We, Selsdon Primary School, are the Data Controller for the purposes of the General Data Protection Regulation.
The categories of school workforce information that we collect, process, hold and share
The categories of information that we collect, process, hold and share about those employed or otherwise engaged to work at the school, include:
- Personal information (such as name, address, employee or teacher number, national insurance number)
- Special categories of data, including characteristics information, such as gender, age, ethnic group
- Contract information (such as start dates, hours worked, post, roles and salary information)
- Work absence information (such as the number of absences and reasons)
- Qualifications and where relevant subjects taught
- Relevant medical information, including Health Check clearance and Occupational Health referrals
- Disclosure and Barring Service information
- Performance Management and staff disciplinary information
Why we Collect and Use this Information
We use school workforce data to:
- Enable a comprehensive picture of the workforce and how it is deployed;
- Inform the development of recruitment and retention policies;
- Enable individuals to be paid
- Allow better financial modeling and planning;
- Enable ethnicity and disability monitoring.
The lawful basis on which we process this information
We will not give information about you to anyone without your consent unless the law and our policies allow us to. We collect and use personal data in order to meet legal requirements and legitimate interests set out in the General Data Protection Regulations (GDPR) and UK Law, including those in relation to the following:
- Article 6 and Article 9 of the GDPR
- Education Act 1996
Collecting this information
Whilst the majority of data you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the data protection legislation, we will inform you whether you are required to provide certain school workforce information to us or if you have a choice in this.
Storing this information
Personal data relating to school workforce at Selsdon Primary School is stored in line with the school’s GDPR Protection Policy. In accordance with the GDPR, the school does not store personal data indefinitely; data is only stored for as long as is necessary to complete the task for which it was originally collected.
Who we share this information with
We routinely share this information with:
- Our Local Authority
- NHS
- The Department for Education (DfE)
- Medigold, our Occupational Health provider
- Octavo, our HR provider
- Strictly Education, our payroll provider
- Strictly Education, our DBS provider
- ParentPay and Teachers2Parents, who provide text and email services and on-line payments
- Cunningham Tills, who provide our cashless till services
- Teachers Pensions and Local Government Pension Scheme, who provide pension services for our staff
- The Local Authority financial auditors
Why we share school workforce information
We will not give information about you to anyone outside the school or Local Authority (LA) without your consent unless the law and our policies allow us to.
Local Authority
We are required to share information about our workforce members with our local authority (LA) under section 5 of the Education (Supply of Information about the School Workforce) (England) Regulations 2007 and amendments.
Department for Education (DfE)
We share personal data with the Department for Education (DfE) on a statutory basis. This data sharing underpins workforce policy monitoring, evaluation, and links to school funding / expenditure and the assessment educational attainment.
Data Collection requirements
The Department may share information about school employees with third parties who promote the education or well-being of children or the effective deployment of school staff in England by:
- conducting research or analysis
- producing statistics
- providing information, advice or guidance
The Department has robust processes in place to ensure that the confidentiality of personal data is maintained and there are stringent controls in place regarding access to it and its use. Decisions on whether DfE releases personal data to third parties are subject to a strict approval process and based on a detailed assessment of:
- who is requesting the data
- the purpose for which it is required
- the level and sensitivity of data requested; and
- the arrangements in place to securely store and handle the data
To be granted access to school workforce information, organisations must comply with its strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
For more information about the Department’s data sharing process, please visit:
https://www.gov.uk/data-protection-how-we-collect-and-share-research-data
To contact the Department: https://www.gov.uk/contact-dfe
Requesting access to your personal data
Under data protection legislation, you have the right to request access to information about you that we hold. To make a request for your personal information, contact the school’s Data Protection Officer, South Croydon Cluster DPO Services at dpo@sccgdprservices.co.uk
What are your rights?
You have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress;
- prevent processing for the purpose of direct marketing;
- object to decisions being taken by automated means;
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed;
- claim compensation for damages caused by a breach of the Data Protection regulations.
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office on 03031233333, Monday to Friday 9am-5pm or at https://ico.org.uk/concerns/
Further Information
If you would like to discuss anything in this Privacy Notice, please contact the Data Protection Officer at dpo@sccgdprservices.co.uk