Home / Privacy Policy

Privacy Policy

Privacy Policy

Introduction

Flixton Girls School must collect the personal data of students and their parents / guardians to provide an education and fulfil our statutory and operational requirements as a school. Under the UK-General Data Protection Regulation (UK-GDPR), we must clearly inform our students and their families what data we collect, how we use it and why; this information is outlined in the following privacy notice.

Data Controller

Flixton Girls School is the data controller for the personal information that we process about our students and their families. This means that we are ultimately responsible for that data and make key decisions relating to the manner in which it is processed.

Data Protection Officer (DPO)

The school must appoint a Data Protection Officer (DPO) to ensure that we comply with the UK-GDPR and other relevant legislation. The DPO for Flixton Girls School is Danielle Eadie from RADCaT Ltd who can be contacted using the following details should you have any requests or questions relating to data protection:

DPO: Miss Danielle Eadie (RADCaT Ltd)

T: 01942 590 785

E: Danielle.eadie(at)radcat.co.uk

The categories of student information that we collect, hold and share include:

• Personal information (such as name, unique Student number and address)
• Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility)
• Attendance information (such as sessions attended, number of absences and absence reasons)
• Assessment and attainment information (such as results, progress and reports)
• Special categories of information (such as assessment information, exclusions and behavioural information)
• Special Educational Needs Information (medical requirements, allergies & medication)
• Safeguarding information (such as behavioural information, exclusions and professional involvement including police and social services)
• Images recorded on the school CCTV system
• Images taken as part of educational / curriculum based activities

Collecting student information

Most of the personal data that we collect about students is provided directly by you upon admission to the school. Records from your previous school are also sent to us via a secure electronic transfer system, this is a statutory requirement placed on schools and makes the transition to secondary school much simpler.
Student data is essential for the schools' operational use. Whilst the majority of information you provide to us is mandatory, some of it requested on a voluntary basis. In order to comply with the data protection legislation, we will inform you at the point of collection, whether you are required to provide certain pupil information to us or if you have a choice in this.

Why we collect and use this information:

We collect and use student information, for the following purposes:
a) to support learning
b) to safeguard pupils
c) to monitor and report on pupil attainment progress
d) to provide appropriate pastoral care
e) to assess the quality of our services
f) to keep children safe (food allergies, or emergency contact details)
g) to meet the statutory duties placed upon us for DfE data collections
h) to advise of any curriculum related activities we undertake or encourage you to attend, by newsletter or email

The lawful basis for processing personal data

Under the UK-GDPR, we must have a lawful basis from Article 6 for processing personal data; personal data is any data that can identify a living individual. The school relies on the following lawful bases when we process personal data relating to students:
• we have a legal obligation as an education provider to meet our statutory duties to the Local Authority and Department for Education
• to fulfil our duties as an education provider and public authority it is necessary to process personal data of pupils to perform a public task
• it is in our legitimate interest to process personal data that makes the transition from primary to secondary school more efficient
• it is in an individual's vital interests to share the data in emergency situations
• we have your consent to process personal data

Special category data

In situations where special category data is processed, the school require an additional lawful basis from Article 9 of the UK-GDPR. Special category data is information that needs more protection as it is much more sensitive in nature, examples include health information and religious beliefs.

For special category data processed in the day to day running of the school such as the information provided to us upon admission, we rely on one of the following conditions from article 9 of the UK-GDPR:

• Employment, social security and social protection
• Reasons of substantial public interest
• Health or social care
• Public health

Less commonly, for instance if there is an accident or incident, we may rely upon the following lawful bases from Article 9 of the UK-GDPR to process special category data:

• It is in an individual's vital interests to share the data in emergency situations
• In the defence of legal claims or judicial acts

If a situation arises whereby the school is required to process special category data for a new purpose outside of those associated with the school's typical operations, we may rely upon the explicit consent of that individual where applicable.

Where consent is the lawful basis relied upon for the processing of personal data, the school will provide you with specific and explicit information with regards to the reasons the data is being collected and how the data will be used. You have the right to withdraw your consent at any time by contacting the school office.

Along with the UK-GDPR, the school comply with and consider the following laws in relation to the processing of personal data:

Non-Special Category Data

• in relation to a contract for education with you and contained in the Education Act 1996.
• In relation to secondary education under Limitation Act 1980
• In relation to management of the school under the Education (Governor's Annual Reports) (England) (Amendment) Regulations 2002.
• In relation to School Admissions Code, Statutory guidance for admission authorities, governing bodies, local authorities, school's adjudicators and admission appeals panels December 2014
• In relation to Regulation 5 of The Education (Information About Individual Pupils) (England) Regulations 2013
• (Departmental Censuses) are the Education Act 1996 – this information can be found in the census guide documents on the following website https://www.gov.uk/guidance/complete-the-school-census

Special Category Data

• In relation to the protection of children under the "Keeping children safe in education Statutory guidance for schools and colleges 2021"; "Working together to safeguard children. A guide to inter-agency working to safeguard and promote the welfare of children July 2018.
• In relation to the safeguarding of children under the Safeguarding Act 2006

Storing pupil data

Personal data relating to students and their families is stored securely on the school site & systems with access strictly limited to staff on a need-to-know basis. We store personal data for only as long as necessary to fulfil the purposes for which it was collected and to meet our legal obligations. The school's 'Records Management Policy & Retention Schedule' outlines our approach to record keeping and offers a guide to how long personal data is kept. Please contact the school office for further information.

Who we share student information with

The school routinely share student information with the following parties:
• Schools / colleges the pupil attends once leaving us
• The Local Authority
• The Department for Education (DfE)
• Outside Agencies: NHS, School Nurse, Careers Services etc
• Providers of educational resources, systems and apps
• Ofsted
• Auditors
• Examining Boards & Moderators
• Professional Advisors to the Trust
Less commonly, the school may share student data with the following parties if an incident / accident has occurred:
• Emergency Services
• Police
• Insurance Provider
• Courts & Legal Services
• Governing Bodies: HSE etc

The school do not routinely share personal data outside of the United Kingdom (UK). Should a situation arise whereby personal data must be processed internationally, the school will ensure that this is done so in line with the UK-GDPR and other relevant legislation.

Compliance checks will be completed where necessary to ensure any third parties processing data meet the same high data protection standards set by the school.

Why we share student data?

The school will not share information about our students without consent unless the law or our policies allow us to do so.

The school routinely share information for the following purposes:

Data Sharing between Educational Settings


When a student transitions between educational settings, their pupil record moves with them; this is a statutory obligation placed on schools to allow each setting to adequately provide an education, provide support to students and their families and make the transition to secondary school run smoothly.

Data Sharing with the DfE


We share student data with the Department for Education (DfE) on a statutory basis. This data sharing underpins our funding and educational attainment policy and monitoring. We are required to share information about our students with the (DfE) under regulation 5 of The Education (Information About Individual Pupils) (England) Regulations 2013.

Data collection requirements:


To find out more about the data collection requirements placed on us by the Department for Education (for example, via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.

National Pupil Database (NPD)


The NPD is owned and managed by the DfE and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.

We are required by law, to provide information about our students to the DfE as part of statutory data collections, some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.

To find out more about the NPD, go to https://www.gov.uk/guidance/how-to-access-department-for-education-dfe-data-extracts.

The department may share information about our students from the NPD with third parties who promote the education or well-being of children in England by:
• conducting research or analysis
• producing statistics
• providing information, advice or guidance

The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
• who is requesting the data
• the purpose for which it is required
• the level and sensitivity of data requested: and
• the arrangements in place to store and handle the data

To be granted access to student information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.

For more information about the department's data sharing process, please visit: https://www.gov.uk/guidance/data-protection-how-we-collect-and-share-research-data.

For information about which organisations the department has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/dfe-external-data-shares.

To contact DfE: https://www.gov.uk/contact-dfe

Sharing Data with Youth Support Services

Pupils aged 13+

Once students reach the age of 13, we also pass information to our local authority and / or providers of youth support services as they have responsibilities in relation to the education or training of 13-19-year-olds under section 507B of the Education Act 1996.

This enables them to provide services as follows:
• youth support services
• careers advisers

A parent or guardian can request that only their child's name, address and date of birth is passed to their local authority or provider of youth support services by informing us. This right is transferred to the student once he/she reaches the age 16.

Pupils aged 16+

We will also share certain information about students aged 16+ with our local authority and / or provider of youth support services as they have responsibilities in relation to the education or training of 13-19-year-olds under section 507B of the Education Act 1996.

This enables them to provide services as follows:
• post-16 education and training providers
• youth support services
• careers advisers

For more information about services for young people, please visit our local authority.

For additional information go to the National Careers Service page at: https://nationalcareers.service.gov.uk/about-us.

Your rights regarding personal data

Under data protection legislation, individuals have a right to make a 'subject access request' to gain access to personal information that the school holds about them. Requests can be made by both students and / or their parents / guardians.
Should the school receive a request from a parent / guardian to access their child's records, permission may be sought from the student dependent upon their age and ability to understand their rights regarding data protection. This because student personal data belongs to the student and not their parent / guardian. As a rule of thumb, students aged 13 and above are generally classed as mature enough to understand their rights and therefore can make decisions about their own information. Each request will be judged on a case-by-case basis.

Once a subject access request is made and if the school holds the information requested, the school will:
• Give a description of it
• Explain why the school is processing it and how long it is kept for
• State where the school obtained the information
• Provide details of who it is or will likely be shared with
• Outline if any automated decision-making is being applied to the information
• Provide a copy of the requested information
Students and their families also have the right to:
• have personal data rectified if it is inaccurate or incomplete
• request the deletion or removal of personal data where there is no compelling reason for its continued processing
• restrict our processing of personal data (i.e., permitting its storage but no further processing)
• object to direct marketing (including profiling) and processing for the purposes of scientific/historical research and statistics
• not be subject to decisions based purely on automated processing where it produces a legal or similarly significant effect on you
• object to the use of personal data if it would cause, or is causing, damage or distress

Any requests should be made to the school's Data Protection Officer (DPO) using the following details:

Miss Danielle Eadie
T: 01942 590 785
E: Danielle.eadie(at)radcat.co.uk

The DPO will support you and the school with your request; a response will be provided within one calendar month. The school has a right to extend this period by a further two months for any requests deemed excessive, we will however inform you of our intentions to extend the response time within one calendar month.

The school will not normally charge a fee to fulfil requests unless the request is deemed manifestly unfounded or excessive.

For example, if you request further copies of the same information, an administrative fee may be charged.

Complaints

We take any complaints about the collection and use of personal information very seriously. If you think that the collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about data processing, please raise this with the school via our DPO in the first instance.

Alternatively, you can make a complaint to the Information Commissioner's Office:
• Report a concern online at https://ico.org.uk/make-a-complaint/
• Call 0303 123 1113
• Or write to: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5A

Where can you find out more information?

If you would like to find out more information about how we use and store your personal data, please visit our website https://www.flixtongirls.com/ to view our Data Protection Policy.
If you would like to discuss anything in this privacy notice, please contact our DPO.

When will this Notice be updated?

This Notice was last updated in November 2022

We reserve the right to vary and amend this privacy notice to comply with changes to legislation or our relevant processing activities. A up to date copy of this notice will be available on the school's website, please check back from time to time for updates.

Flixton Girls School
Flixton Road
Flixton
Urmston
Manchester
M41 5DR

T: 0161 960 0160
E: flixtongirls(at)vantageacademies.co.uk

© 2023 Flixton Girls School
School website design by Glove Marketing