Privacy Policy - Cardinal Heenan

Cardinal Heenan High School is the Data Controller of the personal information you provide to us. This means we determine the purposes for which, and the manner in which, any personal data relating to pupils and their families is to be processed. The Headteacher acts as a representative for the school with regard to its data responsibilities.

In some cases, your data will be outsourced to a third party processor who provides a service to us. Where the school outsources data to a third party processor, the same data protection standards that the school upholds are imposed on the processor.

Mr R Lewis-Ogden is the Data Protection Officer for this school. His role is to oversee and monitor the school’s data protection procedures, and to ensure they are compliant with the GDPR. The Data Protection Officer can be contacted at: DPO@bywaterkent.co.uk

What is this Privacy Notice for?

The notice sets out the different areas where user privacy is concerned and outlines the obligations and requirements of the users and the school. The aim of the notice is to give pupils, parents and carers an insight into how information about pupils is used at our school and how our websites work.

The categories of pupil information that we collect, hold and share includes:

Personal information (such as name, unique pupil number and address)
Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility)
Attendance information (such as sessions attended, number of absences and absence reasons)
Assessment, attainment and curricular information
Medical information,
special educational needs and disabilities information,
Behaviour information (such as exclusions and alternative provision information)
safeguarding information (such as child in need referral information)
biometric data (such as fingerprint for lunch payments)
next of kin information
emergency contact information
Admissions information
photographs
CCTV images captured in school
transport to school information

Within school we use pupil data to:

safeguard pupils
support pupil learning
monitor and report on pupil progress and equality of opportunity
provide appropriate pastoral and safeguarding care
allocate the correct teaching resource
provide appropriate additional support
assess the quality of our services
provide a service such as cash free catering
administer admissions waiting lists
provide information to families about events and activities at the school
comply with the law regarding education
administer and protect public funds
have accurate medical information on each child (such as food allergies)
hold emergency contacts for each child

Most commonly, we process data where:

We need to comply with a legal obligation (K from the list above)
We need it to perform an official task in the public interest (a-j above)
We need it to perform a contract (l above)

Less commonly, we may also process pupils’ personal data in situations where:

We have obtained consent to use it in a certain way
We need to protect the individual’s vital interests (m and n above) – or someone else’s interests

Where we have obtained consent to use pupils’ personal data, this consent can be withdrawn at any time. We will make this clear when we ask for consent, and explain how consent can be withdrawn.

Legal Obligation to collect and use pupil information

We are legally obliged to collect data to comply with the following legislation:

Section 537a and Section 29 of The Education Act 1996
Section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013
Regulation 5 of The Education (Information About Individual Pupils) (England) Regulations 2013
the Education (School Performance Information)(England) Regulations 2007
Article 6 and Article 9 of the new GDPR laws, provide some of the underpinning purposes for school’s data collection.
To follow DFE guidance on school attendance 2016 and Early Education and Childcare guidance 2018
regulations 5 and 8 School Information (England) Regulations 2008
the Education (Pupil Registration) (England) (Amendment) Regulations 2013

Collecting pupil information

We obtain pupil information via registration forms at the start of each academic year. In addition, when a child joins us from another school we are sent a secure file containing relevant information.

Pupil data is essential for a schools’ operational use. Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with GDPR we will inform you at the point of collection, whether you are required to provide certain pupil information to us or if you have a choice in this. Where consent is required, the school will provide you with specific and explicit information with regards to the reasons the data is being collected and how the data will be used.

Storing pupil data

We follow legislation on how long we should hold pupil data in school in line with our Record Management and Data Handling Policies.

In accordance with the GDPR, the school does not store personal data indefinitely; data is only stored for as long as is necessary to complete the task for which it was originally collected.

We comply with the GDPR strict terms and conditions covering the confidentiality and handling of the data, security arrangements and use of the data.

Who do we share pupil information with?

We routinely share pupil information with:

schools that the pupil attends after leaving us
Your local authority and Leeds Local Authority
Cardinal Heenan High School Governors
the Department for Education (DfE)
the Diocese of Leeds
School Nursing Service
NHS services and medical providers abroad when on overseas trips
Police forces, courts and tribunals
Pupils’ family and representative
Educators and examining bodies
Selected partners to benefit educational attainment/provide a service which we have contracted them for
Youth Support Services (pupils aged 13+)

Why we share pupil information

We share pupils’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.

We share certain data with 3rd party suppliers who provide a service to us. All our suppliers follow GDPR data processing regulations.

We are required to share information about our pupils with the (DfE) under regulation 5 of The Education (Information about Individual Pupils) (England) Regulations 2013.

We are required to share information about our pupils with our local authority (LA), the students LA and the Department for Education (DfE) under section 3 of The Education (Information about Individual Pupils) (England) Regulations 2013

Youth support services

What is different about pupils aged 13+?

Once our pupils reach the age of 13, we also pass pupil information to our local authority and / or provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996.

This enables them to provide services as follows:

• youth support services
• careers advisers

A parent / guardian can request that only their child’s name, address and date of birth is passed to their local authority or provider of youth support services by informing us. This right is transferred to the child / pupil once he/she reaches the age 16.

Our pupils aged 16+

We will also share certain information about pupils aged 16+ with our local authority and / or provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996.

This enables them to provide the following services:

post-16 education and training providers
youth support services
careers advisers

For more information about services for young people, please visit our local authority website.

DfE Data Collection requirements

To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to: https://www.gov.uk/education/data-collection-and-censuses-for-schools

The National Pupil Database (NPD)

Much of the data about pupils in England goes on to be held in the National Pupil Database (NPD). The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies. To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information .

The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:

conducting research or analysis
producing statistics
providing information, advice or guidance

The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:

who is requesting the data
the purpose for which it is required
the level and sensitivity of data requested: and
the arrangements in place to store and handle the data

For more information, follow the link below:
https://www.gov.uk/guidance/data-protection-how-we-collect-and-share-research-data
To contact DfE: https://www.gov.uk/contact-dfe

For information about which organisations the department has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received

Data sharing security

To be granted access to pupil information, organisations must comply with GDPR strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
We will not without your express consent provide your personal information to any third parties for the purpose of direct marketing.

What are your Rights?

Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact the Headteacher.

You also have the right to:

object to processing of personal data that is likely to cause, or is causing, damage or distress
prevent processing for the purpose of direct marketing
object to decisions being taken by automated means
in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
claim compensation for damages caused by a breach of the Data Protection regulations

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with the headteacher or our Data Protection Officer at DPO@bywaterkent.co.uk in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/

Resources & Further Information

Data Protection Officer

If you would like to discuss anything in this privacy notice, please contact our Data Protection Officer at DPO@bywaterkent.co.uk
Cardinal Heenan High School, Tongue Lane, Leeds, LS6 4QE Tel: 0113 8873240

Privacy Policy Changes

Although most changes are likely to be minor, the school may change its Privacy Policy from time to time at the sole discretion of the school.

Contact Details

Cardinal Heenan High School
Tongue Lane
Leeds
LS6 4QE

Tel: 0113 8873240
Email: info@cardinalheenan.com
Fax: 0113 2940320

Privacy Policy.