This Privacy Notice has been written to inform our current and previous staff body; current and prospective pupils, parent, carers or guardians (referred to in the policy as “parents”) of Brackenfield School about what we do with your personal information in relation to personal data. This Notice may be subject to change.
Who are we?
Brackenfield School is a ‘Data Controller’ as defined by Article 4 (7) of the UK GDPR. This means that we determine the purposes for which, and the manner in which, your personal data is processed. We have a responsibility to you and your personal data and will only collect and use this in ways which are compliant with data protection legislation.
The school has appointed Veritau Ltd to be its Data Protection Officer (DPO). The role of the DPO is to ensure that the school is compliant with the UK GDPR and to oversee data protection procedures. Veritau’s contact details are:
Schools Data Protection Officer
Northallerton DL7 8AL
[email protected] 01904 554025
Please ensure you include the name of your school in all correspondence
What information do we collect?
The categories of information that we collect, hold and share include the following:
- Names, addresses, telephone numbers, e-mail addresses and other contact details
- Financial details in regard to fees (parents); and salaries (staff)
- Past, present and prospective pupil’s academic, disciplinary, admissions and attendance records (including information about any special needs), and assessment marks and tracking
- Personnel files including in connection with academics, employment or safeguarding
- In line with Safer Recruitment and Safeguarding; health and welfare and next of kin details
- Special Data Category Data
- Images of pupils and staff engaging in school activities, and images captured by the school’s CCTV system (in accordance with the school’s CCTV policy
We will also process certain ‘special category’ data about our staff & pupils including:
Health, ethnicity, religion or sexual life, criminal records data in accordance with rights or duties imposed by law, including safeguarding and employment or from time to time by explicit consent where required.
Why do we collect your personal data?
We use the information we collect:
- To safeguard pupils’ welfare and provide appropriate pastoral (and where necessary, medical) care, and to take appropriate action in the event of an emergency, incident or accident, including by disclosing details of an individual’s medical condition or other relevant information where it is in the individual’s interests to do so: for example for medical advice, for social protection, safeguarding, and cooperation with police or social care, for insurance purposes or to caterers or organisers of school trips who need to be made aware of dietary or medical needs;
- To provide educational services in the context of any special educational needs of a pupil;
- To provide spiritual education in the context of any religious beliefs;
- In connection with employment of its staff, for example DBS checks, welfare, union membership of pension plans;
- As part of any school or external complaints, disciplinary or investigation process that involves such data, for example if there are SEN, health or safeguarding elements; or
- For legal and regulatory purposes (for example child protection, diversity monitoring and health & safety) and to comply with its legal obligations and duties of care
Any personal data that we process about our pupils and parents is done so in accordance with Article 6 and Article 9 of the UK GDPR:
Our legal basis for processing your personal data, in line with Article 6(1)(c) include:
- Legal obligations
- Public task
Who do we obtain your information from?
Much of the information we process will be obtained directly from you. We will also process information received from:
- References (staff & pupils)
- Application forms
- Census forms
- Government based forums (for example Department for Education)
Who do we share your personal data with?
We routinely share pupil information with:
- Professional advisors (insurers, payroll)
- Government authorities ( HMRC, DfE, North Yorkshire Country Council)
- Regulatory bodies ( Teaching Regulation Agency, Independent Schools Inspectorate, Census bodies)
For the most part, personal data collected by the school will remain within the school and will be processed by appropriate individuals only in accordance with access protocols. Particularly strict rules of access apply in context of:
- Medical records (held and accessed only by appropriate medical staff in accordance with express consent
- Pastoral or safeguarding files
However, a certain amount of SEN pupils’ relevant information will need to be provided to staff more widely in the context of providing the necessary care and education that the pupil requires.
Staff, pupils and parents are reminded that the school is under duties imposed by law and statutory guidance (including Keeping Children Safe in Education) to record or report incidents and concerns that arise or are reported to it, in some cases regardless of whether they are proven, if they meet a certain threshold of seriousness in their nature or regularity. This is likely to include file notes on personnel or safeguarding files, and in some cases referrals to relevant authorities such as the LADP or police. For further information about his, please view the school’s Safeguarding policy.
Finally , in accordance with Data Protection Law, some of the school’s processing activity is carried out on its behalf of third parties, such as IT systems, web developers or cloud storage providers. This is always in accordance with the school’s specific directions.
How long do we keep your personal data for?
The school with retain personal data securely and only in line with how long it is necessary to keep for a legitimate or lawful reason, it will be kept in accordance with the Data Retention Policy.
If you have any specific query about how our retention policy is applied please get in touch directly with the school on [email protected] and the query will be dealt with via the data administrator in school.
Please note we have a legal right to retain (within the retention policy) some categories of data even if you request that records are destroyed. This is for Legitimate reasons or Public Task
What rights do you have over your data?
Under the UK GDPR data subjects have the following rights in relation to the processing of their personal data:
- to be informed about how we process your personal data. This notice fulfils this obligation
- to request access to your personal data that we hold, and be provided with a copy of it
- to request that your personal data is amended if inaccurate or incomplete
- to request that your personal data is erased where there is no compelling reason for its continued processing
- to request that the processing of your personal data is restricted
- to object to your personal data being processed
If you have any concerns about the way we have handled your personal data or would like any further information, then please contact our DPO on the address provided above.
If we cannot resolve your concerns you may also complain to the Information Commissioner’s Office (the Data Protection Regulator) about the way in which the school has handled your personal data. You can do so by contacting:
First Contact Team
Information Commissioner’s Office
Wilmslow Cheshire SK9 5AF
[email protected] /0303 123 1113
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.
You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.