GDPR and Privacy Notices
The 'General Data Protection Regulations' (GDPR) have changed how we can use personal data and keep it safe, and will also strengthens individuals rights over their own data.The point of this is to make sure sensitive or private information about staff , parents and children stays safe.If you have any queries about any aspect of this, please do not hesitate to contact Claire Crabtree our data protection officer. 01257 263063
School has privacy notices for how we use and keep both staff data and pupil data. Hard copies of these are available from school on request.
The Lawful Basis On Which We Hold and Use This Information
On 25th May 2018 the Data Protection Act 1998 was replaced by the General Data Protection Regulations (GDPR). The conditions for processing data under the GDPR are as stated below.
Processing shall be lawful only if and to the extent that at least one of the following applies:
• We have consent.
• Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Processing is necessary for the performance of a contract.
• Processing is in our vital interests, e.g. to protect someone’s life.
• It is necessary for us to perform a public task or official functions which have a clear basis in law.
• Processing is necessary for our legitimate interests.
Pupil Data :
Mayfield School is the data controller and data processor for pupils’ personal information which we hold. This means that the school determines the purposes for which, and the manner in which, any personal data relating to pupils and their families is to be processed.
The School Business Manager is the Data Protection Officer (DPO). The DPO role is to oversee and monitor the school’s data protection procedures, with the support of the Senior Leadership Team, and to ensure school practices regarding data are compliant with the
General Data Protection Regulations (GDPR). The DPO can be contacted on 01257263063 or email firstname.lastname@example.org
The categories of pupil and young adult information that we collect, hold and share include (list not exhaustive):
• Personal information - such as name, date of birth, parental/legal guardianship information, unique pupil number and address, emergency contact information (list not exhaustive)
• Characteristics - such as ethnicity, language, nationality, country of birth and free school meal eligibility (list not exhaustive)
• Attendance information - such as sessions attended, number of absences and absence reasons
• Assessment information
• Educational Health Care Plans
• Emotional Regualtion support Plans (ERSP)
• Individual Education Plans (IEPS)
• Details of medical conditions and associated plans. This also includes medical information given to us by parents/carers and third parties such as the NHS, GPs and medical professionals which includes our physiotherapists and school nurse
• Therapy Plans and Speech and Language Programmes where applicable
• Special Educational Needs and Disability information
• Behaviour and exclusions
The Education Act 1996 - Section 537A – states that we provide individual pupil information as the relevant body such as the Department for Education.
The Children's Act 1989 – Section 83 – places a duty on the Secretary of State or others to conduct research
Staff Data :
The categories of school workforce information that we collect, process, hold and share include (list not exhaustive):
• Personal information - such as name, address, date of birth, national insurance number, payroll information including tax and bank details, employment history, teacher number, medical information, car registration details
• Special categories of data - including characteristics information such as gender, age, ethnic group, disability data
• Contract information - such as start dates, hours worked, post, roles and salary information
• Work absence information - such as number of absences and reasons
• Qualifications held.
Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.
This shall not apply if any of the above reasons outlined in article 6 apply or:
• Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
The Education Act 2005 sections 113 and 114 - is a statutory requirement on schools and local authorities for the submission of the school workforce census return, including a set of individual staff records