As an academy we collect and use personal data in different ways.
The new General Data Protection Regulation (GDPR) is released on 25th May, and will have implications for all academies and businesses that use personal data. As an academy we need to comply with the regulation and make individuals aware of how their data is used and stored within our organisation.
Why we collect and use student information and Legal Basis for Using Information
We collect and use student information under section 537A of the Education Act 1996, and section 83 of the Children Act 1989. We also comply with Article 6(1)(c) and Article 9(2)(b) of the General Data Protection Regulation (GDPR).
How we use student information
We use the student data:
- As part of our admissions process
- To support student teaching and learning
- To monitor and report on student progress to provide appropriate pastoral care
- To assess the quality of our services
- To comply with the law regarding data sharing
- To access our school meals, payments and academy communication system
Categories of student information that we collect, hold and share include:
- Personal information (such as name, date of birth and contact details)
- Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility)
- Attendance information (such as sessions attended, number of absences and absence reasons)
- National curriculum assessment results, special educational needs information, relevant medical information
- Biometric fingerprints for school meals
Collecting student information
Whilst the majority of student information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain student information to us, or if you have a choice in this.
Storing student information
Furness Academy stores your personal data on secure computer systems and any paper records are kept in locked cabinets with restricted access.
We hold your education records securely (computerised and paper) in accordance with our record retention policy i.e. to comply with legal requirements. For example, date of birth plus 30 years for prime documents linked to safeguarding, SEND, Educational Psychology, School Admissions, EWS and 7 years for PLASC counts, class counts, SEND registers, School Action Plans, GEMS intervention referrals, admissions reports, school meals reports etc. after which they are safely destroyed. Biometric fingerprint data is destroyed as students leave the academy.
Access to the academies IT and data systems is restricted to authorised individuals only and is underpinned and protected by our Acceptable Usage Policy. Access is logged and routinely monitored to protect users and the integrity and security of systems and data.
Access to data on all laptop computers is secured through encryption to provide confidentiality of a data in the event of loss or theft of equipment.
Where data resides on third party systems, contracts exist to ensure data security, integrity and retention periods match legislation with Furness Academy’s in house systems.
There are strict controls on who can see your information. We will not share your data if you have advised us that you do not want it shared unless it is the only way we can make sure you stay safe and healthy, are legally required to do so or the data is required for operational purposes.
Paper records are held in lockable cabinets. All visitors to site have to sign in at reception. Control to areas where records are stored is restricted – students and visitors are not permitted to access any such area unless required and under the supervision of a staff member.
Who do we share student information with?
We routinely share student information with:
- Other schools or colleges that students attend after leaving us
- Our local authority (Cumbria County Council) and the Department for Education (DfE)
Sharing student information
We do not share information about our students with anyone without consent unless the law and our policies allow us to do so.
The Data Protection Act/GDPR gives you a number of rights. Please note that not all of your rights are absolute and we will need to consider your request upon receipt.
You have the right to request;
- To have your data rectified if it is inaccurate or incomplete.
- To have your data erased.
- To restrict the processing of your data.
- To exercise your right to data portability.
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance by contacting our Data Protection Officer (firstname.lastname@example.org)
Requests for Information
All recorded information held by the academy may be subject to requests under the General Data Protection Regulation. If you would like to submit a Subject Access Request, you can e-mail us here. Subject Access Requests will be dealt with within one month of the date of receipt by the academy. Please note that no charge is made for this information. Requests should be marked for the attention of our Data Protection Officer, and e-mailed to: email@example.com
If you have any questions about your personal data please contact our Data Protection Officer, at: firstname.lastname@example.org