Privacy Policy

The Good Shepherd Multi Academy Trust (09341374) is the ‘data controller’ under the UK General Data Protection Regulation (UK GDPR) for the use of personal data and is registered with the ICO. A copy of our full Data Protection policy is available on request, please contact dataprotectionofficer@thegoodshepherdmat.co.uk

Personal data is any information that can be used to identify a living person, either on its own, or in combination with other pieces of data. Data processing includes the collection, use, and storage of data.


Categories of data

The categories of pupil related information that we process include:

We collect the following information your child attends one of our schools or if you volunteer or work within the Trust:

If you or your child attends:

  • Personal identifiers like name, address, unique pupil number and contact details.
  • Characteristics like ethnicity, language, free school meal and pupil premium eligibility
  • Image and voice recordings for assessment, celebration and in CCTV for safety and security reasons
  • Safeguarding information like court orders and the involvement of other professionals
  • Special educational needs including the needs and ranking.
  • Medical information like doctors’ details, child health, dental health, allergies, medicines and dietary requirements
  • Financial information like bank details and entitlement to meals, transport and premium funding to manage catering, school trips etc.
  • Attendance e.g., sessions attended, absence, absence reasons, previous schools attended.
  • Assessment and attainment like Key Stage 1/Key Stage 2 and phonics results
  • Behaviour information like behaviour management plans, exclusions and alternative provision

If you work or volunteer:

  • Personal identifiers like name, address, contact details, employee or teacher number, national insurance number and image.
  • Financial information like bank account, pension, benefits, insurance and similar details
  • Contract information like start dates, hours worked, post, roles, salary information, and pre-employment vetting information like references
  • Work absence information like the number of absences and reasons
  • Qualifications and, where relevant, subjects or specialisms taught

We may also collect, store and use information about you that falls into “special categories” of more sensitive personal data. This includes information about (where applicable):

Special categories of data like:

  • Medical information for emergency or occupational health reasons
  • Criminal convictions or social care information for legal and safeguarding reasons
  • and protected characteristics information like sex, age, ethnic group etc.

These lists are not exhaustive. 


Why?

Why we collect and use this information:

The personal data we collect is essential for Good Shepherd Trust schools to fulfil official functions and meet legal requirements. 

We use pupil information to: 

a)     Support learning.
b)     Monitor and report on pupil attainment progress.
c)     Provide appropriate pastoral care.
d)     Assess the quality of what we do.
e)     Keep children safe e.g., food allergies, emergency contact details, CCTV.
f)      Meet statutory duties placed on us by the Department for Education, UK Health Security Agency etc.
g)     Celebrate or promote our schools and wider Trust, for scientific interest, or to record our own history.
h)     To control access to services

Under UK GDPR, the lawful bases we rely on for processing personal information about pupils are: 

  • To perform a public task i.e., to provide education (mainly reasons a, b, c and d, above)
  • To protect vital interests (and sometimes carry out a contract too) e.g., to provide safe meals, trips, transport, uniform, childcare (mainly reasons a and e, above)
  • To comply with the law (mainly reasons b and f, above)
  • Having consent (mainly reason g, above, and to process ethnicity data) e.g., use images or name publicly.

When we process special category data like medical information, we need to have one lawful basis from the list above and one of the following list: 

  • To prevent medical problems, assess needs, and provide services (mainly reasons e and f, above) e.g., EHCO plans, records of medicine administration.
  • To improve public health e.g., report notifiable diseases appropriately.
  • To make or defend legal claims e.g., some special educational needs and all accident records.
  • Having consent (mainly reason h, above)

We use workforce data to: 

a)     Provide us with a comprehensive picture of our workforce, how it is deployed, how it can be developed and kept safe.
b)     Recruit appropriately and to inform the development of recruitment and retention policies.
c)     Enable individuals to be evaluated and developed in their career and be paid.
d)     Meet statutory duties placed on us by HMRC, the Home Office, Department for Education, Department for Work and Pensions, UK Health Security Agency etc.
e)     Enable individuals to access premises or services we control e.g., system logins.
f)      Celebrate or promote our schools and wider Trust, for scientific interest, or to record our own history

Under UK GDPR, the lawful bases we rely on for processing personal workforce information are: 

  • To enter, or carry out a contract (mainly reasons b, c and e above) e.g., to employ people or buy services for people to use
  • To comply with the law (mainly reasons b, c and d above) e.g., recording sickness absence for benefits purposes, data sharing with child protection partners like social care, the NHS and Local Authorities
  • To protect vital interests (mainly reason a above) e.g., allergy or other health information
  • Having consent (mainly reasons e and f above, and to process ethnicity data) e.g., use images and names in publicity (if another basis does not apply) or use biometric data as an identifier

When we process special category data like medical information, biometrics, or criminal history, we need to have one lawful basis from the list above and one of the following list:

  • Having consent (mainly reasons a, d and e above) e.g., to use biometric controlled services or referral to occupational health or other support services
  • To comply with the law (mainly reason d above) e.g., pre-employment criminal record checks, providing reasonable adjustments for work or interview
  • For preventative or occupational medicine or to assess the work capacity of an employee or to improve public health (mainly reason a above) e.g., report notifiable diseases to local or national government departments
  • To make or defend legal claims (mainly reason d above) e.g., some special educational needs records which include details about the staff involved, and all accident records etc.

Collecting this Information

We collect relevant pupil information via data capture forms at the start of each academic year or a secure file sent to us when a child joins from another school. We collect personal information via job application forms and other pre-employment evidence such as references and qualifications as well as staff contract forms. 

Most of the information we ask for is required by law or necessary so we can provide a good education, some of it is voluntary. To comply with data protection legislation, if you have a choice about providing information, we will tell you when we ask for it. We will also tell you what to do if you do not want to share this information with us.


Storing this Information

We hold personal data securely in line with our Records Management Policy and Procedure. Most data about staff and volunteers will be kept for between 6 months and 6 years after an event or the end of a contract, although some is kept for much longer e.g., first aid and accident records that also involved children. Unsuccessful applicant data is kept for 6 months after the date of appointment. 


Data Sharing

We do not share information with anyone without consent unless the law and our policies allow us to do so.

The laws listed in this notice that require us to collect information also require us to share it. Data is transferred securely by hand delivery or registered post, via a government data transfer system (like School to School), via a contractor’s secure data sharing system like our online school trips safety system, and sometimes in other secure ways.

We routinely share pupil information with: 

  • Other parts of the Good Shepherd Trust, to monitor the quality of our provision, benchmark, and to make decisions about policy, practice and funding.
  • Schools and other education providers pupils go to after leaving us to support their continuing education
  • Child development and protection partners: Local Authority children’s services, Public Health, Inclusion and Social Care etc. to check attendance, monitor and protect children, the NHS for medical referrals and support, private companies offering counselling and other family or support services
  • The DfE to help decide our school funding, monitor attainment and benchmark nationally, compile league tables, develop national education policy and monitor it.
  • Our Local Authorities to ensure they can conduct their statutory duties such as under the Schools Admission Code, including conducting Fair Access Panels, and careers guidance legislation.
  • Medical services like therapists, the school nurse, or the NHS for things like screening, vaccinations, health/eye/dental checks, Educational Health and Care Plan (EHCP) provision etc. and the UK Health Security Agency about certain contagious infections our pupils may encounter.
  • Government departments like the UK Health Security Agency, local authorities’ public health, Environmental Health Departments to comply with the law and support public health action
  • Voluntary and charitable organisations (with your permission only), such as Barnardo’s and similar organisations who offer families practical help and support.

We share workforce data with the Department for Education (DfE) on a statutory basis. This data sharing underpins workforce policy monitoring.

We also share workforce information with: 

  • Other parts of the Good Shepherd Trust, to monitor the quality of our provision, benchmark, and to make decisions about policy, practice and funding as well as workforce distribution and development
  • Our payroll and pensions service provider to pay people
  • The Local Government Pension scheme (Your Pension Service) to manage pension contributions
  • The Teachers’ Pension to manage pension contributions
  • HMRC for legal and tax reasons
  • Occupational Health and similar staff support services only with the consent of the individual
  • Organisations involved with our children like the local authority or other partner professionals who need the names, job titles, contact details and perhaps qualifications of our employees, the places we take children to on trips who might need more personal information like next of kin and medical needs, and workforce development organisations like training providers
  • Government departments like UK Health Security Agency, local authority public health and Environmental Health departments to comply with the law and support public health action

Sharing with the Department for Education and Local Authorities

We are required to share information about our pupils and workforce with the DfE directly or via the relevant local authority for the purpose of statutory data collections, under the following legislation:

  • Section 29(3) and section 537A of the Education Act 1996
  • The Education (School Performance Information) (England) Regulations 2007
  • Regulations 5 and 8 of the School Information (England) Regulations 2008
  • The Education (Pupil Registration) (England) Regulations 2006
  • Section 83 of the Children Act 1989 (for monitoring and research purposes)
  • For census purposes under regulation 5 of The Education (Information About Individual Pupils) (England) Regulations 2013.

All data is transferred securely and held by the DfE under a combination of software and hardware controls, which meet the current government security policy framework. For more information, please see the section on ‘How Government uses your data’ below.


Requesting access to your personal data

Your Rights

Data protection legislation gives parents, carers, pupils, staff and volunteers the right to request access to information about them that we hold. To make a request for your personal information or be given access to your child’s education record use the contact details given above and below.

Depending on which lawful basis was used to process the data (above), you may also have the right to:

  • Ask for access to information about you that we hold
  • Have your personal data rectified if it is inaccurate or incomplete
  • Request the deletion or removal of personal data where there is no compelling reason for its continued processing
  • Restrict our processing of your personal data (i.e., permitting its storage but no further processing)
  • Object to direct marketing (including profiling) and processing for the purposes of scient/historical research and statistics
  • Be subject to decisions based purely on automated processing where it produces a legal or similarly significant effect on you.

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/

For further information on how to request access to personal information held centrally by the DfE, please see the sections below.

Withdrawal of consent and the right to lodge a complaint

Where we are processing your data with your consent, you have the right to withdraw that consent. If you change your mind or are unhappy with our use of your personal data, please let us know by contacting us:

To discuss anything in this privacy notice, please contact our Data Protection Officer: 
dataprotectionofficer@thegoodshepherdmat.co.uk


How Government uses your data

The data that we lawfully share with the DfE through data collections: 

  • underpins school funding, which is calculated based upon the numbers of children and their characteristics in each school.
  • informs 'short term' education policy monitoring and school accountability and intervention (for example, school results or Pupil Progress measures)
  • informs departmental policy on pay and the monitoring of the effectiveness and diversity of the state education workforce
  • links to education funding and expenditure
  • supports 'longer term' research and monitoring of educational policy

Data collection requirements

To find out more about the data collection requirements placed on us by the DfE (for example; via the school census) go to www.gov.uk/education/data-collection-and-censuses-for-schools.

The National Pupil Database (NPD)

Much of the data about pupils in England is held in the National Pupil Database (NPD). The NPD is owned and managed by the DfE and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department.

It is held electronically for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies. To find out more about the NPD, visit gov.uk

Sharing by the DfE

The law allows the DfE to share pupils’ personal data with certain third parties, including:

  • schools and local authorities
  • researchers
  • organisations connected with promoting the education or wellbeing of children in England
  • other government departments and agencies
  • organisations fighting or identifying crime

The Department may share information about school employees with third parties who promote the education or well-being of children or the effective deployment of school staff in England by: 

  • Conducting research or analysis
  • Producing statistics
  • Providing information, advice or guidance

The Department has robust processes in place to ensure that the confidentiality of personal data is maintained and there are stringent controls in place regarding access to it and its use. Decisions on whether DfE releases personal data to third parties are subject to strict approval process and based on a detailed assessment of: 

  • Who is requesting the data
  • The purpose for which it is required
  • The level and sensitivity of data requested
  • The arrangements in place to securely store and handle the data

To be granted access to workforce information, organisations must comply with its strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.

Organisations fighting or identifying crime may use their legal powers to contact DfE to request access to individual level information relevant to detecting that crime. Whilst numbers fluctuate slightly over time, DfE typically supplies data on around 600 pupils per year to the Home Office and roughly 1 per year to the Police.

For information about which organisations the DfE has provided pupil information, (and for which project) or to access a monthly breakdown of data share volumes with Home Office and the Police please visit the gov.uk website.

Finding out what information the DfE holds

How to find out what personal information the DfE holds about you.

Under the terms of the Data Protection Act 2018, you are entitled to ask the DfE:

  • if they are processing your personal data
  • for a description of the data they hold about you
  • the reasons they are holding it and any recipient it may be disclosed to
  • for a copy of your personal data and any details of its source

If you want to see the personal data held about you by the DfE, please make a ‘Subject Access Request’ to them. Find out how in the DfE’s personal information charter published at gov.uk.

To contact the DfE go to: www.gov.uk/contact-dfe.


This privacy notice was compiled using DfE advice and model documents. We may need to review it periodically, so we recommend that you revisit this information from time to time.


Online Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.


How we use cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.


Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.