Welcome to our Data Privacy and COVID Notice
Our school aims to ensure that all data collected about staff, pupils, parents and visitors is collected, stored and processed in accordance with the General Data Protection Regulation (GDPR) that came into force in May 2018.
This policy meets the requirements of GDPR, and is based on guidance published by the Information Commissioner’s Office and model privacy notices published by the Department for Education.
|Personal Data||Data from which a person can be identified, including data that, when combined with other readily available information, leads to a person being identified|
|Sensitive Personal Data||Data such as:
· Contact details
· Racial or ethnic origin
· Political opinions
· Religious beliefs, or beliefs of a similar nature
· Where a person is a member of a trade union
· Physical and mental health
· Sexual orientation
· Whether a person has committed, or is alleged to have committed, an offence
· Criminal convictions
|Processing||Obtaining, recording or holding data|
|Data Subject||The person whose personal data is held or processed|
|Data Controller||A person or organisation that determines the purposes for which, and the manner in which, personal data is processed|
|Data Processor||A person, other than an employee of the data controller, who processes their data|
The Data Controller
Our school processes personal information relating to pupils, staff and visitors, and, therefore, is a data controller.
- processed lawfully, fairly and in a transparent manner
- collected for specified, explicit and legitimate purposes (‘purpose limitation’);
- adequate, relevant and limited to what is necessary
- accurate and, where necessary, kept up to date
- kept in a form which permits identification of data subjects for no longer than is necessary
- processed in a manner that ensures appropriate security of the personal data
The governing board has overall responsibility for ensuring that the school complies with its obligations. Day-to-day responsibilities rest with the headteacher, or the deputy headteacher. The headteacher will ensure that all staff are aware of their data protection obligations, and oversee any queries related to the storing or processing of personal data. It is a legal requirement to appoint an independent Data Protection Officer. Lynette Cox has been appointed and is contactable via email Lynette.firstname.lastname@example.org.
Staff are responsible for ensuring that they collect and store any personal data in accordance with this policy.
Pupils and Parents
We hold personal data about pupils to support teaching and learning, to provide pastoral care and to assess how the school is performing. We may also receive data about pupils from other organisations including, but not limited to, other schools, local authorities and the Department for Education.
This data includes, but is not restricted to:
- Contact details
- Results of internal assessment and externally set tests
- Data on pupil characteristics, such as ethnic group or special educational needs
- Exclusion information
- Details of any medical conditions
We will only retain the data we collect for as long as is necessary to satisfy the purpose for which it has been collected.
We will not share information about pupils with anyone without consent unless the law and our policies allow us to do so. Individuals who wish to receive a copy of the information that we hold about them/their child should make their request in writing to the Head Teacher.
We are required, by law, to pass certain information about pupils to specified external bodies, such as our local authority and the Department for Education, so that they are able to meet their statutory obligations.
Data Storage and Security
Paper based records, digital records and portable electronic devices, such as laptops and hard drives that contain personal information, are compliant with GDPR and are regularly assessed by our DPO. Destruction and archiving of Personal Data procedures are also aligned to GDPR.
COVID – 19
Ysgol Golftyn is required to maintain class/bubble lists in response to the Covid-19 health emergency. The lists contain each pupil’s name, date of birth and address, along with the parents/guardian’s name, telephone number, address(es) and contact email. The processing of the class/bubble lists is necessary as part of our public task as set out in the Operational Public Health Advice Note for Welsh Government on the investigation and management of clusters and incidents of COVID-19 in educational and childcare settings.
Ysgol Golftyn will retain your data for as long as the child remains a pupil within the school or until the pandemic ends, whichever is sooner.
In the event of a positive Covid-19 case within the school, the class/bubble list will be shared with NHS Wales Test, Trace, Protect.
If you feel that Ysgol Golftyn has mishandled your or your child’s personal data at any time you can make a complaint to the Head Teacher by emailing email@example.com by or phoning 01244 830569. For further information on our complaints procedure please follow this link http://golftyncp.wales/school-policies/complaints-policy-for-golftyn-cp-school/
Alternatively, you can contact our DPO to make a complaint, email firstname.lastname@example.org or contact the Information Commissioners Office by visiting their website (https://ico.org.uk/make-a-complaint/) or by calling their helpline on 0303 123 1113.
For further information about how Ysgol Golftyn processes personal data and your rights please see our privacy notice included in this document.