Privacy Notice (How we use pupil information)
Who is responsible for this information?
Burford Primary School is the Data Controller for the use of personal data in this privacy notice.
The categories of pupil information that we process include:
- personal identifiers and contacts (such as name, unique pupil number, contact details and address);
- characteristics (such as ethnicity, language, and free school meal eligibility);
- safeguarding information (such as court orders and professional involvement);
- special educational needs (including the needs and ranking;
- medical and administration (such as doctors’ information, child health, dental health, allergies, medication and dietary requirements);
- attendance (such as sessions attended, number of absences, absence reasons and any previous schools attended);
- assessment and attainment (such as key stage 1 and phonics results, post 16 courses enrolled for and any relevant results);
- behavioural information (such as exclusions and any relevant alternative provision put in place).
This list is not exhaustive, to access the current list of categories of information we process please ask at our school office.
Why we collect and use pupil information
The personal data collected is essential, for the school to fulfil their official functions and meet legal requirements. We collect and use pupil information, for the following purposes:
- to support pupil learning
- to monitor and report on pupil attainment progress
- to provide appropriate pastoral care
- to assess the quality of our services
- to keep children safe (food allergies, or emergency contact details)
- to meet the statutory duties placed upon us by the Department for Education (DfE)
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing pupil information are:
- for the purposes of (a), (b), (c) & (d) in accordance with the legal basis of Public task: collecting the data is necessary to perform tasks that schools are required to perform as part of their statutory function;
- for the purposes of (e) in accordance with the legal basis of Vital interests: to keep children safe (food allergies, or medical conditions);
- for the purposes of (f) in accordance with the legal basis of Legal obligation: data collected for the Department for Education (DfE) census information;
In addition, concerning any special category data:
- In the case of ethnicity and fingerprint information: condition a: the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject.
Collecting pupil information We obtain pupil information via registration forms at the start of each academic year. In addition, when a child joins us from another school, we are sent a secure file containing relevant information.
Pupil data is essential for the schools’ operational use. Whilst most of the pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with UK GDPR we will inform you at the point of collection, whether you are required to provide certain pupil information to us or if you have a choice in this and we will tell you what you need to do if you do not want to share this information with us.
Storing pupil data
We hold pupil data securely for the set amount of time shown in our data retention schedule. For more information regarding our data retention schedule and how we keep your data safe, please see Lethbridge Primary School Data Protection Policy.
Who we share pupil information with:
We routinely share pupil information with:
- school that the pupil attends after leaving us;
- our local authority;
- the Department for Education (DfE) and
- Local Authorities.
Why we routinely share pupil information
We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.
The Department for Education (DfE)
We are required to share information about our pupils with the Department for Education (DfE) either directly or via our local authority for the purpose of data collections, under:
All data is transferred securely and held by the Department for Education (DfE) under a combination of software and hardware controls, which meet the current government security policy framework.
Security policy framework: protecting government assets - GOV.UK (www.gov.uk)
For more information, please see ‘How Government uses your data’ section.
Local Authorities
We may be required to share information about our pupils with the local authority to ensure that they can conduct their statutory duties under:
Requesting access to your personal data Under UK GDPR, parents, carers, and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact the school office on 01993 822159 or email office.2251@burford-pri.oxon.sch.uk
Depending on the lawful basis above, you may also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress;
- prevent processing for the purpose of direct marketing;
- object to decisions being taken by automated means;
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- a right to seek redress, either through the ICO, or through the courts.
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at raise a concern with ICO Withdrawal of consent and the right to lodge a complaint.
Where we are processing your personal data with your consent, you have the right to withdraw that consent. If you change your mind, or you are unhappy with our use of your personal data, please let us know by contacting the office on 01993 822159 or email office.2251@burford-pri.oxon.sch.uk
Last updated
We may need to update this privacy notice periodically, so we recommend that you revisit this information from time to time. This version was last updated 30.06.23.
Contact
If you would like to discuss anything in this privacy notice, please
contact the school office on
01993 822159 or email office.2251@burford-pri.oxon.sch.uk
UK GDPR Compliance
Burford Primary School does not require users to register to use this web site. Any personal data you do provide will be kept no longer than is necessary for the purposes for which the personal data is processed. UK GDPR defines personal data as "any information relating to an identified or identifiable natural person".
We will erase your personal data upon request if there is no other legal requirement to maintain certain data for a reasonable period of time.
Burford Primary School has taken steps to ensure your personal data receives a "reasonable" level of data protection and privacy. We use secure HTTPS for all communications and important data such as your password is stored in encoded form.
Burford Primary School will report data breaches to supervisory authorities and registered individuals affected by any breach within 72 hours of when the breach was detected.
Use of cookies on the Burford Primary School web site
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Burford Primary School web site uses session cookies on pages where staff and/or parents/ carers/ pupils need to login to complete tasks. Personal data is not used to access these areas. These session cookies do not save or store data.
Session cookies fall under the categorization of strictly necessary cookies under the General Data Protection Regulation (GDPR), applicable in the European Union and the UK. Strictly necessary cookies like session cookies are exempt from the consent requirements underlined in the GDPR. Therefore, session cookies are GDPR compliant.
Strictly necessary cookies are essential to navigate a website and use its features and functionalities. Without them, you wouldn’t be able to use basic services like logging in on a website or completing online forms. GDPR exempts these cookies from consent requirements as they do not gather any personal information about users.