ROSEHILL INFANT & NURSERY SCHOOL
Key Worker Information
In order to comply with the Government’s guidance with regard to shutting schools and providing places for key worker children, it is necessary for us to collect and manage data about these children and their parents/carers in a different way.
Our standard GDPR policy applies, and information found on our privacy notices relating to staff, parents and of course pupils will apply in all cases.
We will use the information that relates to key workers in order to ensure that those children who are entitled to a place at school whilst schools are officially closed are correctly processed, managed and safeguarded.
The Data Controller continues to take its obligations to data processing seriously and will ensure that appropriate safeguards and measures are in place.
Rosehill Nursery & Infant School
Privacy Notice – Pupil Data
As a school we collect a significant amount of information about our pupils. This notice explains why we collect the information, how we use it, the type of information we collect and our lawful reasons to do so.
Why do we collect data?
We collect and use pupil data to:-
Our Legal Obligations
We must make sure that information we collect and use about pupils is in line with the GDPR and Data Protection Act. This means that we must have a lawful reason to collect the data, and that if we share that with another organisation or individual we must have a legal basis to do so.
The lawful basis for schools to collect information comes from a variety of sources, such as the Education Act 1996, Regulation 5 of The Education (Information About Individual Pupils) (England) Regulations 2013, Article 6 and Article 9 of the GDPR.
The Department for Education and Local Authorities require us to collect certain information and report back to them. This is called a ‘public task’ and is recognised in law as it is necessary to provide the information.
With regards to infectious diseases such as Covid-19 we have a statutory and regulatory expectation that we support the wellbeing of pupils and staff. The legal basis set out by NHS England is that we may be required to share data so consent may not be required. However, our first response, where possible will be to make contact with individuals directly ourselves to manage information sharing. In some cases we may be required to provide information to a particular service such as Public Health England and we have a public duty to do so.
We also have obligations to collect data about children who are at risk of suffering harm, and to share that with other agencies who have a responsibility to safeguard children, such as the police and social care.
We also share information about pupils who may need or have an Education Health and Care Plan (or Statement of Special Educational Needs). Medical teams have access to some information about pupils, either by agreement or because the law says we must share that information, for example school nurses may visit the school.
Counselling services, careers services, occupational therapists are the type of people we will share information with, so long as we have consent or are required by law to do so.
We must keep up to date information about parents and carers for emergency contacts.
How we use the data
In school we also use various third party tools to make sure that pupils best interests are advanced. We also record details about progress, attainment and pupil development to support future planning and learning.
We use software to track progress and attainment.
We use data to manage and monitor pastoral needs and attendance/absences so that suitable strategies can be planned if required.
Financial software to manage school budgets may include some basic pupil data.
Data can be used to monitor school effectiveness, the impact of intervention and learning styles across groups of pupils as well as individual children.
We may use consultants, experts and other advisors to assist the school in fulfilling its obligations and to help run the School properly. We might need to share pupil information with them if this is relevant to their work.
We also use contact information to keep pupils, parents, carers up to date about school events.
What type of data is collected?
The DfE and government require us to collect a lot of data by law, so that they can monitor and support schools more widely, as well as checking on individual schools effectiveness.
The categories of pupil information that the school collects, holds and shares include the following:
Personal information – e.g. names, pupil numbers and addresses
Characteristics – e.g. ethnicity, language, nationality, country of birth and free school meal eligibility
Attendance information – e.g. number of absences and absence reasons
Assessment information – e.g. national curriculum assessment results
Relevant medical information and social care
Information relating to SEND and health needs
Behavioural information – e.g. number of temporary exclusions
Photos and video recordings are also personal information.
The National Pupil Database (NPD)
The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.
To find out more about the pupil information we share with the department, for the purpose of data collections, go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.
To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information.
The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:
The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
For more information about the department’s data sharing process, please visit:
For information about which organisations the department has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received
To contact DfE: https://www.gov.uk/contact-dfe
Requesting access to your personal data
Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact Helen Kelk, Headteacher firstname.lastname@example.org or Lisa Hopwell, School Business Manager, email@example.com
You also have the right to:
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/
If you would like to discuss anything in this privacy notice, please contact Lisa Hopwell, School Business Manager, firstname.lastname@example.org
More information about Data Protection and Our Policies
How we manage the data and our responsibilities to look after and share data is explained in our Data protection Policy, and connected policies, which are also available on our website.
If you feel that data about your child is not accurate, or no longer needed please contact the schools office. Our complaints policy explains what to do if there is a dispute. Subject Access Requests are dealt with by the specific policy on the website.
Privacy Notice – Coronavirus - Track and Trace
Responding to the Coronavirus advice from the Government is an obligation on all schools in England.
The development of the NHS ‘Track and Trace’ scheme is a key part of the government plan to manage Coronavirus.
As more pupils are returning to our schools, the safety and wellbeing of pupils, staff and their families is a priority.
Planning to manage a safe return is in place, however our responsibility extends beyond the school gates.
We hold a lot of data, and it may be necessary for us to share that data on request from NHS Track and Trace workers.
We will do this and will play our part in making this process as effective as possible.
It is likely that we will be asked to provide contact details if a case of Coronavirus or a suspected case arises in our school.
There is an obligation to support the government planning. We will provide details as requested to do this.
We will be sharing data on the basis that this is a Public Duty (see below) and that in the case of any health data it is necessary for the public interest, as set out.
Please be assured that we will keep a record of information that we share.
This Privacy Notice should be read in alongside the other GDPR and Data Protection on our website.
If you have any questions please contact the school office.
NHS Test and Trace and the law
The law on protecting personally identifiable information, known as the General Data Protection Regulation (GDPR), allows Public Health England to use the personal information collected by NHS Test and Trace.
The section of the GDPR that applies is:
Article 6(1)(e) ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’
As information about health is a special category of personal information, a further section of the GDPR applies:
Article 9(2)(i) ‘processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of healthcare’
Public Health England also has special permission from the Secretary of State for Health and Social Care to use personally identifiable information without people’s consent where this is in the public interest. This is known as ‘Section 251’ approval and includes the use of the information collected by NHS Test and Trace to help protect the public from coronavirus. The part of the law that applies here is Section 251 of the National Health Service Act 2006 and the associated Health Service (Control of Patient Information) Regulations 2002.