Data Protection & Privacy Notices
This page is a summary of the data protection practices for the Education and Leadership Trust and is intended to give an overview of how we meet the Data Protection Act 2018 (and the General Data Protection Regulation (GDPR)) that came into effect on 23rd May 2018. More detailed information can be found by following the relevant links in each section.
We are the Education and Leadership Trust. We collect, hold and process personal information (data) relating to students, staff, parents, governors/directors and visitors in our schools. This makes us a data controller in relation to any personal data that we collect. Everyone has rights with regard to the way in which their personal data is handled and we are committed to the protection of all personal data and special category personal data for which we are the data controller.
What is Personal Data?
Personal data is any information that relates to a living identifiable individual. This can include things such as name, date of birth, address, exam results and photographs. Special category personal data includes more sensitive pieces of information such as ethnicity, religion and information about special educational needs.
Visit the ICO website to learn more about GDPR Key Definitions.
What Information do we Hold?
To see the information we hold about different groups of individuals, please see the relevant privacy notice:
Why do we need to Collect and Process Personal Data?
Most of the information that we collect is required by law and we have to send reports to the Department for Education (DfE) and other government bodies on a regular basis. However, as a Trust, we need to collect and process personal data in order to:
- Run the schools effectively
- Keep everyone at schools safe and secure
- To keep in contact with people
- Make sure that everyone is treated fairly
- Look after everyone and support anyone who might need additional help
- Assess the quality of the services we provide
Where will this Data come From?
Some of the data that we hold comes from the forms that you fill in about yourself or your child, from information that you send to us and some will come through electronic transfer from previous schools or places of employment.
Much of the data is created whilst you are on the schools’ premises such as visitor logs, attendance records, CCTV images and the day to day work of the schools with marks, grades and behaviour data.
Where is this Data Stored?
The main storage system for personal data in the Trust is SIMS. This is a secure, management information system which is based in each school. Only staff can access this data using a password and they can only see the minimum amount of data that they need to do their job.
Other information is kept on our schools’ servers which are Cyber Essential Certified, and are only accessible through secure logins.
There are other software systems used in the Trust such as Microsoft 365 and Frog where student data is held in servers which are not based on site. All software packages where data may be stored are recorded on our central software register. The software on this list has been investigated to check that the company are taking appropriate security measures to keep data safe.
Some data is stored on paper in student files and teacher mark books. All staff receive training on the importance of keeping data secure and locked in the appropriate place.
Who do we Share Information With?
We are required by law to pass some information about that we hold about students and parents to the Local Authority and the Department for Education (DfE).
We also upload very limited details to some pieces of software so that students can have a protected email account and cloud storage as well as access to learning materials, homework and revision. Before we agree to allow any data to be uploaded we check that the company are taking as little data as possible (often just a name, school email address and class) and that they are taking appropriate steps to protect your data. View the full list of software used in the Trust.
Additionally, we recommend that some data is shared with a partner so that students and staff can be offered other services or opportunities such as working with PE associations, mentoring services or occupational health. Where we do form partnerships with other organisations we take care to ensure that they ask for the least amount of data possible and only for specific individuals; we are clear about what they are proposing to do with the data and that they demonstrate that they look after it appropriately.
What are your Rights?
- You have the right to know what information we hold about you and to correct any inaccurate or incomplete data
- You have the right to withhold or withdraw consent for us to hold certain types of information (e.g. images for use other than identification and biometric data)
- In certain circumstances, you have the right to be ‘forgotten’ and have your data deleted from our systems (but remember that there are legal requirements for us to hold some data about staff and students for several years after they leave)
If you complete one of the forms on our website, the information is emailed to our website administration team and the Headteacher’s Personal Assistant. The Headteacher’s P.A. will then forward the email to the most appropriate person in school to deal with your request. Emails sent internally are secure and encrypted. Once sent on, the original email is then deleted.
How can you Access the Information we hold about You?
To make a request for access to your child’s educational record please contact Student Services in the first instance.
Please see the relevant privacy notice for information on how to make a request.
How can you get in Touch?
Questions, comments and requests regarding this privacy information are welcomed and should be addressed to the appropriate school:
For more detailed information about how the GDPR affects schools, please visit the website of the Information Commissioner’s Office. Alternatively you can contact the Data Protection Lead for the Trust: Mr K. Mohammed: firstname.lastname@example.org.