Scroll to content
School Logo

Worstead Church

of England Primary School

Let All That You Do Be Done In Love.

Data Protection

GDPR privacy notice for pupils and their families

 

Schools are currently required to inform pupils and their families about how their personal data may be collected and used. This requirement remains since GDPR came into effect on 25.5.18; however, schools will be required to revise their privacy notices to include further information on processing individuals’ personal data, in order to be compliant with the GDPR.

 

Who processes your information?

 

Worstead CEVA Primary School is the data controller of the personal information you provide to us. This means the school determines the purposes for which, and the manner in which, any personal data relating to pupils and their families is to be processed. The Headteacher acts as a representative for the school with regard to its data controller responsibilities; they can be contacted on 01692 536309.

 

In some cases, your data will be outsourced to a third party processor; however, this will only be done with your consent, unless the law requires the school to share your data. Where the school outsources data to a third-party processor, the same data protection standards that Worstead Primary School upholds are imposed on the processor.

 

James Wright of 4MSL is the Data Protection Officer. He is contracted to work on general ICT systems maintenance and deployment at Worstead as part of a collective of Norfolk primary schools. His DPO role is to oversee and monitor the school’s data protection procedures, and to ensure they are compliant with the GDPR. He is in an excellent position to do this, and offer day-to-day advice on data protection as he is in school every week. The Data Protection Officer can be contacted via dpo@4msl.com

 

Why do we collect and use your information?

 

Worstead Primary School holds the legal right to collect and use personal data relating to pupils and their families, and we may also receive information regarding them from their previous school, LA and/or the DfE. We collect and use personal data in order to meet legal requirements and legitimate interests set out in the GDPR and UK law, including those in relation to the following:

 

  • Article 6 and Article 9 of the GDPR
  • Education Act 1996
  • Section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013
  • Working Together to Safeguard Children (2017)

 

 

In accordance with the above, the personal data of pupils and their families is collected and used for the following reasons:

 

  • To support pupil learning
  • To monitor and report on pupil progress
  • To provide appropriate pastoral care
  • To safeguard children
  • To assess the quality of our service
  • To comply with the law regarding data sharing

 

Which data is collected?

 

The categories of pupil information that the school collects, holds and shares include the following:

 

  • Personal information – e.g. names, pupil numbers and addresses
  • Characteristics – e.g. ethnicity, language, nationality, country of birth and free school meal eligibility
  • Attendance information – e.g. number of absences and absence reasons
  • Assessment information – e.g. national curriculum assessment results  
  • Relevant medical information
  • Information relating to SEND
  • Information relating to safeguarding
  • Behavioural information – e.g. number of temporary exclusions
  • Photographs– these will be used to aid our records management and attendance procedures and as assessment in the Early Years Foundation Stage
  • Videos- for assessment purposes

Whilst the majority of the personal data you provide to the school is mandatory, some is provided on a voluntary basis. When collecting data, the school will inform you whether you are required to provide this data or if your consent is needed. Where consent is required, the school will provide you with specific and explicit information with regards to the reasons the data is being collected and how the data will be used.  

 

How long is your data stored for?

 

Personal data relating to pupils at Worstead Primary School and their families is stored in line with the school’s GDPR Data Protection Policy.

 

In accordance with the GDPR, the school does not store personal data indefinitely; data is only stored for as long as is necessary to complete the task for which it was originally collected.

 

Will my information be shared?

 

The school is required to share pupils’ data with the DfE on a statutory basis, this includes the following:

 

  • EYFS Foundation Stage outcomes
  • Phonics screening check outcomes
  • KS1 statutory test outcomes
  • KS2 statutory test outcomes
  • The National Pupil Database (NPD) is managed by the DfE and contains information about pupils in schools in England. Worstead Primary School is required by law to provide information about our pupils to the DfE as part of statutory data collections, such as the school census; some of this information is then stored in the NPD. The DfE may share information about our pupils from the NDP with third parties who promote the education or wellbeing of children in England by:

 

  • Conducting research or analysis.
  • Producing statistics.
  • Providing information, advice or guidance.

The DfE has robust processes in place to ensure the confidentiality of any data shared from the NPD is maintained.

 

Worstead Primary School will not share your personal information with any third parties without your consent, unless the law allows us to do so. The school routinely shares pupils’ information with:

 

  • Pupils’ destinations upon leaving the school
  • The LA
  • The NHS
  • The Department for Education
  • The Local Authority (Norfolk County Council)
  • Norfolk Children’s Services
  • Pupil Asset (school management information system)
  • A number of assessment and learning based websites, such as Accelerated Reader

The information that we share with these parties includes the following:

  • Personal information – e.g. names, pupil numbers and addresses
  • Characteristics – e.g. ethnicity, language, nationality, country of birth and free school meal eligibility
  • Attendance information – e.g. number of absences and absence reasons
  • Assessment information – e.g. national curriculum assessment results 
  • Relevant medical information
  • Information relating to SEND
  • Safeguarding concerns
  • Behavioural information – e.g. number of temporary exclusions

What are your rights?

 

Parents and pupils have the following rights in relation to the processing of their personal data.

 

You have the right to:

 

  • Be informed about how Worstead Primary School uses your personal data.
  • Request access to the personal data that Worstead Primary School holds.
  • Request that your personal data is amended if it is inaccurate or incomplete.
  • Request that your personal data is erased where there is no compelling reason for its continued processing.
  • Request that the processing of your data is restricted.
  • Object to your personal data being processed.

Where the processing of your data is based on your consent, you have the right to withdraw this consent at any time.

 

If you have a concern about the way Worstead Primary School and/or the DfE is collecting or using your personal data, you can raise a concern with the ICO. The ICO can be contacted on 0303 123 1113, Monday-Friday 9am-5pm.

 

Our ICO registration number as a data controller is Z4607647 and runs until 23.3.22.

 

 

 

 

 

Top

Cookies

Unfortunately not the ones with chocolate chips.

Our cookies ensure you get the best experience on our website.

Please make your choice!

Cookies

Some cookies are necessary in order to make this website function correctly. These are set by default and whilst you can block or delete them by changing your browser settings, some functionality such as being able to log in to the website will not work if you do this. The necessary cookies set on this website are as follows:

Website CMS

A 'sessionid' token is required for logging in to the website and a 'crfstoken' token is used to prevent cross site request forgery.
An 'alertDismissed' token is used to prevent certain alerts from re-appearing if they have been dismissed.
An 'awsUploads' object is used to facilitate file uploads.

Matomo

We use Matomo cookies to improve the website performance by capturing information such as browser and device types. The data from this cookie is anonymised.

reCaptcha

Cookies are used to help distinguish between humans and bots on contact forms on this website.

Cookie notice

A cookie is used to store your cookie preferences for this website.

Cookies that are not necessary to make the website work, but which enable additional functionality, can also be set. By default these cookies are disabled, but you can choose to enable them below: