GDPR (General Data Protection Regulation)
25th May 2018 saw the implementation of the General Data Protection Regulation and the implementation of the Data Protection Act 2018. They both exist to protect individuals’ data and cover a series of safeguards, clarifying how is it being stored, shared and used. In schools we handle data every day, and are required to store data for legitimate purposes and legal obligations to safeguard our staff and pupils.
The documents below help us manage the data effectively and securely. If you require any further information regarding our GDPR policies and procedures, please contact our Admin team on 01332 571704 or via email on admin@alvastoni.derby.sch.uk.
Our Data Protection Officer is John Walker. He can be contacted directly at john@jawalker.co.uk.
Subject Access Requests
As an organisation we collect and process data about individuals. We explain what information we collect, and why in our Privacy Notices.Any individual, or person with parental responsibility, or young person with sufficient capacity to make a request is entitled to ask what information is held. Copies of the information shall also be made available on request. A form to complete is available.
To ensure that requests are dealt with in an effective and timely manner we may seek to clarify the terms of a request.To collate and manage requests we have designated our School Business Manager to co-ordinate all requests. Please ensure that requests are made on the form to Suzie Simpson, School Business Manager.
Consent
As a school we will seek consent from staff, volunteers, young people, parents and carers to collect and process their data. We will be clear about our reasons for requesting the data and how we will use it. There are contractual, statutory and regulatory occasions when consent is not required.
We may process personal and sensitive data without consent if another provision applies.
Consent is defined by the UK GDPR as “any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.
We may seek consent from young people also, and this will be dependent on the child and the reason for processing. Pupils over 13 can give or withdraw consent.
GDPR Complaints
All Staff must be aware of the complaints process. All complaints should be directed to the Headteacher, Miss Allen and/or Data Protection Officer, John Walker. If any member of staff is aware that a person wishes to complain they should direct the person to the school website and the Complaints Policy. Miss Allen, John Walker and our Governing Body are responsible for dealing with all complaints in line with this procedure. The school complaints policy sets out the complaints process. This will be the basis for dealing with Data Protection Complaints and appeals. A written outcome will be provided.
If the school does not comply with a Subject Access Request within 1 month (subject to any extension), or refuses all or part of the request, written reasons will be provided, setting out the principles for the refusal. If you feel that the school/trust have not dealt with your matter satisfactorily you can complaint to the Information Commissioner.
You may complain in writing to: Customer Contact, Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF. Or by email: casework@ico.org.uk. More information is on the ICO website www.ico.org.uk/
COVID-19 Track and Trace Privacy Notice - click to download to your desktop