Toft Hill Primary School collects and uses pupil information under the Data Protection Act 1998 and the Education Act 1996 which are lawful basis for collecting and using pupil information for general purposes (and from Article 6 and Article 9 where data processed is special category data from the General Data Protection Regulation from 25 May 2018).
We take the privacy of our staff, governors, parents/guardians and pupils very seriously and we strive to ensure all data is kept safely and securely.
We are committed to compliance with all principles and will collect and process data in accordance with the General Data Protection Regulation (GDPR).
Information Commissioner’s Office registration number is Z9863010.
Who is responsible for Personal Data?
Under the new regulations we are classed as a Data Controller and as such define how and why personal data is collected, stored, and used. We also use third party Data Processors that process data on our behalf. As a Data Controller, it is essential that we comply with the new regulation as well as ensuring that all of our Data Processors are compliant.
How will we ensure compliance?
Here at Toft Hill Primary School we will achieve compliance by:
- ensuring personal data is processed lawfully, transparently, and for a specific purpose. Once the purpose is fulfilled and the data is no longer required, it will be deleted, as stipulated within our Data Retention Policy
- use the recommendations provided by ICO (Information Commissioner’s Office)
- ensure all staff are compliant through the provision of regular data protection training to all administrative, teaching and support staff as well as our governing body
- carry out due-diligence with all third party data processors
- continue to share the specific details of personal data collected in our Privacy notices which have been created for our staff, governing body, parents and pupils. The revised notices are publicly available on our website
- complete a comprehensive data mapping audit of the data that we process and store
- ensure that a data breach incident response procedure is in place.
How can you help us be compliant?
Parents/guardians can assist us in preparing for GDPR by ensuring that we have the most up to date:
- telephone numbers for both parents
- other emergency contact details
- email address.
Due to changes in privacy law, we can no longer include sensitive information such as medical conditions on any form pre-filled out. When filling out consent or data collection forms in future, please ensure you fill out any NEW AND EXISTING medical conditions or allergies etc as we will have to update our records based on what you state on the form. The same will apply to ethnicity, nationality etc. Medical conditions will include any allergies and/or food intolerance.
Please click on the following links to find out more information:
You may need a product like Adobe Reader (free download) to view our PDF documents on our website.