Privacy Notice

Privacy Notice for Pupils and Parents

We, Churchstanton Primary School are a Data Controller under the UK General Data Protection Regulation, which means that we need to provide you with information about how we use your personal data.

What we collect

We hold personal data such as:

  • Your name, contact details, and address

  • Information about you such as your ethnicity, language, and whether you have free school meals

  • Safeguarding information

  • Special Educational Needs information

  • Medical information

  • Your attendance

  • How well you’re doing in school, including any assessments and behavioural information

  • CCTV images.

Why we use it

We use your data to:

  • Support your learning and help your progress

  • Keep you safe and protect your wellbeing

  • Help the school improve

  • Meet our legal requirements such as sharing data with the Department for Education (DfE)

Legal basis

We process your data under:

  • UK GDPR Article 6(c) – Legal obligation, because the law says we need to collect and share this data

  • UK GDPR Article 6(e) – Public task, to enable the running of the school

  • UK GDPR Article 9(g) – Substantial public interest (for special category data)

 

Collecting your information

 

We collect your personal data through registration forms, annual data collection forms, and our interactions with you. This data is essential for the school’s operational use. The majority of the information you provide is mandatory, but some may be requested on a voluntary basis. To comply with the law, we will inform you at the point of collection whether you are required to provide information or whether you have a choice.

 

Storing your information

We retain data only as long as the law says we have to, or for the school’s operational use. For more information, please request to see our data retention schedule.

Who we share your information with

We may share your data with:

  • Your next school, if you transfer to another school

  • Our local authority, including social workers and public health teams

  • The Department for Education (DfE)

  • Youth support services if you are over 13

  • The police, if necessary

  • Your doctor, if necessary

We do not share your data with anyone without consent unless the law and our policies allow us to do so.

For more information, please see the ‘How Government uses your data’ section.

 

International transfers

We do not routinely store or share personal data outside of the UK or EU/EEA. If data is stored outside these areas, we ensure safeguards like standard contractual clauses are in place.

How Government uses your data

We will share some of your data with the Department for Education (DfE).

 

This includes data for the annual census, your attendance data, and data about your progress and attainment,

 

We share this information for:

·         School funding arrangements, because our funding is calculated on the number of children and their characteristics in each school

·         Education policy monitoring, to see how schools are performing and put interventions in place

·         To research and monitor educational outcomes

 

To find out more about the requirements placed on us by the DfE including the data that we share with them, go to go to https://www.gov.uk/education/data-collection-and-censuses-for-schools

Your personal data will also be added to the National Pupil Database (NPD) which is owned and managed by the DfE.  This data is used for research to improve and promote the education and wellbeing of children in England.

The evidence and data provide DfE, education providers, Parliament and the wider public with a clear picture of how the education and children’s services sectors are working in order to better target, and evaluate, policy interventions to help ensure all children are kept safe from harm and receive the best possible education. 

To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-npd-privacy-notice/national-pupil-database-npd-privacy-notice

The DfE will only share pupils’ personal data where it is lawful, secure and ethical to do so. Where these conditions are met, the law allows the Department for Education (DfE) to share pupils’ personal data with certain third parties, including:

  • schools and local authorities

  • researchers

  • organisations connected with promoting the education or wellbeing of children in England

  • other government departments and agencies

  • organisations fighting or identifying crime

 

For more information about the Department for Education’s (DfE) NPD data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data

Organisations fighting or identifying crime may use their legal powers to contact the Department for Education (DfE) to request access to individual level information relevant to detecting that crime.

For information about which organisations the Department for Education (DfE) has provided pupil information, (and for which project) please visit the following website: https://www.gov.uk/government/publications/dfe-external-data-shares

To request a copy of the personal data held about you by the DfE, you should make a subject access request (SAR). Further information on how to do this can be found within the DfE’s personal information charter:

https://www.gov.uk/government/organisations/department-for-education/about/personal-information-charter

or 
https://www.gov.uk/government/publications/requesting-your-personal-information/requesting-your-personal-information#your-rights 

To contact the DfE: https://www.gov.uk/contact-dfe

Requesting access to your personal data and your rights

You can request the following from the school:

  • Access your data

  • Correct or delete it

  • Restrict or object to its use

  • Request electronic transfer

  • Complain if your data is misused

To exercise any of these rights, please contact the school or Data Protection Officer (details below).

Contact us

For questions or data requests, contact the school or our Data Protection Officer at dposchools@somerset.gov.uk

 

Privacy Notice for Governors

 

We, Churchstanton Primary School are a Data Controller under the UK General Data Protection Regulation, which means that we need to provide you with information about how we use your personal data.

What we collect

We hold personal data such as:

  • Name, data of birth, contact details and address

·         Governance details (such as role, start and end dates and governor id)

  • Training records

  • Disability (if applicable)

  • CCTV images.

Why we use it

We use your data to:

  • Fulfil legal duties

  • Communicate school/trust business

  • Organise governance training

Legal basis

We process your data under:

  • UK GDPR Article 6(c) – Legal obligation, under section 538 of the Education Act 1996

  • UK GDPR Article 6(e) – Public task, to enable the running of the school

  • UK GDPR Article 9(g) – Substantial public interest (for special category data)

 

Collecting governance information

 

We collect your personal data through our interactions with you and governor contact forms. This data is essential for the school’s operational use. The majority of the information you provide is mandatory, but some may be requested on a voluntary basis. To comply with the law, we will inform you at the point of collection whether you are required to provide information or whether you have a choice.

 

Storing governance information

We retain data only as long as necessary for legal, regulatory, and operational purposes. For more information, please request to see our data retention schedule.

Who we share governance information with

We may share your data with:

  • Department for Education (DfE)

  • Local Authorities (e.g. Somerset LA)

  • Other authorised parties as required

We do not share information about individuals in governance roles with anyone without consent unless the law and our policies allow us to do so.

We share data with the DfE under the requirements set out in r section 538 of the Education Act 1996.

All data is entered manually on the GIAS service and held by the Department for Education (DfE) under a combination of software and hardware controls which meet the current government security policy framework.

For more information, please see the ‘How Government uses your data’ section.

International transfers

We do not routinely store or share personal data outside of the UK or EU/EEA. If data is stored outside these areas, we ensure safeguards like standard contractual clauses are in place.

How Government uses your data

The governance data that we lawfully share with the Department for Education (DfE) via GIAS will:

  • increase the transparency of governance arrangements

  • enable the school and the DfE to identify individuals who are involved in governance and who govern in more than one context

  • allow the DfE to be able to uniquely identify an individual and in a small number of cases conduct checks to confirm their suitability for the role

 

To find out more about the requirements placed on us by the DfE including the data that we share with them, go to https://www.gov.uk/government/news/national-database-of-governors

Some of these personal data items are not publicly available and are encrypted within the GIAS system. Access is restricted to authorised DfE and education establishment users with a DfE sign-in (DSI) account who need to see it in order to fulfil their official duties. The information is for internal purposes only and not shared beyond the DfE unless the law allows it.

To request a copy of the personal data held about you by the DfE, you should make a subject access request (SAR). Further information on how to do this can be found within the DfE’s personal information charter:

https://www.gov.uk/government/organisations/department-for-education/about/personal-information-charter

or 
https://www.gov.uk/government/publications/requesting-your-personal-information/requesting-your-personal-information#your-rights 

To contact the DfE: https://www.gov.uk/contact-dfe

Requesting access to your personal data and your rights

You can request the following from the Trust:

  • Access your data

  • Correct or delete it

  • Restrict or object to its use

  • Request electronic transfer

  • Complain if your data is misused

To exercise any of these rights, please contact the school or Data Protection Officer (details below).

Contact us

For questions or data requests, contact the school or our Data Protection Officer at dposchools@somerset.gov.uk

 

Privacy Notice for Recruitment

 

We, Churchstanton Primary School are a Data Controller under the UK General Data Protection Regulation, which means that we need to provide you with information about how we use your personal data.

What we collect

As part of your application, the school will require personal data such as:

·         your name(s), title, contact details, address, and national insurance numbers

·         ID documents

·         eligibility to work

·         previous employment history

·         education and professional qualifications

·         membership of professional or government bodies

·         referee details

·         equalities information (so that we can monitor workplace equality)

·         any information provided by your nominated referees (which includes any relevant disciplinary actions and/or sickness information)

·         any other relevant information you wish to provide to us

Why we use it

We use your data to:

  • Assess your suitability for the role

  • Validate the information you have provided such as references

Legal basis

We process your data under:

  • UK GDPR Article 6(b) – Contract, to take necessary steps to enter into a contract

  • UK GDPR Article 6(c) – Legal obligation, to fulfil our statutory responsibilities for safer recruitment

  • UK GDPR Article 9(g) – Substantial public interest (for special category data)

 

Collecting recruitment information

 

We collect your personal data through your application form and during our interactions with you if you are invited for interview. We may also collect personal data from your referees, the Disclosure and Barring Service, and the Local Authority.

 

This data is essential for the school’s operational use. The majority of the information you provide is mandatory, but some may be requested on a voluntary basis. To comply with the law, we will inform you at the point of collection whether you are required to provide information or whether you have a choice.

 

Storing recruitment information

We retain data only as long as necessary for legal, regulatory, and operational purposes. If your application is successful, we will retain your data in your personnel file which will be kept in accordance with our data retention schedule. For unsuccessful applications, your data will be kept for six months.

Who we share workforce information with

Generally, we will keep your personal data within the school but in some instances, we may be required to disclose your personal data to:

 

·       third party assessment providers (in order to facilitate your suitability for a role)

·       the Local Authority (who may assist the school with the recruitment process)

·       our Governing Body

 

Sometimes your application may need to be submitted to an assessment panel. These panels could include individuals from other organisations. We will tell you if this is the case.

 

International transfers

We do not routinely store or share personal data outside of the UK or EU/EEA. If data is stored outside these areas, we ensure safeguards like standard contractual clauses are in place.

Requesting access to your personal data and your rights

You can request the following from the school:

  • Access your data

  • Correct or delete it

  • Restrict or object to its use

  • Request electronic transfer

  • Complain if your data is misused

To exercise any of these rights, please contact the school or Data Protection Officer (details below).

 

Contact us

For questions or data requests, contact the school or our Data Protection Officer at dposchools@somerset.gov.uk

 Privacy Notice for Visitors

 

We, Churchstanton Primary School are a Data Controller under the UK General Data Protection Regulation, which means that we need to provide you with information about how we use your personal data.

What we collect

We hold personal data such as:

·         full name & title

  • who you are visiting

  • date and time of your visit

  • photo

  • CCTV images.

Why we use it

We use your data to:

  • Safeguard our school community

  • Keep our school site secure

  • Meet health and safety responsibilities

  • Assist with the organisation of events or meetings

Legal basis

We process your data under:

  • UK GDPR Article 6(c) – Legal obligation, to fulfil our statutory responsibilities

  • UK GDPR Article 6(e) – Public task, to enable the running of the school

  • UK GDPR Article 9(g) – Substantial public interest (for special category data)

 

Collecting visitor information

 

We collect your personal data when you enter the school site. The majority of the information you provide is mandatory, but some may be requested on a voluntary basis. To comply with the law, we will inform you at the point of collection whether you are required to provide information or whether you have a choice.

 

Storing visitor information

We retain data only as long as necessary for legal, regulatory, and operational purposes. For more information, please request to see our data retention schedule.

Who we share visitor information with

We do not routinely share the personal data of our visitors with any other party. However, under limited circumstances, we may share your data with relevant parties if the law allows us to do so.

All visitors are reminded that the school is under duties imposed by law and statutory guidance (including Keeping Children Safe in Education) to record or report incidents and concerns related to child safeguarding that arise or are reported to it, in some cases regardless of whether they are proven, if they meet a certain threshold of seriousness in their nature or regularity. For further information about this, please view the Safeguarding Policy. 

International transfers

We do not routinely store or share personal data outside of the UK or EU/EEA. If data is stored outside these areas, we ensure safeguards like standard contractual clauses are in place.

Requesting access to your personal data and your rights

You can request the following from the school:

  • Access your data

  • Correct or delete it

  • Restrict or object to its use

  • Request electronic transfer

  • Complain if your data is misused

To exercise any of these rights, please contact the school or Data Protection Officer (details below).

Contact us

For questions or data requests, contact the school or our Data Protection Officer at dposchools@somerset.gov.uk

 

Privacy Notice for Volunteers

 

We, Churchstanton Primary School are a Data Controller under the UK General Data Protection Regulation, which means that we need to provide you with information about how we use your personal data.

What we collect

We hold personal data such as:

·         full name & title

·         address

·         contact information / email

·         experience

·         Disclosure and Barring Service (DBS) checks

  • any other relevant information you wish to provide to us

  • CCTV images.

Why we use it

We use your data to:

  • Fulfil our legal duties such as DBS checks and completing the Single Central Record

  • Assess your suitability for a volunteer role

Legal basis

We process your data under:

  • UK GDPR Article 6(c) – Legal obligation, to fulfil our statutory responsibilities

  • UK GDPR Article 6(e) – Public task, to enable the running of the school

  • UK GDPR Article 9(g) – Substantial public interest (for special category data)

 

Collecting volunteer information

 

We collect your personal data through our interactions with you and your contact forms. This data is essential for the school’s operational use. The majority of the information you provide is mandatory, but some may be requested on a voluntary basis. To comply with the law, we will inform you at the point of collection whether you are required to provide information or whether you have a choice.

 

Storing volunteer information

We retain data only as long as necessary for legal, regulatory, and operational purposes. For more information, please request to see our data retention schedule.

Who we share volunteer information with

We do not routinely share the personal data of our volunteers with any other party. However, under limited circumstances, we may share your data with relevant parties if the law allows us to do so.

All volunteers are reminded that the school is under duties imposed by law and statutory guidance (including Keeping Children Safe in Education) to record or report incidents and concerns related to child safeguarding that arise or are reported to it, in some cases regardless of whether they are proven, if they meet a certain threshold of seriousness in their nature or regularity. This may include file notes within the volunteer and safeguarding files, and in some cases referrals to relevant authorities such as the LADO or police. For further information about this, please view the School’s Safeguarding Policy.          

International transfers

We do not routinely store or share personal data outside of the UK or EU/EEA. If data is stored outside these areas, we ensure safeguards like standard contractual clauses are in place.

Requesting access to your personal data and your rights

You can request the following from the school:

  • Access your data

  • Correct or delete it

  • Restrict or object to its use

  • Request electronic transfer

  • Complain if your data is misused

To exercise any of these rights, please contact the school or Data Protection Officer (details below).

Contact us

For questions or data requests, contact the school or our Data Protection Officer at dposchools@somerset.gov.uk

 

Privacy Notice for Workforce

 

We, Churchstanton Primary School are a Data Controller under the UK General Data Protection Regulation, which means that we need to provide you with information about how we use your personal data.

What we collect

We hold personal data such as:

  • Name, data of birth, contact details, address, next of kin

  • Employee or teacher number, proof of right to work, national insurance number and bank details

  • Characteristics such as sex, age, ethnic group

·         Contract information such as start data, hours worked, post, roles, salary information, training records, and performance management

  • Work absence information such as number of absences and reasons

  • Qualifications and references

  • CCTV images

Why we use it

We use your data to:

  • Fulfil our legal duties

  • Fulfil our contract with you

  • Develop a comprehensive picture of our workforce and how it is deployed

  • Develop recruitment and retention policies

Legal basis

We process your data under:

  • UK GDPR Article 6(b) – Contract, to fulfil our contract with you

  • UK GDPR Article 6(c) – Legal obligation, to fulfil our statutory responsibilities

  • UK GDPR Article 6(e) – Public task, to enable the running of the school and Trust

  • UK GDPR Article 9(g) – Substantial public interest (for special category data)

 

Collecting workforce information

 

We collect your personal data through our interactions with you and staff contact forms. This data is essential for the Trust’s operational use. The majority of the information you provide is mandatory, but some may be requested on a voluntary basis. To comply with the law, we will inform you at the point of collection whether you are required to provide information or whether you have a choice.

 

Storing workforce information

We retain data only as long as necessary for legal, regulatory, and operational purposes. For more information, please request to see our data retention schedule.

Who we share workforce information with

We may share your data with:

  • Department for Education (DfE)

  • Local Authorities (e.g. Somerset LA)

  • Other authorised parties as required

We do not share information about our workforce with anyone without consent unless the law and our policies allow us to do so.

We are required to share information about our school employees with the Department for Education (DfE) under section 5 of the Education (Supply of Information about the School Workforce) (England) Regulations 2007 and amendments.

For more information, please see the ‘How Government uses your data’ section.

International transfers

We do not routinely store or share personal data outside of the UK or EU/EEA. If data is stored outside these areas, we ensure safeguards like standard contractual clauses are in place.

How Government uses your data

The workforce data that we lawfully share with the Department for Education (DfE) through data collections:

  • informs the Department for Education (DfE) policy on pay and the monitoring of the effectiveness and diversity of the school workforce

  • links to school funding and expenditure

  • supports ‘longer term’ research and monitoring of educational policy

 

To find out more about the data we share with the DfE go to  https://www.gov.uk/education/data-collection-and-censuses-for-schools.

The Department for Education (DfE) may share information about school employees with third parties who promote the education or well-being of children or the effective deployment of school staff in England by:

 

  • conducting research or analysis

  • producing statistics

  • providing information, advice or guidance

Decisions on whether the DfE releases personal data to third parties are subject to a strict approval process and based on a detailed assessment of public benefit, proportionality, legal underpinning and strict information security standards. 

For more information about the Department for Education’s (DfE) data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data

For information about which organisations the Department for Education (DfE) has provided information, (and for which project) please visit the following website: https://www.gov.uk/government/publications/dfe-external-data-shares

To request a copy of the personal data held about you by the DfE, you should make a subject access request (SAR). Further information on how to do this can be found within the DfE’s personal information charter:

https://www.gov.uk/government/organisations/department-for-education/about/personal-information-charter

or 
https://www.gov.uk/government/publications/requesting-your-personal-information/requesting-your-personal-information#your-rights 

To contact the DfE: https://www.gov.uk/contact-dfe

Requesting access to your personal data and your rights

You can request the following from the Trust:

  • Access your data

  • Correct or delete it

  • Restrict or object to its use

  • Request electronic transfer

  • Complain if your data is misused

To exercise any of these rights, please contact the school or Data Protection Officer (details below).

Contact us

For questions or data requests, contact the Trust or our Data Protection Officer at dposchools@somerset.gov.uk