St. Patrick's Grammar School

Achievement Through Excellence

Translate

enfrdeitptrues

St. Patrick's G.S. App

Twitter Feed @stpatsarmagh

INTRODUCTION

 

This Policy is intended to provide information about how St Patrick’s Grammar School, Armagh (the School) will use (or process) personal data about its current, past and prospective students and their parents, carers or guardians (referred to in this policy as ‘parents’). Parents and pupils are encouraged to read this Privacy Notice and understand the School’s obligations and your rights.  The Privacy Notice applies alongside any other information the School may provide about a particular use of personal data, for example, when collecting data via online or paper form. 

 

ABOUT US

 

The School is the data controller of the personal information we hold about our pupils and their parents/families/carers/legal guardians. This means that we are responsible for deciding how we hold and use the personal information which we collect.

 

We are required under the General Data Protection Regulation (GDPR) to notify you of the information contained in this privacy notice.

 

We collect and use pupil information under the Education Act (Northern Ireland) 2014 and other legislation. You may find the specific legislation at https://www.education-ni.gov.uk/department-education-legislation.

 

The majority of pupil information you provide to us is information which you are legally obliged to provide but some pupil information is provided to us on a voluntary basis. When collecting information from you we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this.

 

This notice applies to prospective, current and former pupils and their families/carers/legal guardians and those applying for a place at the school and their families/carers/legal guardians. We may update this notice at any time but if we do so, we will inform you as soon as reasonably practicable.

 

It is important that you read and retain this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information and what your rights are under the GDPR.

 

If you have any questions about this privacy notice or how we handle personal information, please contact Mr D Clarke at St Patrick’s Grammar School, Cathedral Road, Armagh, County Armagh, BT61 7QZ - Tel: 028 37522018.

 

Our Data Protection Officer is Mr Dominic Clarke, the Principal, who monitors the school’s data protection procedures to ensure they meet the standards and requirements of the GDPR.

 

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. The ICO’s details are as follows:

 

The Information Commissioner’s Office – Northern Ireland 3rd Floor 14 Cromac Place, Belfast BT7 2JB Telephone: 028 9027 8757 / 0303 123 1114 Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

HOW DO WE COLLECT AND HOLD PERSONAL INFORMATION?

 

We collect some personal information about our pupils and their families/carers/legal guardians during a pupil’s application process to the school.

 

We will sometimes collect additional information from third parties such as the Education Authority, Department of Education, examination board or previous school attended by a pupil.

 

We mainly collect personal information about our pupils and their families/carers/legal guardians throughout the course of the pupil’s time at the school, for instance when completing educational visit consent forms, from statutory curriculum assessments and throughout our relationship with a pupil when we are exercising our legal obligations as a public educational body and during our pastoral care.

 

 

WHAT PERSONAL INFORMATION DO WE COLLECT, STORE AND USE ABOUT OUR PUPILS?

 

Personal information is information that identifies you and relates to you. We will collect, store and use the following categories of personal information about our pupils:

  • Personal information (such as name, age, date of birth, photographs and unique pupil number).
  • Contact information (such as address, email, emergency contact information and telephone number of parents/guardians).
  • Attendance information (such as sessions attended, number of absences and absence reasons).
  • Assessment information (such as statutory assessment process, GCSE and post-16 qualifications and standardised tests provided by commercial companies).
  • Exclusion and behavioural information.
  • CCTV footage captured in school and other information obtained through electronic means.
  • Non-sensitive characteristic data (such as free school meal eligibility).
  • Special categories of data (such as ethnicity, language, country of birth, nationality, information regarding health, special educational needs, allergies and disability).
  • Photographs which may be used in St Patrick’s Grammar School magazines, website and school social media.

We use CCTV for primary purpose of reducing the threat of crime generally, protecting the School’s premises and helping to ensure the safety of all staff, students and visitors consistent with respect for the individuals' privacy. These purposes will be achieved by monitoring the system to:

 

  • Deter those having criminal intent
  • Assist in the prevention and detection of crime
  • Facilitate the identification, apprehension and prosecution of offenders in relation to crime and public order
  • Facilitate the identification of any activities/event which might warrant disciplinary proceedings being taken against staff or students and assist in providing evidence to managers and/or to a member of staff or student against whom disciplinary or other action is, or is threatened to be taken.

The system will not be used:

 

  • To provide recorded images for the world-wide-web.
  • To record sound other than in accordance with the policy on covert recording.
  • For any automated decision taking.

 

 

WHAT PERSONAL INFORMATION DO WE COLLECT, STORE AND USE ABOUT OUR PUPILS’/ PARENTS/FAMILIES/CARERS/LEGAL GUARDIANS?

 

We will collect, store and use the following categories of personal information about our pupils’/parents/families/carers/legal guardians:

 

  • Personal information (such as name, age, date of birth and photographs).
  • Contact information (such as address and telephone number).
  • Financial information (such as bank account details and payment history).
  • CCTV footage captured in school and other information obtained through electronic means.

WHY DO WE COLLECT, STORE AND USE THIS INFORMATION?

We will only use personal information when the law allows us to. Most commonly, we will use personal information relating to our pupils and their parents/families/carers/legal guardians where we need to comply with our legal obligations and where it is needed in the public interest for us to exercise our authority as a public educational body.

 

In some cases, we may use personal information where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, the school has a legitimate interest in providing pupils with an education, safeguarding and promoting pupil welfare, facilitating the efficient operation of the school.

 

We may also use your personal information, less frequently to protect a pupil’s or their family’s interests (or someone else's interests). For example, when investigating a complaint made by another pupil.

 

We keep personal information electronically on the School’s information management systems, the School’s IT network, or manually in indexed filing systems.

 

Situations in which we will use personal data, including special category data, include:

 

·         Teaching & Learning

For example:

Ø  to monitor and report on pupil progress.

Ø  to provide appropriate pastoral care.

 

 

 

 

·         Statutory Returns

For example:

Ø  to monitor equal opportunities.

 

·         Safeguarding & Child Protection

For example:

Ø  to safeguard pupils.

Ø  to manage a pupil’s absence.

 

·         Security

For example:

Ø  to comply with health and safety obligations.

Ø  to comply with the law regarding data sharing.

·         Business Continuity

For example:

Ø  to assess the quality of our services.

·         Access to Systems

For example:

Ø  to support pupil learning.

·         Communications

For example:

Ø  to foster links between the school and the local community, including fundraising events.

·         Sound Financial Management

For example

Ø  to provide more efficient means of payment for school facilities such as catering services.

CONSENT

The rights under the Data Protection Law belong to the individual to whom the data relates. However, the School will often rely on parental authority or notice for the necessary ways it processes personal data relating to pupils. 

Whilst the majority of the personal data provided to the school is required for us to comply with our legal obligations, some of that information is provided on a voluntary basis through parental consent (namely, a parent’s/carer’s/legal guardian’s express agreement). A pupil aged 13 or over is considered capable of giving consent themselves and will not require express agreement from a parent/carer/legal guardian.

Where consent is required, for example collecting and using biometric data for the School’s cashless catering payment system or for access to certain areas within the School, the school will provide the person with parental responsibility for a pupil or, if aged 13 or over, the pupil themselves, with a specific and clear notice which explains the reasons why the data is being collected and how the data will be used.  You should be aware if you do not consent to our collection of this type of data, this will not affect the standard of education we deliver to the pupil.

In general, the School will assume that pupils’ consent is not required for ordinary disclosure of their personal data to parent, e.g. for the purposes of keeping parents informed about pupil activities, progress and behaviour, and in the interests of the pupils’ welfare. That is unless, in the School’s opinion, there is a good reason to do otherwise. 

However, where a pupil seeks to raise concerns confidentially with a member of staff and expressly withholds their agreement to their personal data being disclosed to their parents, the Scholl may be under an obligation to maintain confidentiality unless, in the School’s opinion, there is a good reason to do otherwise, for example, if the School believes disclosure would be in the best interests of the pupil or other pupils, or of required by law.

Pupils are required to respect the personal data and privacy of others, and to comply with the School’s policies and the School rules in this regard.

If we ask for your consent to use personal information, you can take back this consent at any time. Please contact the School (Mr D Clarke if you wish to withdraw your consent).  Please be aware that we do not need to obtain parental consent if personal data is to be processed for the purposes of obtaining counselling services for the child.

HOW LONG IS DATA STORED FOR?

We will only keep personal information for as long as necessary to fulfil the purposes we collected it (for example, to educate and look after pupils) and including for the purposes of satisfying any legal, accounting, or reporting requirements.  The legal recommendation for how long we keep personnel files is 7 years following departure from the School.  However, some reports may be retained longer in accordance with specific legal requirements.

A limited and reasonable amount of information will be retained for archiving purposes, for example, when you request that we no longer hold information about you, we will need to keep a record of the fact that you have made this request (suppression record).

We do not store personal data forever; we only hold pupil and family data for as long as we are legally able to do so. However, sometimes we will keep personal information for historical reasons (e.g. year group or sports team photographs) but you will always have a right to ask for it to be destroyed.

In determining the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

 

DATA SECURITY

 

We have put in place appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a need to know. They will only process personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator (currently the Information Commissioner’s Office) of a suspected breach where we are legally required to do so.

WHO WE SHARE PUPIL INFORMATION WITH?

We may have to share pupil and their family’s data with third parties, including third-party service providers and other bodies such as:

  • the new school/s that the pupil attends after leaving us.
  • the Department of Education.
  • the Education Authority for Northern Ireland.
  • Northern Ireland Council for Curriculum Examinations and Assessments
  • The Board of Governors.
  • General Teaching Council for Northern Ireland
  • Middletown Centre for Autism
  • Youth Council for Northern Ireland
  • Exceptional Circumstances Body
  • Department of Health and Health & Social Care Trusts
  • PSNI
  • C2K School Management Information System
  • Examination Boards such as AQA, CCEA and Excel
  • Commercial standardised test providers.

Why we share pupil information

We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so. We only permit access to personal data for specified purpose and in accordance with our instructions.

 

We are required to share pupils’ data with the Department of Education and/or the Education Authority on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring. We also share information with the NHS or a pupil’s destination upon leaving school.

Pupils aged 13+

Once our pupils reach the age of 13, we also pass pupil information to our local authority and / or provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds.

 

This enables them to provide services as follows:

 

  • youth support services
  • careers advisers

A parent, carer or guardian can request that only their child’s name, address and date of birth is passed to their local authority or provider of youth support services by informing us. This right is transferred to the child / pupil once he/she reaches the age 16.

Pupils aged 16+

We will also share certain information about pupils aged 16+ with Department of Education and/or provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds.

 

This enables them to provide services as follows:

  • post-16 education and training providers
  • youth support services
  • careers advisers.

Schools Census

 

The Department of Education has a legal right to ask for particular information under the Education and Libraries (NI) Order 2003 and is referred to as the “School Census”. This information includes information on pupil characteristics such as date of birth, gender, ethnicity, religion, free school meal entitlement and special educational needs status. A number of statistical releases are made available through the Department of Education website covering data on enrolments, participation rates, pupil teacher ratios, school leavers, attendance and school performance

 

TRANSFERRING DATA OUTSIDE THE EU

 

We will not transfer the personal information we collect about you to any country outside the EU without telling you in advance that we intend to do so and what steps we have taken to ensure adequate protection for your personal information in those circumstances.

 

YOUR RIGHTS OF ACCESS, CORRECTION, ERASURE AND RESTRICTION

 

Under GDPR, pupils/parents/families and carers have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact the Principal, Mr D. Clarke on or at:

 

St Patrick’s Grammar School

Cathedral Road

County Armagh

BT61 7QZ

Tel: 028 37522018  

Email: This email address is being protected from spambots. You need JavaScript enabled to view it..

 

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights).

 

This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Under certain circumstances, by law a parent/carer/legal guardian or a child over the age of 13 has the right to:

  • Request access to personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and your child and to check that we are lawfully processing it. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
  • Request correction of the personal information that we hold about you and your child. This enables you to have any incomplete or inaccurate information we hold corrected.
  • Request erasure of personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of personal information where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing you and your child’s personal information for direct marketing purposes.
  • Request the transfer of your personal information to another party, for instance a new school.