Privacy

Cambridgeshire Educational Trust Privacy Notice

This notice is for Students/Parents/Carers/Employees/Visitors

The Cambridgeshire Educational Trust (The Trust) is defined as a Data Controller Data under General Data Protection Regulation (GDPR) 2018.

The Trust is registered with the Information Commissioners Office. This Privacy Notice covers all schools within The Trust.
In this document you will find information on:

  1. The types of data we collect, hold and share;
  2. Why we collect this data;
  3. How this data is lawfully used;
  4. How data is stored;
  5. Why and how this data is shared;
  6. Data requests;
  7. Further contacts.

1. The types of data we collect, hold and share.

1.1 Student Data

We collect a wide range of student data which is obtained from a number of sources. Types of data collected include, but are not limited to:

  • Personal information (name);
  • Characteristics (ethnicity);
  • Attendance;
  • Assessment;
  • Medical;
  • Behaviour and interventions;
  • Trips;
  • SEN;
  • Post 16;
  • School photographs;
  • CCTV;
  • Contact details;
  • Biometric reference points.

Privacy Statement Ratified by Full Governors May 2018 2

1.2 Parent/ Carer/Contact Data

We collect contact details for parents/carers from a range of sources including primary schools and primary source, including but not limited to:

  • Name;
  • Address;
  • Phone;
  • Email;
  • NI number.
  1. 1.3 Staff Data

    We hold a range of data on staff, much of which is legally required for the Single Central Record. Data recorded includes, but is not limited:

    • Name;
    • Address;
    • Phone;
    • Email;
    • NI number;
    • Disciplinary records;
    • References and employment history.
  2. 1.4 Community
    We hold Electronic Data Visitor Records including:

    • (IP visits to our website, or internal locations);
    • CCTV;
    • Registration recognition camera;
    • Communique records.

2. Why we Collect This Data

We collect and hold personal information relating to our students and may also receive information about them from their previous school, local authority and/or the Department for Education (DFE). We use this personal data to:

  • support our pupils learning;
  • monitor and report on their progress;
  • provide appropriate pastoral care; and
  • assess the quality of our services.

    This information will include their contact details, national curriculum assessment results, attendance information, any exclusion information, where they go after they leave us and personal characteristics such as their ethnic group, any special educational needs they may have as well as relevant medical information. For students enrolling for post 14

Privacy Statement Ratified by Full Governors May 2018 3

qualifications, the Learning Records Service will give us the unique learner number (ULN) and may also give us details about your learning or qualifications.
Parent/carer contact information is collected for communication in support of the services listed above alongside a safeguarding provision.

We collect staff data in line with our professional commitment to provide the student services listed above.

Community data is collected for safeguarding of students.

3. How This Data is Lawfully Used

We collect and use student information under:

  • Education Act 1996 this information can be found in the guide documents on the following website https://www.gov.uk/education/data-collection-and-censuses-for- schools
  • The Education (Pupil Registration) (England) Regulations
  • The School Standards and Framework Act 1998
  • The School Admissions Regulations 2012
  • Children and Families Act 2014
  • The Special Educational Needs and Disability Regulations 2014
  • Data Protection Act (1998) (until 25 May 2018)
  • General Data Protection Regulation (from 25 May 2018)
    • – Article 6(1)(a) consent
    • – Article 6(1)(c) legal obligation
    • – Article 6(1)(e) – public task
    • – Article 9(2)(a) explicit consent
    • – Article 9(2)g) substantial public interest

      The DFE process census data under the various Education Acts further information can be found on their website: https://www.gov.uk/education/data-collection-and-censuses- for-schools

      Once our pupils reach the age of 13, the law requires us to pass on certain information to both the Local Authority in which the school sits, and the Department for Education (DFE) who have responsibilities in relation to the education or training of 13-19 year olds. We may also share certain personal data relating to children aged 16 and over with post-16 education and training providers in order to secure appropriate services for them.

      * Exemption for Youth Service Support

      A parent/carer can request that only their childs name, address and date of birth be passed to the Youth Services (including Careers Guidance) provided by the Local Authority or its outsourced partners by informing in writing the Head of School. This right is transferred to the child once s/he reaches the age 16. For more information about services for young people, please refer to your local authority website.

Privacy Statement Ratified by Full Governors May 2018 4

We will not give information about our pupils to anyone without your consent unless the law and our policies allow us to do so. If you want to receive a copy of the information about your son/daughter that we hold, please contact the Head of School.

We are required, by law, to pass some information about our students to the DFE. This information will, in turn, then be made available for use by the LA.

DFE may also share student level personal data that we supply to them, with third parties. This will only take place where legislation allows it to do so and it is in compliance with the Data Protection Act 1998.

Decisions on whether DFE releases this personal data to third parties are subject to a robust approval process and are based on a detailed assessment of who is requesting the data, the purpose for which it is required, the level and sensitivity of data requested and the arrangements in place to store and handle the data. To be granted access to student level data, requestors must comply with strict terms and conditions covering the confidentiality and handling of data, security arrangements and retention and use of the data.

For more information on how this sharing process works, please visit: https://www.gov.uk/guidance/national-pupil-database-apply-for-a-data-extract

For information on which third party organisations (and for which project) student level data has been provided to, please visit:

https://www.gov.uk/government/publications/national-pupil-database-requests-received

If you need more information about how our local authority and/or DFE collect and use your information, please visit:

The website of your Local Authority;
The DFE website at https://www.gov.uk/data-protection-how-we-collect-and-share-

research-data.

  1. How Data is Stored

    Personal data is kept secure and recorded in an Information Asset Register (IAR):

    • Student/parent/carer data is held until the end of the academic Year in which the student is aged 25.
    • CCTV data is held for approximately 5-8 weeks unless the images are required for evidential purposes.
  2. Why and How This Data is Shared

    We do not share data without consent, or if the law or our policies allow us to do so. Under the use of data outlined in Section 3, we share data carefully to provide a quality and safe education or employment. Examples of the types of organisation we share data with are:

Privacy Statement Ratified by Full Governors May 2018 5

  • Internally:
    • – Staff members;
    • – Trust Members;
  • Education Agencies:
    • – Local Authority;
    • – DFE;
    • – Exam Boards;
    • – Destination Schools;
    • – Governors/Trustees;
    • – School Nurse;
    • – GL Assessment;
    • – EPM.
  • Support Services:
    • – Parentmail;
    • – Payment Services;
    • – School Trip Providers;
    • – My Maths;
    • – Edmodo.
  1. Data Requests

    Under GDPR, you have the right to request to access information we hold about you. For contact details see appendix A.

    In addition, you also have the right to:

    • Object to processing if it causes you distress;
    • deny your data being used externally for direct marketing;
    • object to automated decisions arrived at through automated processing of your data;
    • correct your data if inaccurate;
    • block erase or destroy your data outside of Lawful Use.
  2. Further Contacts

    If you would like to make contact regarding this notice, please see appendix A

    Alternatively you can contact the Information Commissioners Office directly via https://ico.org.uk/concerns

  3. Cookies and Other Technologies

    Our website, online services, interactive applications, email messages, and advertisements may use cookies. These technologies help us better understand user behavior, tell us which parts of our websites people have visited, and facilitate and measure the effectiveness of advertisements and web searches. We treat information collected by cookies and other technologies as non‑personal information. However, to the extent that Internet Protocol (IP) addresses or similar identifiers are considered personal information by local law, we also treat these identifiers as personal information. Similarly, to the extent that non-personal information is combined with personal information, we treat the combined information as personal information for the purposes of this Privacy Policy.

    If you want to disable cookies, check with your internet browser provider to find out how to disable cookies. Please note that certain features of the website will not be available once cookies are disabled.

    As is true of most internet services, we gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit websites and applications, operating system, date/time stamp, and clickstream data.

    We use this information to understand and analyze trends, to administer the site, to learn about user behavior on the site, to improve our services, and to gather demographic information about our user base as a whole.

Privacy Statement Ratified by Full Governors May 2018 6

Appendix A
Data Requests or Further Contacts Regarding This Notice

To do this you should contact:

Chesterton Community College

DPO
The Cambridgeshire Educational Trust Gilbert Road,
Cambridge,
CB4 3NY. UK

Email: dpo@chesterton.cambs.sch.uk Tel: 01223 712150

Downham Market Academy

DPO
The Cambridgeshire Educational Trust Bexwell Road
Downham Market
PE38 9LL

Email: dpo@downhammarketacademy.co.uk Tel: 01366 389100

Designed By Smart School Websites