Close

Privacy Policy

The Southfield Trust Privacy Notice for Staff, Governors, Trustees and Volunteers

The Southfield Trust

Privacy Notice

(How we use school workforce information)

Introduction

 

The General Data Protection Regulation (GDPR) was introduced in May 2018.

This Privacy Notice describes how the Trust gathers and processes the personal data of staff, Trustees and volunteers at the Trust (Workforce). The Trust is a ‘data controller’ and must comply with the Data Protection regulations.

 

The processing of personal information by the Trust is predominantly for employment purposes and the effective support of Trustees and volunteers. The processing assists in the running of the Trust and contributes to local and national planning.  

 

What information is processed?

Whilst the majority of information you provide is mandatory, some of it is provided to the Trust on a voluntary basis. In order to comply with data protection legislation, the Trust will inform you whether you are required to provide certain Trust workforce information to us or if you have a choice in this.

The categories of workforce information gathered and processed include:

  • personal information (name, contact details, employee reference, national insurance number)
  • special categories of data including characteristics information such as gender, age, ethnic group, union membership
  • contract information (job title, responsibilities and salary information) 
  • payroll information (tax code, timesheets, expenses, pension, sick pay, memberships)
  • absence from work (number of absences and reasons)
  • qualifications and recruitment information (subject qualifications, references, employment checks, interview records and references)
  • medical information (GP information, health data, disabilities, allergies, workplace assessments, accident records)
  • DBS registrations information
  • performance management data, appraisals, disciplinary, grievance and training data
  • digital footprint from use of communication and IT equipment
  • next of kin name & contact details
  • photographs, CCTV, video and audio recordings

 

In addition, Trustee data will include:

  • governance details such as; role, start and end dates, including the date of resignation and governor ID
  • pecuniary and non-pecuniary interests, including business interests, other governance positions and any relationships with staff or other trustees. This is required for a register of interests published on the Trust website
  • meeting attendance data to be published on the Trust website
  • the committees and panels that you serve on and the link area of responsibility you have
  • information related to your appointment, such as a work or personal reference
  • personal information provided as a biography to be published on the website

 

What is the information used for?

The information gathered is used to:

  • keep staff, Trustees and volunteers safe
  • enable staff to be paid and contractual obligations fulfilled
  • support staff health and medical emergencies and record absence
  • maintain the quality of workforce data in the sector
  • enable effective performance management and training needs
  • support the development of recruitment and retention policies
  • enable accurate financial modelling and planning
  • fulfil statutory obligations under legislation (the Equality Act 2010, Keeping Children Safe in Education (KCSIE), Safeguarding Vulnerable Groups Act 2006, Health and Safety at Work Act 1974, Equality Act (Gender Pay Gap Information) Regulations 2017, Education (Health Standards) (England) Regulations 2003, Immigration, Asylum and Nationality Act 2006, Immigration Act 1971, Education and Skills Act 2008

 

What is the legal basis for the processing?

 

The Trust processes workforce data under the following legal bases:

Contract - to meet the contractual obligations with its workforce during the recruitment process and following employment.

Legal Obligation – to record, process and share data regarding its workforce to comply with employment law. This includes the legal duty to process governance information in respect to Trustees.

Public Interest – where processing is required in the performance of a task in the public interest.

Consent – where another legal basis is not already present, consent will be requested before processing personal data. Consent may be withdrawn at any time.

 

How long is data held?

Workforce data is held in accordance with the Trust’s Retention Schedule. This is normally seven years from the date of leaving employment with the Trust, but in some instances (such as Asbestos exposure) this may be longer when a legal basis is present.

 

Who is the information shared with?

We do not share information about workforce members with anyone without consent unless the law and our policies allow us to do so.

Workforce data is shared with:

  • The local Authority to support the management of workforce data across the County (section 5 of the Education - Supply of Information about the School Workforce - (England) Regulations 2007 and amendments)
  • The Department for Education (DfE) and regulatory bodies such as Ofsted
  • Payroll and personnel service providers
  • Training, catering, occupational health providers
  • Professional bodies, trade unions and associations

We are required to share information about our workforce with the DfE under section 5 of the Education (Supply of Information about the School Workforce) (England) Regulations 2007 and amendments. This data sharing underpins workforce policy monitoring, evaluation and links to school funding/expenditure and the assessment of educational attainment.

The department has robust processes in place to ensure that the confidentiality of personal data is maintained and there are stringent controls in place regarding access to it and its use.

 

In addition, Trustee data is shared with:

  • Trust auditors
  • Companies House
  • the Local Authority Governor’s database
  • the Department for Education (DfE) and regulatory bodies such as Ofsted
  • Other Board members
  • On our Trust website

 

Keeping your personal information safe

The Trust has appropriate security measures in place to prevent personal information being accidentally lost or accessed in an unauthorised way. The Trust limits access, via tiered levels of security access, to personal information to those individuals with a genuine need to processes it.

Those processing personal data will do so only in accordance with Trust policies and procedures, and subject to a duty of confidentiality.

The Trust has procedures in place to deal with any suspected data security breach. The Trust will work with its Data Protection Officer and any applicable regulator (such as the Information Commissioners’ Office), in the event of a suspected data security breach.

 

How can I access my data?

Data protection legislation gives individuals specific rights, which include the right to access their data. The Trust has an Individual Rights Request Form that it will use to support individuals to access their information. To make a request for your personal information, please contact Sue Ripley, School Business Manager.

The other rights allow individuals to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • have inaccurate personal data rectified
  • to restrict or erase information that no longer has a legal basis to be held

 

In some circumstances, where a legal reason exists, the Trust may decline a request by an individual about their data. In this case an explanation will be provided as to why the Trust is unable to support the request.

 

Data Protection Officer

The Trust has appointed an independent Data Protection Officer as its DPO.

The Data Protection Officer is Roger Simmons and may be contacted via email at rsimmonsltd@gmail.com and via telephone on 07704 838512.

However, please contact the Trust in the first instance if you have a query regarding this Privacy Notice or how your information is used.

 

Further information about the Principles of GDPR, the Rights of Individuals and the legal basis for processing data is available in the Trust’s Data Protection and Information Security Policy.

 

 

The Southfield Trust Privacy Notice for Pupils and Parents/Carers

Introduction

The General Data Protection Regulation (GDPR) was introduced in May 2018. This Privacy Notice describes how the Trust gathers and processes personal data relating to parents and pupils in its role as a ‘data controller’ under Data Protection legislation.

The processing of personal information by the Trust is predominantly for the statutory provision of education in a safe environment. The processing assists in the provision of the pupil’s education and in the safeguarding and welfare of that child.

 

What information is processed?

The Trust gathers information from other schools, local authorities, Department for Education, other public bodies and from parents / carers.

The categories of pupil and parent data collected and processed include:

  • personal information of pupil and parent/carer (name, contact details, age, unique pupil number, identification)
  • protected characteristics (ethnicity, language, nationality, country of birth and eligibility for free school meals)
  • attendance record (sessions attended, absences and absence reasons)
  • relevant medical or dietary information (doctor information, medical conditions allergies, medication and dietary requirements)
  • special educational needs and disability information
  • behavioural information (rewards, sanctions, exclusions)
  • safeguarding information (court orders and involvement of other professionals)
  • any support received from social services
  • school test and exam results
  • video and audio recordings, including CCTV images

 

What is the information used for?

The information is required so that the Trust can provide pupils with an education and to keep them safe. The Trust must also comply with other legal obligations.

 

The data is used to:

  • keep pupils safe
  • meet the Trust’s statutory duties
  • monitor and report on pupil progress
  • support pupil learning
  • provide pastoral care and support
  • assess the quality of the Trust’s teaching and learning
  • meet statutory requirements for the sharing of pupil data
  • provide effective catering services
  • provide payment and booking systems for catering, photographs, activities and trips
  • celebrate achievement (within the Trust community through newsletters and website, with the wider community through press releases and social media – subject to the appropriate consent)

 

What is the legal basis for the processing?

The Trust processes pupil and parent data to meet the statutory obligation to provide education to the pupil in a safe environment. The legal basis for processing parent and pupil data is detailed below:

 

Legal Obligation – school admission, sharing data with the DfE and the Local Authority, special educational needs and keeping children safe in education.

Public Task – sharing of data with other schools in support of education and transition, monitoring of attendance and behaviour, use of online learning applications and tools to support the administration of the Trust and the learning of pupils, use of CCTV to protect parents and pupils.

 

Consent – where another legal basis is not already in place, such as Trust photographs, video and audio recordings, healthcare plans and the external sharing of personal information. Consent is gathered from parents and can be withdrawn at any time.

Legitimate Interest – such as contact with parents to provide important information, the gathering of financial information to provide appropriate catering and activities.

 

How long is personal data held?

 

Pupil data is held in accordance with the Trust’s Retention Schedule. Pupil data is normally transferred between schools when a pupil joins or leaves the Trust. In some instances (such as accident reports) information may be held longer when a legal basis is present. The Retention Schedule identifies how long personal data is held by the Trust for all processing activities.

 

Who is the information shared with?

When we share information with others, we make sure it is kept safe and secure, following the requirements set out in law. We share information with organisations so that we can provide the best education to pupils and enable access to services that support the family.

Individual data is shared with:

  • the next school that the pupil joins, for the on-going continuity of education
  • East Sussex County Council, for the monitoring and improvement of educational standards
  • the Department for Education (DfE) and the National Pupil Database, for the evaluation of educational attainment, funding and policy development at a National level
  • the School Nurse, for the monitoring of pupil health
  • catering provider, for the provision of meals
  • the providers of educational software, for the support and improvement of educational standards
  • parental communication tools
  • Police, Social Services and other appropriate professional groups

 

How can I access my data?

Data protection legislation gives individuals specific rights, which include the right to access their data. The Trust has an Individual Rights Request Form in place that supports individuals to access their rights over their personal data. To make a request for your personal information,or to exercise any of your individual rights, please contact Sue Ripley, School Business Manager.

The other rights allow individuals to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • have inaccurate personal data rectified
  • to restrict or erase information that no longer has a legal basis to be held

 

In some circumstances, where a legal reason exists, the Trust may decline a request by an individual about their data. In this case an explanation will be provided as to why the Trust is unable to support the request.

 

Data Protection Officer

The Trust has appointed an independent Data Protection Officer as its DPO.

The Data Protection Officer is Roger Simmons and may be contacted via email at rsimmonsltd@gmail.com and via telephone on 07704 838512.

 

However, please contact the Trust in the first instance if you have a query regarding this Privacy Notice or how your information is used.

 

Further information about the Principles of GDPR, the Rights of Individuals and the legal basis for processing data is available in the school’s Data Protection and Information Security Policy.

Visit our SchoolsView All Schools

The Lindfield School

Visit School

Hazel Court

Visit School

South Downs School

Visit School

Summerdown School

Visit School

The Southfield Centre

Visit School
Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×