies allow us to do so. Individuals who wish to receive a copy of the information that we hold about them/their child should make their request in writing to the Head Teacher.
We are required, by law, to pass certain information about pupils to specified external bodies, such as our local authority and the Department for Education, so that they are able to meet their statutory obligations.
Data Storage and Security
Paper based records, digital records and portable electronic devices, such as laptops and hard drives that contain personal information, are compliant with GDPR and are regularly assessed by our DPO. Destruction and archiving of Personal Data procedures are also aligned to GDPR.
COVID – 19
Ysgol Golftyn is required to maintain class/bubble lists in response to the Covid-19 health emergency. The lists contain each pupil’s name, date of birth and address, along with the parents/guardian’s name, telephone number, address(es) and contact email. The processing of the class/bubble lists is necessary as part of our public task as set out in the Operational Public Health Advice Note for Welsh Government on the investigation and management of clusters and incidents of COVID-19 in educational and childcare settings.
Ysgol Golftyn will retain your data for as long as the child remains a pupil within the school or until the pandemic ends, whichever is sooner.
In the event of a positive Covid-19 case within the school, the class/bubble list will be shared with NHS Wales Test, Trace, Protect.
If you feel that Ysgol Golftyn has mishandled your or your child’s personal data at any time you can make a complaint to the Head Teacher by emailing gomail@hwbcymru.net by or phoning 01244 830569. For further information on our complaints procedure please follow this link http://golftyncp.wales/school-policies/complaints-policy-for-golftyn-cp-school/
Alternatively, you can contact our DPO to make a complaint, email lynette.cox@e2e-education.co.uk or contact the Information Commissioners Office by visiting their website (https://ico.org.uk/make-a-complaint/) or by calling their helpline on 0303 123 1113.
For further information about how Ysgol Golftyn processes personal data and your rights please see our privacy notice included in this document.