DATA PROTECTION POLICY Reviewed September 2015
Ledbury Primary School Data Protection policy
DATA PROTECTION POLICY Reviewed September 2015 This Policy should be read in conjunction with the E-Security Policy
Review: September 2017
Ledbury Primary School Data Protection policy
LEDBURY PRIMARY SCHOOL DATA PROTECTION POLICY 1.
Introduction Data is held by the school for the performance of statutory duties and for the provision of services. Ledbury Primary School is committed to ensuring that personal data is properly managed in compliance with the Data Protection Act 1998 and the Freedom of Information Act 2000 (FIA). The School will make every effort to meet its obligations under the legislation and will regularly review procedures to ensure that it is doing so. The Data Protection Act 1998 applies to: personal data of living, identifiable individuals (not anonymised data); manual and electronic records. The Freedom of Information Act 2000 (FIA) amends the DPA. It gives everyone the right to request any records the school holds about them. The school may withhold information if it is considered the information may damage the recipient, if disclosed. This policy should be read in conjunction with the E-Security Policy.
2.
Scope This policy applies to all employees, governors, contractors, representatives and temporary staff working for or on behalf of the School. This policy applies to all personal information created or held by the School in whatever format (e.g. paper, electronic, email) and however it is stored, (e.g database, shared drive filing structure, email, filing cabinet).
3.
Responsibilities The Governors have overall responsibility for compliance with the DPA. The Head teacher, Julie Rees, is responsible for ensuring that appropriate training is provided for all staff. Senior Risk Information Officers (SIRO) Julie Rees, Rachel Ussher and Laura Butler are responsible for ensuring compliance with the DPA and this policy within the day to day activities of the School. Information Asset Owners (IAOs) Lynne Cochrane and Julie Rees identify the various types of data being held (eg pupil information/ staff information / assessment data etc) and will manage and address risks to the information.
Ledbury Primary School Data Protection policy
It is the responsibility of all users and keepers of data at Ledbury Primary School to comply with the DPA and ensure that personal information is kept and processed in line with the DPA. Failure to comply may result in disciplinary action. A breach could ultimately result in Ledbury Primary School being prohibited from processing data.
4.
Terminology
5.
Personal data – data relating to any living individual, or from which a living individual can be identified; this can take the form of electronic or manual records as well as photographic images. Sensitive personal data – personal data relating to an individual’s mental or physical health, race/ethnic origin, religious or political beliefs, sexual orientation or trade union membership. Data subject – an individual to whom any personal data relates. Data controller – any organisation that is responsible for processing personal data. Ledbury Primary School is registered as a Data controller.
Principles of Data Protection The DPA covers the collection, storing, editing, retrieving, disclosure, archiving and destruction of data. The DPA stipulates that anyone processing personal data must comply with eight principles of good practice; these principles are legally enforceable. The principles require that personal information:
is processed fairly and lawfully and in particular, shall not be processed unless specific conditions are met; is obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes; is adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed; is accurate and where necessary, kept up to date; is be kept for longer than is necessary for that purpose or those purposes; is processed in accordance with the rights of data subjects under the Act; is kept secure i.e. protected by an appropriate degree of security; is not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of data protection.
The School holds information on pupils and in doing so must follow the requirements of the DPA. This means that data held about pupils must only be used for specific purposes that are allowed by the Act. The rules regarding personal data also apply to all employees. Whenever information is collected about individuals they must be made aware of the following:
The identity of the data controller, i.e the School; The purpose that the information is being collected for; Any other purposes that it may be used for;
Ledbury Primary School Data Protection policy
Who the information will or may be shared with; and How to contact the data controller.
This information is provided through the Ledbury Primary School Privacy Notices, supplied to all parents and employees. See Appendix 1.
6.
Notification Ledbury Primary School is a Data Controller registered with the Information Commissioner on the public register of data controllers. The DPA requires every data controller who is processing personal data to notify and renew their notification on an annual basis. Failure to do so is a criminal offence. Ledbury Primary School registration is renewed on 1st October each year. The School will review the Data Protection Register (https://ico.org.uk/) annually, prior to renewing the notification to the Information Commissioner.
7.
Provision of Data It is a criminal offence to knowingly or recklessly obtain or disclose information about an individual without legitimate cause. Relevant, confidential data should only be given to:
other members of staff on a need to know basis; relevant rarents/guardians; other authorities if it is necessary in the public interest, e.g. prevention of crime; other authorities, such as the Local Authority, schools to which a pupil may move, the DfE.
The School should not disclose anything on a pupil’s record which would be likely to cause serious harm to their physical or mental health or that of anyone else. Therefore, those who create such records should ensure that such information is separated from other records. Where there is doubt or statutory requirements conflict advice should be obtained from the Head teacher. When giving information to an individual, particularly by telephone, it is most important that the individual’s identity is verified. 8.
The individual’s right to access their personal information Any person whose details are held by the School is entitled, under the FIA, to ask for a copy of all information held about them (or child for which they are responsible).
Ledbury Primary School Data Protection policy
The Information Commissioner’s guidance for children is that as soon as children are able to understand their rights under the Act, they should exercise rights on their own. The guidance states that children by the age of 12 have sufficient understanding to make their own decisions. For pupils at Ledbury Primary School, parents or guardians will exercise rights for pupils. Ledbury Primary School therefore relies on parental or guardian consent to process data relating to pupils. In addition, parents have their own independent right under The Education (Pupil Information) (England) Regulations 2000 of access to the official education records of their children. All requests should be made in writing to the Headteacher. The applicant must provide copies of at least two documents to prove identity. The school does not give personal information over the telephone. An acknowledgement will be sent to the applicant within 5 working days. The Headteacher, or in her absence the Deputy Headeacher, must authorise the applicant's request for access before any information is disclosed. The School may also wish to take advice from the LA in relation to disclosure. If the applicant’s request for access is granted, Ledbury Primary School will take all reasonable steps to:
provide the information requested within the time limits defined under the DPA (40 calendar days) ensure that the information provided is complete and accurate, for example may include e-mail messages correct any errors in the information held as and when notified provide reasons why we hold the information provide details of the source of the information provide details of the people or organisations that might receive the information
and will grant the applicant one face-to-face meeting if requested. Ledbury Primary School has the right to withhold personal data if it:
is subject to a duty of confidentiality, e.g. confidential references given by or received by the school is subject to legal professional privilege is being used to investigate crime or detect fraud is being used for management forecasting or planning would prejudice negotiations to reveal the data is, in the opinion of the School, likely to cause serious harm to the physical or mental health of the data subject or another person relates to health, education and social work, and is processed by a court and consists of information supplied in a report or other evidence to the court by a local authority is processed for the purposes of assessing suitability for conferring by the Crown of an honour another person, including any family member, has not given their written consent to disclose information that identifies them
Ledbury Primary School Data Protection policy
A record of the information disclosed in response to a request for access to information will be kept on the pupil’s file, including details of any exemptions to disclosure, 9.
Recording of Data Records should be kept in such a way that the individual concerned can inspect them. It should be correct, unbiased, unambiguous and clearly decipherable/readable. Where information is obtained from an outside source, details of the source and date obtained should be recorded. Any person whose details, or child’s details, are to be included on the School’s website will be required to give written consent. At the time the information is included all such individuals will be properly informed about the consequences of their data being disseminated worldwide.
10.
Inaccurate Data If an individual complains that the personal data held about them is wrong, incomplete or inaccurate, the position should be investigated thoroughly including checking with the source of the information. An individual is entitled to apply to the court for a correcting order and it is obviously preferable to avoid legal proceedings by working with the person to correct the data or allay their concerns.
11.
Retention and Disposal of Data The DPA states that “Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or purposes”. Data is retained and destroyed in accordance with the Ledbury Primary School retention schedule which follows the Records Management Society of Great Britain Retention Guidelines for Schools. At the end of the retention period, electronic data is deleted and manual data is shredded. Hard discs from file servers, laptops and PCs are physically destroyed when the equipment is decommissioned.
12.
Information Security All members of staff should be constantly aware of the possibility of personal data being seen by unauthorised personnel. For example, possibilities may arise when computer screens are visible to the general public; files may be seen by the cleaners if left on desks overnight (all papers must be locked in cabinets when not in use). The use of computer passwords is a requirement of the school to avoid unauthorised access.
Ledbury Primary School Data Protection policy
13.
Breach of the policy Ledbury Primary School wishes to promote the highest standards in relation to good practice and security in the use of data. Consequently it expects and supports the integrity of its staff. Non-compliance with the requirements of the DPA by members of staff could lead to serious action being taken by third parties against the school. Non-compliance by a member of staff is therefore considered a disciplinary matter which, depending on the circumstances, could lead to dismissal. It should be noted that an individual can commit a criminal offence under the Act, for example, by obtaining and/or disclosing personal data for his/her own purposes without the consent of the data controller.
14.
Complaints/Means of Appeal Complaints can be made using the School’s Complaints Procedure. Alternatively, representation may be made to : Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Tel (01626) 545 700. The Information Commissioner is responsible for ensuring compliance with the Data Protection Act.
Ledbury Primary School Data Protection policy
APPENDIX 1 PARENT AND PUPIL PRIVACY NOTICE
PRIVACY NOTICE for LEDBURY PRIMARY SCHOOL
Privacy Notice - Data Protection Act 1998 We, Ledbury Primary School, are a data controller for the purposes of the Data Protection Act. We collect personal information from you and may receive information about you from your previous school and the Learning Records Service. We hold this personal data to:
Support your learning; Monitor and report on your progress; Provide appropriate pastoral care, and Assess how well we are doing.
Information about you that we hold includes your contact details, national curriculum assessment results, attendance information1 and personal characteristics such as your ethnic group, any special educational needs you may have and relevant medical information. We will not give information about you to anyone without your consent unless the law and our policies allow us to. We are required by law to pass some information about you to our Local Authority (LA) and the Department for Education. If you want to receive a copy of the information about you that we hold or share, please contact Mrs. Cochrane, the school business manager. If you need more information about how the LA and DfE store and use your information, then please go to the following websites: https://www.herefordshire.gov.uk or https://www.gov.uk/data-protection-how-we-collect-and-share-research-data If you cannot access these websites, please contact the LA or DfE as follows:
1
Mr. I Sockett Herefordshire Council Plough Lane Hereford HR4 0LE Tel: 01432 260000
Attendance information is NOT collected as part of the Censuses for the Department for Education for the following pupils / children - a) in Nursery schools; b) aged under 4 years in Maintained schools; c) in Alternative Provision; and d) in Early Years Settings. This footnote can be removed where Local Authorities collect such attendance information for their own specific purposes.
Ledbury Primary School Data Protection policy
Public Communications Unit Department for Education Sanctuary Buildings Great Smith Street London SW1P 3BT Website: education Email: Telephone:
https://www.gov.uk/government/organisations/department-forhttp://www.education.gov.uk/help/contactus 0370 000 2288
Ledbury Primary School Data Protection policy
APPENDIX 1 SCHOOL WORKFORCE PRIVACY NOTICE
PRIVACY NOTICE FOR LEDBURY PRIMARY SCHOOL School Workforce
Privacy Notice - Data Protection Act 1998 We, Ledbury Primary School, are the Data Controller for the purposes of the Data Protection Act. Personal data is held by the school about those employed or otherwise engaged to work at the school or Local Authority. This is to assist in the smooth running of the school and/or enable individuals to be paid. The collection of this information will benefit both national and local users by:
Improving the management of school workforce data across the sector; Enabling a comprehensive picture of the workforce and how it is deployed to be built up; Informing the development of recruitment and retention policies; Allowing better financial modeling and planning; Enabling ethnicity and disability monitoring; and Supporting the work of the School Teachers’ Review Body.
This personal data includes some or all of the following - identifiers such as name and National Insurance Number and characteristics such as ethnic group; employment contract and remuneration details, qualifications and absence information. We will not give information about you to anyone outside the school or Local Authority (LA) without your consent unless the law and our rules allow us to. We are required by law to pass on some of this data to: • •
the LA the Department for Education (DfE)
If you require more information about how the LA and/or DfE store and use this data please go to the following websites: • •
https://www.herefordshire.gov.uk https://www.gov.uk/data-protection-how-we-collect-and-share-research-data
If you are unable to access these websites, please contact the LA or DfE as follows:
Mr. I. Sockett Herefordshire Council Plough Lane Hereford HR4 0LE Tel: 01432 260000
Ledbury Primary School Data Protection policy
Public Communications Unit Department for Education Sanctuary Buildings Great Smith Street London SW1P 3BT Website: education
https://www.gov.uk/government/organisations/department-for-
Email:
[email protected]
Telephone:
0370 000 2288.
DATA PROTECTION POLICY Reviewed September 2015 This Policy should be read in conjunction with the E-Security Policy
Review: September 2017
Ledbury Primary School Data Protection policy
LEDBURY PRIMARY SCHOOL DATA PROTECTION POLICY 1.
Introduction Data is held by the school for the performance of statutory duties and for the provision of services. Ledbury Primary School is committed to ensuring that personal data is properly managed in compliance with the Data Protection Act 1998 and the Freedom of Information Act 2000 (FIA). The School will make every effort to meet its obligations under the legislation and will regularly review procedures to ensure that it is doing so. The Data Protection Act 1998 applies to: personal data of living, identifiable individuals (not anonymised data); manual and electronic records. The Freedom of Information Act 2000 (FIA) amends the DPA. It gives everyone the right to request any records the school holds about them. The school may withhold information if it is considered the information may damage the recipient, if disclosed. This policy should be read in conjunction with the E-Security Policy.
2.
Scope This policy applies to all employees, governors, contractors, representatives and temporary staff working for or on behalf of the School. This policy applies to all personal information created or held by the School in whatever format (e.g. paper, electronic, email) and however it is stored, (e.g database, shared drive filing structure, email, filing cabinet).
3.
Responsibilities The Governors have overall responsibility for compliance with the DPA. The Head teacher, Julie Rees, is responsible for ensuring that appropriate training is provided for all staff. Senior Risk Information Officers (SIRO) Julie Rees, Rachel Ussher and Laura Butler are responsible for ensuring compliance with the DPA and this policy within the day to day activities of the School. Information Asset Owners (IAOs) Lynne Cochrane and Julie Rees identify the various types of data being held (eg pupil information/ staff information / assessment data etc) and will manage and address risks to the information.
Ledbury Primary School Data Protection policy
It is the responsibility of all users and keepers of data at Ledbury Primary School to comply with the DPA and ensure that personal information is kept and processed in line with the DPA. Failure to comply may result in disciplinary action. A breach could ultimately result in Ledbury Primary School being prohibited from processing data.
4.
Terminology
5.
Personal data – data relating to any living individual, or from which a living individual can be identified; this can take the form of electronic or manual records as well as photographic images. Sensitive personal data – personal data relating to an individual’s mental or physical health, race/ethnic origin, religious or political beliefs, sexual orientation or trade union membership. Data subject – an individual to whom any personal data relates. Data controller – any organisation that is responsible for processing personal data. Ledbury Primary School is registered as a Data controller.
Principles of Data Protection The DPA covers the collection, storing, editing, retrieving, disclosure, archiving and destruction of data. The DPA stipulates that anyone processing personal data must comply with eight principles of good practice; these principles are legally enforceable. The principles require that personal information:
is processed fairly and lawfully and in particular, shall not be processed unless specific conditions are met; is obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes; is adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed; is accurate and where necessary, kept up to date; is be kept for longer than is necessary for that purpose or those purposes; is processed in accordance with the rights of data subjects under the Act; is kept secure i.e. protected by an appropriate degree of security; is not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of data protection.
The School holds information on pupils and in doing so must follow the requirements of the DPA. This means that data held about pupils must only be used for specific purposes that are allowed by the Act. The rules regarding personal data also apply to all employees. Whenever information is collected about individuals they must be made aware of the following:
The identity of the data controller, i.e the School; The purpose that the information is being collected for; Any other purposes that it may be used for;
Ledbury Primary School Data Protection policy
Who the information will or may be shared with; and How to contact the data controller.
This information is provided through the Ledbury Primary School Privacy Notices, supplied to all parents and employees. See Appendix 1.
6.
Notification Ledbury Primary School is a Data Controller registered with the Information Commissioner on the public register of data controllers. The DPA requires every data controller who is processing personal data to notify and renew their notification on an annual basis. Failure to do so is a criminal offence. Ledbury Primary School registration is renewed on 1st October each year. The School will review the Data Protection Register (https://ico.org.uk/) annually, prior to renewing the notification to the Information Commissioner.
7.
Provision of Data It is a criminal offence to knowingly or recklessly obtain or disclose information about an individual without legitimate cause. Relevant, confidential data should only be given to:
other members of staff on a need to know basis; relevant rarents/guardians; other authorities if it is necessary in the public interest, e.g. prevention of crime; other authorities, such as the Local Authority, schools to which a pupil may move, the DfE.
The School should not disclose anything on a pupil’s record which would be likely to cause serious harm to their physical or mental health or that of anyone else. Therefore, those who create such records should ensure that such information is separated from other records. Where there is doubt or statutory requirements conflict advice should be obtained from the Head teacher. When giving information to an individual, particularly by telephone, it is most important that the individual’s identity is verified. 8.
The individual’s right to access their personal information Any person whose details are held by the School is entitled, under the FIA, to ask for a copy of all information held about them (or child for which they are responsible).
Ledbury Primary School Data Protection policy
The Information Commissioner’s guidance for children is that as soon as children are able to understand their rights under the Act, they should exercise rights on their own. The guidance states that children by the age of 12 have sufficient understanding to make their own decisions. For pupils at Ledbury Primary School, parents or guardians will exercise rights for pupils. Ledbury Primary School therefore relies on parental or guardian consent to process data relating to pupils. In addition, parents have their own independent right under The Education (Pupil Information) (England) Regulations 2000 of access to the official education records of their children. All requests should be made in writing to the Headteacher. The applicant must provide copies of at least two documents to prove identity. The school does not give personal information over the telephone. An acknowledgement will be sent to the applicant within 5 working days. The Headteacher, or in her absence the Deputy Headeacher, must authorise the applicant's request for access before any information is disclosed. The School may also wish to take advice from the LA in relation to disclosure. If the applicant’s request for access is granted, Ledbury Primary School will take all reasonable steps to:
provide the information requested within the time limits defined under the DPA (40 calendar days) ensure that the information provided is complete and accurate, for example may include e-mail messages correct any errors in the information held as and when notified provide reasons why we hold the information provide details of the source of the information provide details of the people or organisations that might receive the information
and will grant the applicant one face-to-face meeting if requested. Ledbury Primary School has the right to withhold personal data if it:
is subject to a duty of confidentiality, e.g. confidential references given by or received by the school is subject to legal professional privilege is being used to investigate crime or detect fraud is being used for management forecasting or planning would prejudice negotiations to reveal the data is, in the opinion of the School, likely to cause serious harm to the physical or mental health of the data subject or another person relates to health, education and social work, and is processed by a court and consists of information supplied in a report or other evidence to the court by a local authority is processed for the purposes of assessing suitability for conferring by the Crown of an honour another person, including any family member, has not given their written consent to disclose information that identifies them
Ledbury Primary School Data Protection policy
A record of the information disclosed in response to a request for access to information will be kept on the pupil’s file, including details of any exemptions to disclosure, 9.
Recording of Data Records should be kept in such a way that the individual concerned can inspect them. It should be correct, unbiased, unambiguous and clearly decipherable/readable. Where information is obtained from an outside source, details of the source and date obtained should be recorded. Any person whose details, or child’s details, are to be included on the School’s website will be required to give written consent. At the time the information is included all such individuals will be properly informed about the consequences of their data being disseminated worldwide.
10.
Inaccurate Data If an individual complains that the personal data held about them is wrong, incomplete or inaccurate, the position should be investigated thoroughly including checking with the source of the information. An individual is entitled to apply to the court for a correcting order and it is obviously preferable to avoid legal proceedings by working with the person to correct the data or allay their concerns.
11.
Retention and Disposal of Data The DPA states that “Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or purposes”. Data is retained and destroyed in accordance with the Ledbury Primary School retention schedule which follows the Records Management Society of Great Britain Retention Guidelines for Schools. At the end of the retention period, electronic data is deleted and manual data is shredded. Hard discs from file servers, laptops and PCs are physically destroyed when the equipment is decommissioned.
12.
Information Security All members of staff should be constantly aware of the possibility of personal data being seen by unauthorised personnel. For example, possibilities may arise when computer screens are visible to the general public; files may be seen by the cleaners if left on desks overnight (all papers must be locked in cabinets when not in use). The use of computer passwords is a requirement of the school to avoid unauthorised access.
Ledbury Primary School Data Protection policy
13.
Breach of the policy Ledbury Primary School wishes to promote the highest standards in relation to good practice and security in the use of data. Consequently it expects and supports the integrity of its staff. Non-compliance with the requirements of the DPA by members of staff could lead to serious action being taken by third parties against the school. Non-compliance by a member of staff is therefore considered a disciplinary matter which, depending on the circumstances, could lead to dismissal. It should be noted that an individual can commit a criminal offence under the Act, for example, by obtaining and/or disclosing personal data for his/her own purposes without the consent of the data controller.
14.
Complaints/Means of Appeal Complaints can be made using the School’s Complaints Procedure. Alternatively, representation may be made to : Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Tel (01626) 545 700. The Information Commissioner is responsible for ensuring compliance with the Data Protection Act.
Ledbury Primary School Data Protection policy
APPENDIX 1 PARENT AND PUPIL PRIVACY NOTICE
PRIVACY NOTICE for LEDBURY PRIMARY SCHOOL
Privacy Notice - Data Protection Act 1998 We, Ledbury Primary School, are a data controller for the purposes of the Data Protection Act. We collect personal information from you and may receive information about you from your previous school and the Learning Records Service. We hold this personal data to:
Support your learning; Monitor and report on your progress; Provide appropriate pastoral care, and Assess how well we are doing.
Information about you that we hold includes your contact details, national curriculum assessment results, attendance information1 and personal characteristics such as your ethnic group, any special educational needs you may have and relevant medical information. We will not give information about you to anyone without your consent unless the law and our policies allow us to. We are required by law to pass some information about you to our Local Authority (LA) and the Department for Education. If you want to receive a copy of the information about you that we hold or share, please contact Mrs. Cochrane, the school business manager. If you need more information about how the LA and DfE store and use your information, then please go to the following websites: https://www.herefordshire.gov.uk or https://www.gov.uk/data-protection-how-we-collect-and-share-research-data If you cannot access these websites, please contact the LA or DfE as follows:
1
Mr. I Sockett Herefordshire Council Plough Lane Hereford HR4 0LE Tel: 01432 260000
Attendance information is NOT collected as part of the Censuses for the Department for Education for the following pupils / children - a) in Nursery schools; b) aged under 4 years in Maintained schools; c) in Alternative Provision; and d) in Early Years Settings. This footnote can be removed where Local Authorities collect such attendance information for their own specific purposes.
Ledbury Primary School Data Protection policy
Public Communications Unit Department for Education Sanctuary Buildings Great Smith Street London SW1P 3BT Website: education Email: Telephone:
https://www.gov.uk/government/organisations/department-forhttp://www.education.gov.uk/help/contactus 0370 000 2288
Ledbury Primary School Data Protection policy
APPENDIX 1 SCHOOL WORKFORCE PRIVACY NOTICE
PRIVACY NOTICE FOR LEDBURY PRIMARY SCHOOL School Workforce
Privacy Notice - Data Protection Act 1998 We, Ledbury Primary School, are the Data Controller for the purposes of the Data Protection Act. Personal data is held by the school about those employed or otherwise engaged to work at the school or Local Authority. This is to assist in the smooth running of the school and/or enable individuals to be paid. The collection of this information will benefit both national and local users by:
Improving the management of school workforce data across the sector; Enabling a comprehensive picture of the workforce and how it is deployed to be built up; Informing the development of recruitment and retention policies; Allowing better financial modeling and planning; Enabling ethnicity and disability monitoring; and Supporting the work of the School Teachers’ Review Body.
This personal data includes some or all of the following - identifiers such as name and National Insurance Number and characteristics such as ethnic group; employment contract and remuneration details, qualifications and absence information. We will not give information about you to anyone outside the school or Local Authority (LA) without your consent unless the law and our rules allow us to. We are required by law to pass on some of this data to: • •
the LA the Department for Education (DfE)
If you require more information about how the LA and/or DfE store and use this data please go to the following websites: • •
https://www.herefordshire.gov.uk https://www.gov.uk/data-protection-how-we-collect-and-share-research-data
If you are unable to access these websites, please contact the LA or DfE as follows:
Mr. I. Sockett Herefordshire Council Plough Lane Hereford HR4 0LE Tel: 01432 260000
Ledbury Primary School Data Protection policy
Public Communications Unit Department for Education Sanctuary Buildings Great Smith Street London SW1P 3BT Website: education
https://www.gov.uk/government/organisations/department-for-
Email:
[email protected]
Telephone:
0370 000 2288.
