Cookies on Saint James School website

We use some essential cookies to make this service work.

We’d also like to use analytics cookies so we can understand how you use the service and make improvements.

View cookies
Skip to main content
  1. Home
  2. Performance and reporting
  3. Policies

Data Protection Policy

Contents

    Christian values

    The specific Christian Values of Love, Respect and Courage underpin, and are intrinsic to the ethos and belief of Saint James Church of England Primary School.

    Our vision

    At Saint James we accept challenges, take risks and work to make to make positive change in ourselves and our community.

    Focusing on building resilience and compassionate relationships allows everyone to flourish.

    Using our Christian values to guide us, we develop skills to navigate rough seas and transform our world.

    Be strong and courageous and do it.
    1 Chronicles 28:20

    General Data Protection Regulation (GDPR)

    The school collects and uses personal information (referred to in the General Data Protection Regulation (GDPR) as personal data) about staff, pupils, parents and other individuals who come into contact with the school. This information is gathered in order to enable the provision of education and other associated functions. In addition, the school may be required by law to collect, use and share certain information.

    The school is the Data Controller of the personal data that it collects and receives for these purposes. The school has one Data Protection Officer, Rebecca Gardiner, who may be contacted at the school office.

    The school issues Privacy Notices (also known as a Fair Processing Notices) to all pupils, parents, staff, governors and volunteers. These summarise the personal information held about pupils and staff, the purpose for which it is held and who it may be shared with. It also provides information about an individual's rights in respect of their personal data.

    Purpose

    This policy sets out how the school deals with personal information correctly and securely and in accordance with the GDPR, and other related legislation.

    This policy applies to all personal information however it is collected, used, recorded and stored by the school and whether it is held on paper or electronically.

    What is personal information/data?

    Personal information or data means any information relating to an identified or identifiable individual.

    An identifiable individual is one who can be identified, directly or indirectly by reference to details such as a name, an identification number, location data, an online identifier or by their physical, physiological, genetic, mental, economic, cultural or social identity.

    Personal data includes (but is not limited to) an individual's, name, address, date of birth, photograph, bank details and other information that identifies them.

    Principles

    The GDPR establishes six principles as well as a number of additional duties that must be adhered to at all times:

    1. Personal data shall be processed lawfully, fairly and in a transparent manner.

    2. Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (subject to exceptions for specific archiving purposes).

    3. Personal data shall be adequate, relevant and limited to what is necessary to the purposes for which they are processed and not excessive.

    4. Personal data shall be accurate and where necessary, kept up to date.

    5. Personal data shall be kept in a form that permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

    6. Personal data shall be processed in a manner that ensures appropriate security of the personal.

    Duties

    Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of data protection.

    Data Controllers have a General Duty of accountability for personal data.

    Commitment

    The school is committed to maintaining the principles and duties in the GDPR at all times. Therefore, the school will:

    • Inform individuals of the identity and contact details of the data controller.

    • Inform individuals of the contact details of the Data Protection Officer.

    • Inform individuals of the purposes that personal information is being processed and the lawful basis for doing so.

    • Inform individuals when their information is shared, and why and with whom unless the GDPR provides a reason not to do this.

    • If planning to transfer personal data outside the UK or EEA, inform individuals and provide them with details of where they can obtain details of the safeguards for that information.

    • Inform individuals of their data subject rights.

    • Inform individuals that the individual may withdraw consent (where relevant) and that if consent is withdrawn that the school will cease processing their data although that will not affect the legality of data processed up until that point.

    • Provide details of the length of time an individual's data will be kept.

    • Inform data subjects and (if necessary) seek consent, and ensure that new purposes are fair and lawful, should the school decide to use personal data for a different purpose to that for which it was originally collected.

    • Check the accuracy of the information it holds and review it at regular intervals.

    • Ensure that only authorised personnel have access to the personal information whatever medium (paper or electronic) it is stored in.

    • Ensure that clear and robust safeguards are in place to ensure personal information is kept securely and to protect personal information from loss, theft and unauthorised disclosure, irrespective of the format in which it is recorded.

    • Ensure that personal information is not retained longer than it is needed.

    • Ensure that when information is destroyed that it is done so appropriately and securely.

    • Share personal information with others only when it is legally appropriate to do so.

    • Ensure that proper assessments are completed prior to sharing personal data with third parties, or when encouraging individuals to provide data to third parties directly.

    • Comply with the duty to respond to requests for access to personal information (known as Subject Access Requests).

    • Ensure that personal information is not transferred outside the UK or EEA without appropriate safeguards.

    • Ensure that all staff and governors are aware of and understand these policies and procedures.

    Complaints

    Complaints will be dealt with in accordance with the school's complaints policy. Complaints relating to the handling of personal information may be referred to the Information Commissioner who can be contacted at Wycliffe House, Water Lane Wilmslow Cheshire SK9 5AF or at www.ico.gov.uk

    Review

    This policy will be reviewed as appropriate, but no less frequently than every 3 years. The policy review will be undertaken by the Data Protection Officer, Head teacher, or nominated representative, in consultation with governors.

    Contacts

    If you have any enquires in relation to this policy, please contact the Senior Admin Officer who will also act as the contact point for any complaints.

    Approved by Governing body

    October 2023

    Date of next review

    October 2024

    Request a printed version

    You can request a printed version of any online document by emailing our school office.