GDPR

General Data Protection Regulations
at Sacred Heart Primary School

Data Protection Officer

The Data Protection Officer is responsible for overseeing data protection within the school. If you have any questions in this regard, these are the c

Data Protection Officer: Mrs McCallum

Email: admin@sacredheart.liverpool.sch.uk

Telephone: 0151 709 1782

From 25 May 2018, new regulations were introduced which affect how our School handles personal data.

Data Protection

This is called the General Data Protection Regulation (GDPR). Compliance with the regulations will be an ongoing process and the School have appointed a Data Protection Officer to advise and manage compliance with the regulation.We do not share information about pupils with any third party without consent unless the law and our policies allow us to do so.

Where it is legally required or necessary (and it complies with data protection law), we may share personal information about pupils with:

  • Our local authority – to meet our legal obligations to share certain information with it, such as safeguarding concerns and exclusions

  • The Department for Education

  • The pupil’s family and representatives

  • Educators and examining bodies

  • Our regulator [specify as appropriate, e.g. Ofsted, Independent Schools Inspectorate]

  • Suppliers and service providers – to enable them to provide the service we have contracted them for

  • Financial organisations

  • Central and local government

  • Our auditors

  • Survey and research organisations

  • Health authorities

  • Security organisations

  • Health and social welfare organisations

  • Professional advisers and consultants

  • Charities and voluntary organisations

  • Police forces, courts, tribunals

  • Professional bodies

National Pupil Database

We are required to provide information about pupils to the Department for Education as part of statutory data collections such as the school census.

Some of this information is then stored in the National Pupil Database (NPD), which is owned and managed by the Department of Education and provides evidence on school performance to inform research.

The database is held electronically so it can easily be turned into statistics. The information is securely collected from a range of sources including schools, local authorities and exam boards.

The Department for Education may share information from the NPD with other organisations which promote children’s education or wellbeing in England. Such organisations must agree to strict terms and conditions about how they will use the data.

For more information, see the Department’s webpage on how it collects and shares research data.

You can also contact the Department for Education with any further questions about the NPD.

Transferring Data Internationally

Where we transfer personal data to a country or territory outside the European Economic Area, we will do so in accordance with data protection law.

Parents and Pupils’ Rights Regarding Personal Data

Individuals have a right to make a ‘subject access request’ to gain access to personal information that the school holds about them.

Parents/carers can make a request with respect to their child’s data where the child is not considered mature enough to understand their rights over their own data (usually under the age of 12), or where the child has provided consent.

If you make a subject access request, and if we do hold information about you or your child, we will:

  • Give you a description of it

  • Tell you why we are holding and processing it, and how long we will keep it for

  • Explain where we got it from, if not from you or your child

  • Tell you who it has been, or will be, shared with

  • Let you know whether any automated decision-making is being applied to the data, and any consequences of this

  • Give you a copy of the information in an intelligible form

  • Individuals also have the right for their personal information to be transmitted electronically to another organisation in certain circumstances.

Parents/carers also have a legal right to access to their child’s educational record.

Other Rights

Under data protection law, individuals have certain rights regarding how their personal data is used and kept safe, including the right to:

  • Object to the use of personal data if it would cause, or is causing, damage or distress

  • Prevent it being used to send direct marketing

  • Object to decisions being taken by automated means (by a computer or machine, rather than by a person)

  • In certain circumstances, have inaccurate personal data corrected, deleted or destroyed, or restrict processing

  • Claim compensation for damages caused by a breach of the data protection regulations

Mrs J McCallum, Headteacher, or Michael Jones dpo@liverpool.gov.uk our data protection officer.

To exercise any of these rights, or to request access, please see contact details below

Contact Us

If you have any questions, concerns or would like more information about anything mentioned in this privacy notice, please contact:

Mrs J McCallum Headteacher, or Michael Jones dpo@liverpool.gov.uk our Data Protection Officer.

This notice is based on the Department for Education’s model privacy notice for pupils, amended for parents and to reflect the way we use data in this school.

Complaints

We take any complaints about our collection and use of personal information very seriously.

If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance.

To make a complaint, please contact: Mrs J McCallum, Headteacher (initial contact), or Michael Jones dpo@liverpool.gov.uk our Data Protection Officer.

Alternatively, you can make a complaint to the Information Commissioner’s Office:

Report a concern online at https://ico.org.uk/concerns/

Call: 0303 123 1113

Or write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF