Who processes your information?
Gosfield Primary School is the data controller and the data processor of the personal information you provide to us. This means the school determines the purposes for which, and the manner in which, any personal data relating to pupils and their families is to be processed. Mrs J Morgan acts as a representative for the school with regard to its data controller responsibilities; she can be contacted on 01787 472266 or firstname.lastname@example.org.
In some cases, your data will be outsourced to a third party processor; however, this will only be done with your consent, unless the law requires the school to share your data. Where the school outsources data to a third party processor, the same data protection standards that Gosfield Primary School upholds are imposed on the processor.
Attain Academy Trust is registered as a ‘Data Controller’ with the Information Commissioner’s Office (Reg. No. Z6544921).
Our data protection officer, Mrs K Ellwood, is provided by Attain Academy Trust. Their role is to oversee and monitor the school’s data protection procedures, and to ensure we are compliant with the GDPR.
Why do we collect and use your information?
Gosfield Primary School holds the legal right to collect and use personal data relating to pupils and their families, and we may also receive information regarding them from their previous school, LA and/or the DfE. We collect and use personal data in order to meet legal requirements and legitimate interests set out in the GDPR and UK law, including those in relation to the following:
In accordance with the above, the personal data of pupils and their families is collected and used for the following reasons:
Which data is collected?
The categories of pupil information that the school collects, holds and shares include the following:
Whilst the majority of the personal data you provide to the school is mandatory, some is provided on a voluntary basis. When collecting data, the school will inform you whether you are required to provide this data or if your consent is needed. Where consent is required, the school will provide you with specific and explicit information with regards to the reasons the data is being collected and how the data will be used.
How long is your data stored for?
Personal data relating to pupils at Gosfield Primary School and their families is stored in line with the school’s GDPR Data Protection Policy. In accordance with the GDPR, the school does not store personal data indefinitely; data is only stored for as long as is necessary to complete the task for which it was originally collected.
Will my information be shared?
The school is required to share pupils’ data with the DfE on a statutory basis. The National Pupil Database (NPD) is managed by the DfE and contains information about pupils in schools in England. Gosfield Primary School is required by law to provide information about our pupils to the DfE as part of statutory data collections, such as the school census; some of this information is then stored in the NPD. The DfE may share information about our pupils from the NDP with third parties who promote the education or wellbeing of children in England by:
The DfE has robust processes in place to ensure the confidentiality of any data shared from the NDP is maintained. Gosfield Primary School will not share your personal information with any third parties without your consent, unless the law allows us to do so.
The school routinely shares pupils’ information with:
What are your rights?
Parents and pupils have the following rights in relation to the processing of their personal data. You have the right to:
If you have a concern about the way Gosfield Primary School and/or the DfE is collecting or using your personal data, you can raise a concern with the Information Commissioner’s Office (ICO). The ICO can be contacted on 0303 123 1113, Monday-Friday 9am-5pm.