We, Selsdon Primary School, are the Data Controller for the purposes of the General Data Protection Regulation.
See our update on Coronavirus – Track and Trace below
The categories of school workforce information that we collect, process, hold and share
The categories of information that we collect, process, hold and share about those employed or otherwise engaged to work at the school, include:
- Personal information (such as name, address, employee or teacher number, national insurance number)
- Special categories of data, including characteristics information, such as gender, age, ethnic group
- Contract information (such as start dates, hours worked, post, roles and salary information)
- Work absence information (such as the number of absences and reasons)
- Qualifications and where relevant subjects taught
- Relevant medical information, including Health Check clearance and Occupational Health referrals
- Disclosure and Barring Service information
- Performance Management and staff disciplinary information
Why we Collect and Use this Information
We use school workforce data to:
- Enable a comprehensive picture of the workforce and how it is deployed;
- Inform the development of recruitment and retention policies;
- Enable individuals to be paid
- Allow better financial modeling and planning;
- Enable ethnicity and disability monitoring.
The lawful basis on which we process this information
We will not give information about you to anyone without your consent unless the law and our policies allow us to. We collect and use personal data in order to meet legal requirements and legitimate interests set out in the General Data Protection Regulations (GDPR) and UK Law, including those in relation to the following:
- Article 6 and Article 9 of the GDPR
- Education Act 1996
Collecting this information
Whilst the majority of data you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the data protection legislation, we will inform you whether you are required to provide certain school workforce information to us or if you have a choice in this.
Storing this information
Personal data relating to school workforce at Selsdon Primary School is stored in line with the school’s GDPR Protection Policy. In accordance with the GDPR, the school does not store personal data indefinitely; data is only stored for as long as is necessary to complete the task for which it was originally collected.
Who we share this information with
We routinely share this information with:
- Our Local Authority
- The Department for Education (DfE)
- Medigold, our Occupational Health provider
- Octavo, our HR provider
- Strictly Education, our payroll provider
- Strictly Education, our DBS provider
- ParentPay and Teachers2Parents, who provide text and email services and on-line payments
- Cunningham Tills, who provide our cashless till services
- Teachers Pensions and Local Government Pension Scheme, who provide pension services for our staff
- Mazars, the Local Authority financial auditors
Why we share school workforce information
We will not give information about you to anyone outside the school or Local Authority (LA) without your consent unless the law and our policies allow us to.
We are required to share information about our workforce members with our local authority (LA) under section 5 of the Education (Supply of Information about the School Workforce) (England) Regulations 2007 and amendments.
Department for Education (DfE)
We share personal data with the Department for Education (DfE) on a statutory basis. This data sharing underpins workforce policy monitoring, evaluation, and links to school funding / expenditure and the assessment educational attainment.
Data Collection requirements
The Department may share information about school employees with third parties who promote the education or well-being of children or the effective deployment of school staff in England by:
- conducting research or analysis
- producing statistics
- providing information, advice or guidance
The Department has robust processes in place to ensure that the confidentiality of personal data is maintained and there are stringent controls in place regarding access to it and its use. Decisions on whether DfE releases personal data to third parties are subject to a strict approval process and based on a detailed assessment of:
- who is requesting the data
- the purpose for which it is required
- the level and sensitivity of data requested; and
- the arrangements in place to securely store and handle the data
To be granted access to school workforce information, organisations must comply with its strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
For more information about the Department’s data sharing process, please visit:
To contact the Department: https://www.gov.uk/contact-dfe
Requesting access to your personal data
Under data protection legislation, you have the right to request access to information about you that we hold. To make a request for your personal information, contact the school’s Data Protection Officer, South Croydon Cluster DPO Services at firstname.lastname@example.org
What are your rights?
You have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress;
- prevent processing for the purpose of direct marketing;
- object to decisions being taken by automated means;
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed;
- claim compensation for damages caused by a breach of the Data Protection regulations.
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office on 03031233333, Monday to Friday 9am-5pm or at https://ico.org.uk/concerns/
If you would like to discuss anything in this Privacy Notice, please contact the Data Protection Officer at email@example.com
UPDATE: Coronavirus – Track and Trace
Responding to the Coronavirus advice from the Government is an obligation on all schools in England. The development of the NHS ‘Track and Trace’ scheme is a key part of the government plan to manage Coronavirus. As all pupils are returning to our schools, the safety and wellbeing of pupils, staff and their families is a priority. Planning to manage a safe return is in place, however our responsibility extends beyond the school gates.
We hold a lot of data, and it may be necessary for us to share that data on request from NHS Track and Trace workers. We will do this and will play our part in making this process as effective as possible. It is likely that we will be asked to provide contact details if a case of Coronavirus or a suspected case arises in our school. There is an obligation to support the government planning. We will provide details as requested to do this.
We will be sharing data on the basis that this is a Public Duty (see below) and that in the case of any health data it is necessary for the public interest, as set out. Please be assured that we will keep a record of information that we share. This Privacy Notice should be read alongside the other GDPR and Data Protection here on our blog.
NHS Test and Trace and the law
The law on protecting personally identifiable information, known as the General Data Protection Regulation (GDPR), allows Public Health England to use the personal information collected by NHS Test and Trace.
The section of the GDPR that applies is:
Article 6(1)(e) ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’
As information about health is a special category of personal information, a further section of the GDPR applies:
Article 9(2)(i) ‘processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of healthcare’
Public Health England also has special permission from the Secretary of State for Health and Social Care to use personally identifiable information without people’s consent where this is in the public interest. This is known as ‘Section 251’ approval and includes the use of the information collected by NHS Test and Trace to help protect the public from coronavirus. The part of the law that applies here is Section 251 of the National Health Service Act 2006 and the associated Health Service (Control of Patient Information) Regulations 200