Queen Ethelburga's Collegiate
Privacy Notice for Parents and Students
Reviewed August 2017
Reviewed May 2018
1.1 This notice explains how each of Queen Ethelburga's Collegiate - Queen's Kindergarten, Chapter House Preparatory School, King's Magna Middle School, Queen Ethelburga's College and The Faculty of Queen Ethelburga's – (hereafter referred collectively referred to as the Collegiate) processes your personal information/data. In this document "we" "us" or "our" means the Collegiate or any part of it.
1.2 We aim to comply with the General Data Protection Regulation (the GDPR), following 25th May 2018, when processing your personal information. The purpose of the GDPR is to safeguard information about people (referred to in the GDPR as Personal Data) and covers issues such as data security, individuals' rights to access information about them held by the Collegiate, and the use and disclosure of Personal Data.
1.3 This document is commonly known as a "privacy notice".
1.4 We are the Data Controller of Personal Data about students and their parents and/or guardians. This means that we are responsible for compliance with the relevant legislation.
1.5 This notice also applies to prospective students and their parents and / or guardians.
1.6 The Collegiate has appointed Mr R. Holdsworth as our Data Protection Officer (DPO) with effect from 25th May 2018. Any questions you have in relation to this policy on or after this date should be directed to the DPO.
2 How we acquire Personal Data
2.1 We may acquire Personal Data in a number of ways including, without limitation, the following: 2.1.1 parents of students may provide us with Personal Data about themselves or their family in correspondence, forms, documents, during discussions with staff, and through our website;
2.1.2 we may acquire Personal Data from other parents, or from people outside of the community who know parents or from the students themselves; and
2.1.3 we may acquire Personal Data from third parties such as schools and nurseries, public authorities, public sources or from commercial sources such as credit reference agencies.
3 Why we collect Personal Data
3.1 We commonly use Personal Data for: 3.1.1 ensuring that we provide a safe and secure environment;
3.1.2 providing pastoral care;
3.1.3 providing education and learning for students; 3.1.4 enabling students to take part in examinations and assessments, and to monitor students' progress and educational needs;
3.1.5 providing additional activities for students and parents, for example, activity clubs and educational visits;
3.1.6 protecting and promoting our interests and objectives - this includes fundraising;
3.1.7 legal and management purposes and to enable the Collegiate to meet its legal obligations as an employer, for example to pay staff, and to monitor their performance;
3.1.8 to gauge how well the school is performing;
3.1.9 safeguarding and promoting the welfare of students; and
3.1.10 fulfilling our contractual and other legal obligations. 3.2 Personal Data processed by us includes contact details (including names, addresses, telephone numbers and e-mail addresses), medical/health information, disciplinary records, pastoral, admissions and attendance records, information relating to special educational needs and images of students engaging in Collegiate activities (and in relation to parents and/or guardians, may include financial or other payment information). It may also include online identifiers such as IP addresses.
3.3 We may also process Sensitive Personal Data such as information about parents' and/or students' ethnic group, marital status, religious beliefs and relevant medical information.
3.4 We may share Personal Data with third parties where doing so complies with the relevant legislation. For example, we may: 3.4.1 disclose parent / pupil information to the relevant statutory agencies (such as with UK Visas and Immigration) where we need to share information in order to comply with our reporting obligations or for safeguarding reasons;
3.4.2 disclose details of a pupil's medical condition where it is in the pupil's interests to do so, for example for medical advice, insurance purposes or to organisers of school trips;
3.4.3 share parent contact details and financial information with debt recovery organisations or with associated companies, where this is necessary for financial administration;
3.4.4 disclose information to fraud prevention or credit reference agencies; and
3.4.5 share information about parents and students with our solicitors or other professional advisors (for example, in order to obtain legal advice);
3.4.6 share information with bodies such as UCAS, universities, careers advisory services or those providing external assessment, where this is in the interest of supporting educational provision.
3.5 We may share information about a pupil with their parents where permitted by the relevant legislation, for example, information about the pupil's academic attainment, behaviour and progress.
3.6 We may use Personal Data for other purposes where the relevant legislation allows and where providing an explanation would not be appropriate - this includes for the prevention and investigation of crime and the prosecution of offenders.
3.7 Our aims are: 3.7.1 to record sufficient information for the purpose, but not unnecessary information;
3.7.2 to record Personal Data accurately and to keep it up-to-date;
3.7.3 not to use Personal Data in ways which are incompatible with the purpose for which it was originally recorded;
3.7.4 not to transfer Personal Data outside the European Economic Area unless we have the express permission of the individual, or have made appropriate arrangements with the recipient to ensure that the individual's privacy rights are protected; and
3.7.5 to have appropriate security arrangements in place to help prevent any unauthorised use of, or accidental loss or damage to, Personal Data. This includes using encryption and other technologies where appropriate.
3.7.6 to dispose of Personal Data appropriately after it is no longer needed. This includes:
3.7.7 to be fair to the subject of the information and to whoever provides it (if that is someone else).
3.8 The Collegiate will retain pupil files in accordance with the relevant legislation and statutory requirements e.g. pupil files are kept until 25 years from the date of birth. On occasion we may need to keep certain records for a long period of time (even indefinitely). For example, we may need to keep records for longer if there are safeguarding concerns or if you threaten to bring a claim against the Collegiate.
18.104.22.168 shredding papers securely where appropriate; and
22.214.171.124 permanently deleting information from computers and memory devices before they are disposed of.
3.9 We may share information between the schools in the Collegiate where doing so complies with the relevant legislation. For example, where a pupil moves from King's Magna Middle School to Queen Ethelburga's College or to the Faculty of Queen Ethelburga’s.
3.10 We may continue to use Personal Data of students after those students have left the Collegiate where doing so is allowed by the GDPR. For example, marketing photos of students who have since left the Collegiate may still be used to promote the Collegiate.
4 Data protection compliance: specific examples
4.1 We use CCTV recordings for the purposes of crime prevention and investigation and also in connection with our obligation to safeguard the welfare of students, staff and visitors to our site.
4.2 CCTV recordings may be disclosed to third parties such as the police but only where such disclosure is in accordance with the GDPR.
Photographs and publicity
4.3 We may use photographs and other media of children for marketing and promotion purposes, including in Collegiate publications, in social media and on the Collegiate website. We may also allow external publication of media where appropriate (for example, in a local newspaper).
4.4 We will usually seek permission where there are greater privacy concerns. For example if a child is to be specifically highlighted as part of a promotion or if the child is under 10 and is to be named in any article.
4.5 If permission is required then it will be sought as follows: 4.5.1 where the pupil is in Year 7 or below, permission will be sought from a parent or guardian;
4.5.2 where the pupil is in Year 8, 9, 10 or 11 then permission will be sought from both the pupil and the parent / guardian; and
4.5.3 if the pupil is in Year 12 or 13 then only the pupil's permission will be sought.
4.6 Occasionally, parents may ask us to keep information about a pupil confidential. For example, they may ask us to not use photographs of a pupil in promotional material or ask us to keep the fact that a pupil is on the school roll confidential. If parents would like information about a pupil to be kept confidential, they must immediately contact the Principal in writing, requesting an acknowledgment of their letter.
4.7 We publish information about Collegiate fixtures and events on our Parent Portal. This makes it easier for parents and students to find out about upcoming events and gather other information. The information published includes the full name of the students taking part, as well as information about the students' availability to take part in the event. The information is available to anyone who accesses our Parent Portal.
4.8 We may make enquiries of students' previous schools for confirmation that all sums due and owing to such schools have been paid. We may also inform other schools or educational establishments to which students are to be transferred if any of our fees are unpaid.
Fundraising, Clubs and Alumni Associations
4.9 We may use information about parents, former students, and others in connection with fundraising and promoting the interests of the Collegiate. For example, we may contact individuals who we consider might be interested in supporting the Collegiate in connection with a specific fundraising activity.
4.10 We may share the Personal Data of students and parents with other educational establishments for the purpose of providing a reference.
Examination results and pupil achievement
4.11 We publish examination results and university destinations in our own marketing materials and in the press that might include details of grades achieved and subjects taken, as well as university destination. We may also publish information about pupil achievement, for example where a student has performed particularly highly when grades and subjects of qualifications may be stated. Where this involves sharing sensitive personal data, permission will be sought.
5 Your rights under the GDPR
5.1 Subject Access Request:
5.1.1 Prior to 25th May 2018, parents and students have the right to request access to any personal data we hold about them. For further information on such requests, please refer to the Principal.
5.1.2 From 25th May 2018, subject to a number of exemptions contained in the GDPR, parents and students have a statutory right to know if we hold any Personal Data about them, and to know what it is, its source, how we use it, the logic we use in any automatic decisions, and who we disclose it to. Parents or Students who wish to access this information will need to make a Subject Access Request. This can be done by submitting a request in writing to the Principal, via the Principal’s PA, Elizabeth Smith-Dodsworth, emailing firstname.lastname@example.org, or the DPO. Under GDPR, there is no charge for this, unless the request is considered excessive. We will respond to a request within one month from when we receive the request in writing, together with any further information reasonably requested by us in order to fulfil the request.
5.2 Automatic decisions: From 25th May 2018, parents and students have a statutory right to ask us not to make decisions automatically (using Personal Data) if such automatic decisions would affect them to a significant degree.
5.3 Corrections: Parents and students have a statutory right to ask for incorrect Personal Data to be corrected, annotated or removed.
5.4 Use of Personal Data: From 25th May 2018, parents and students have a statutory right to ask us not to use their Personal Data in a way that is likely to cause them unwarranted and substantial damage or distress.
5.5 Withdrawal: From 25th May 2018, parents and students have a right to withdraw consent for use of their data for direct marketing or fundraising purposes.
5.6 Right to be forgotten: From 25th May 2018, parents and students have the right to request to have any Personal Data we hold about them to be erased where an exemption doesn’t apply.
5.7 Data portability: From 25th May 2018, parents and students have the right to request data portability of their Personal Data which we hold to another data controller (subject to certain conditions about the Personal Data being met).
5.8 Right to complain: Parents and students have the right to complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk, should you feel that there has been a breach of data protection regulation.
6 Further Information
6.1 Full details of your rights and further information can be found in the Data Protection Policy which is available on request.
6.2 ICO website: Further details of the Personal Data that we hold, and how we use it, can be found in our register entries on the Information Commissioner's website under the following registration numbers: 6.2.1 Chapter House Preparatory School Limited - registration number Z5580819;
6.2.2 KM School Limited - registration number Z2801031;
6.2.3 Queen Ethelburga's College Limited - registration number Z520742X;
6.2.4 Faculty of Queen Ethelburga's Limited - registration number ZA167783.
6.3 This website also contains further information about data protection.
6.4 The purpose of this notice is to explain how we use Personal Data about students and parents. It does not, and is not intended to, place any obligation on us greater than that set out in the relevant legislation.
6.5 Contact: If you would like any further information about anything within this notice then please contact the Principal