SEVERNPLUS Privacy Statement 2022

Severnplus Privacy Statement

 

August 2020



Review date August 2022

 
 

Privacy Notice

(How we use student information)

 

The categories of student information that
we process include:

 

·      personal identifiers and contacts (such as name, unique student number, contact details and address)

·      characteristics (such as ethnicity, language, and free school meal eligibility)

·      safeguarding information (such as court orders and professional involvement)

·      special educational needs (including ECHP)

·      medical and administration (such as doctors information, child health, dental health, allergies, medication
and dietary requirements)

·      attendance (such as sessions attended, number of absences, absence reasons and any
previous schools attended)

·      assessment and attainment (such as AQA units achieved)

·      behavioural information (such as any relevant alternative provision put in place)

 

 

This list is not exhaustive, to access the current list of categories of information we process please contact us

Why we collect and use student information

 

We collect and use student information, for the following purposes:

a)             to support student learning

b)             to monitor and report on student attainment progress

c)             to provide appropriate pastoral care

d)             to assess the quality of our services

e)             to keep children and adults safe (food allergies, or emergency contact details)

f)              to meet the statutory duties placed upon us for DfE data collections

 

General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) is the law that protects personal privacy and upholds individual’s rights. It applies to anyone who handles or has access to people’s personal data. 

The Principles

The principles set out in the GDPR must be adhered to when processing personal data:
 

  1. Personal data must be processed lawfully, fairly and in a transparent manner
    (lawfulness, fairness and transparency)

2.     Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (purpose limitation)

3.     Personal data shall be adequate, relevant and limited to what is necessary in relation to the purpose(s) for which they are processed (data minimisation)

4.     Personal data shall be accurate and where necessary kept up to date and every reasonable step must be taken to ensure that personal data that are inaccurate are erased or rectified without delay (accuracy).

5.     Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purpose for which the personal data is processed (storage limitation)

6.     Appropriate technical and organisational measures shall be taken to safeguard the rights and freedoms of the data subject and to ensure that personal information are processed in a manner that ensures appropriate security of the personal data and protects against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data (integrity and confidentiality).

 

Lawful Basis for processing personal information

Before any processing activity starts for the first time, and then regularly afterwards, the purpose(s) for the processing activity and the most appropriate lawful basis (or bases) for that processing must be selected:

 

  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the school

 

  • Processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract

 

  • Processing is necessary for compliance with a legal obligation to which the data controller is subject

 

  • Processing is necessary in order to protect the vital interests of the data subject or of another natural person

 

  • Processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party[1]

 

  • The data subject has given consent to the processing of his or her data for one or more specific purposes. Agreement must be indicated clearly either by a statement or positive action to the processing. Consent requires affirmative action so silence, pre-ticked boxes or inactivity are unlikely to be sufficient. If consent is given in a document which deals with other matters, the consent from be kept separate from those other matters

 

Data subjects must be easily able to withdraw consent to processing at any time and withdrawal must be promptly honoured.  Consent may need to be refreshed if personal data is intended to be processed for a different and incompatible purpose which was not disclosed when the data subject first consented. 

 

How we collect student information

We collect student information via registration forms or secure file transfer including password protected email documents.

 

Student data is essential for Severnplus’ operational use. Whilst the majority of student information you provide to us is mandatory, some of it requested on a voluntary basis. In order to comply with the data protection legislation, we will inform you at the point of collection, whether you are required to provide certain student information to us or if you have a choice in this.

 

How we store student data

We hold student data securely for the set amount of time set out by the length of contract from your local authority.

 

Who we share student information with

We routinely share student information with:

·      Centres’ that the students attend after leaving us

·      Your local authority

·      The Department for Education (DfE) if applicable

·      Relevant Social Servants

·      Emergency Medical Staff 

 

Why we regularly share student information

We do not share information about our students with anyone without consent unless the law and our policies allow us to do so.

Youth support services

Students aged 16+

We will also share certain information about students aged 16+ with Your local authority and / or provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996.

This enables them to provide services as follows:

·      post-16 education and training providers

·      youth support services

·      careers advisers

Data is securely transferred to the youth support service via secure file transfer.

For more information about services for young people, please visit Your local authority website.

How long do we store your data

 

We store your data only for the length of the contact with your authority.

 

Department for Education

The Department for Education (DfE) collects personal data from educational settings and local authorities via various statutory data collections. We are required to share information about our students with the Department for Education (DfE) either directly or via our local authority for the purpose of those data collections, under:

regulation 4 of The Education (Information About Individual Students) (England) Regulations 2013.

All data is transferred securely and held by DfE under a combination of software and hardware controls, which meet the current government security policy framework.

For more information, please see ‘How Government uses your data’ section.

Requesting access to your personal data

Under data protection legislation, parents and students have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact our data protection officer: Nick Storer nstrainingservices@live.co.uk

 

You also have the right to:

·      object to processing of personal data that is likely to cause, or is causing, damage or distress

·      prevent processing for the purpose of direct marketing

·      object to decisions being taken by automated means

·      in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and

·      a right to seek redress, either through the ICO, or through the courts

 

If you have a concern or complaint about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/

 

Contact

If you would like to discuss anything in this privacy notice, please contact:

David Reeves, Director, Severnplus: david@severnplus.co.uk

Nick Storer, DPO, nstrainingsrevices@live.co.uk


How Government uses your data

The student data that we lawfully share with the DfE through data collections:

·      underpins school funding, which is calculated based upon the numbers of children and their characteristics in each school.

·      informs ‘short term’ education policy monitoring and school accountability and intervention (for example, school GCSE results or Student Progress measures).

·      supports ‘longer term’ research and monitoring of educational policy (for example how certain subject choices go on to affect education or earnings beyond school)

Data collection requirements

To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools

The National Student Database (NPD)

Much of the data about students in England goes on to be held in the National Student Database (NPD).

The NPD is owned and managed by the Department for Education and contains information about students in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department.

It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.

To find out more about the NPD, go to https://www.gov.uk/government/publications/national-student-database-user-guide-and-supporting-information

 

Sharing by the Department

The law allows the Department to share students’ personal data with certain third parties, including:

·      schools

·      local authorities

·      researchers

·      organisations connected with promoting the education or wellbeing of children in England

·      other government departments and agencies

·      organisations fighting or identifying crime

For more information about the Department’s NPD data sharing process, please visit:

https://www.gov.uk/data-protection-how-we-collect-and-share-research-data

 

Organisations fighting or identifying crime may use their legal powers to contact DfE to request access to individual level information relevant to detecting that crime. Whilst numbers fluctuate slightly over time, DfE typically supplies data on around 600 students per year to the Home Office and roughly 1 per year to the Police.

For information about which organisations the Department has provided student information, (and for which project) or to access a monthly breakdown of data share volumes with Home Office and the Police please visit the following website: https://www.gov.uk/government/publications/dfe-external-data-shares

 

 

To contact DfE: https://www.gov.uk/contact-dfe