Privacy Policy

 

Privacy Notice
for
Broomhill Bank School

Privacy Notice – How we use Student information

 Why do we collect and use student information?

We at Broomhill Bank School collect and use Student information under section 537A of the Education Act 1996, and section 83 of the Children Act 1989.  We also comply with Article 6(1)(e) and Article 9(2)(b) of the General Data Protection Regulation (GDPR).

We use the Student data:

  • to support Student learning
  • to monitor and report on Student progress
  • to provide appropriate pastoral care
  • to assess the quality of our services
  • to comply with the law regarding data sharing
  • to support you to decide what to do after you leave school

 

 Categories of Student information that we collect, hold and share include: 

  • Personal information (such as name, unique Student number and contact details)
  • Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility)
  • Attendance information (such as sessions attended, number of absences and absence reasons)
  • National curriculum assessment results
  • Special educational needs information
  • Relevant medical information

 

Collecting Student information

Whilst the majority of Student information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain Student information to us or if you have a choice in this.

 Storing Student information

Broomhill Bank School keeps information about you on computer systems and also sometimes on paper.  

We hold your education records securely and retain them from your date of birth until you reach the age of 25, after which they are safely destroyed.

There are strict controls on who can see your information.  We will not share your data if you have advised us that you do not want it shared unless it is the only way we can make sure you stay safe and healthy, or we are legally required to do so. 

 Who do we share Student information with?

We routinely share Student information with:

  • Schools or colleges that the Students attend after leaving us
  • Our local authority (Kent County Council) and their commissioned providers of local authority services
  • The Department for Education (DfE)
  • NHS & Social Services
  • The Students family and representatives
  • Educators and examining bodies
  • Our regulator (Ofsted)
  • Suppliers and service providers – to enable them to provide the service we have contracted them for
  • Financial organisations
  • Central and local government
  • Our auditors
  • Survey and research organisations
  • Professional advisers and consultants
  • Police forces, courts, tribunals
  • Professional bodies

We may also share limited Student data with local schools to enable the moderation of Student assessment outcomes and to support collaborative working through joint analysis.

 

 

Bbslogo

Broomhill Bank School

Privacy Notice (How we use workforce data)

  1. Introduction

Under UK data protection law, individuals have a right to be informed about how our school uses any personal data that we hold about them. We comply with this right by providing ‘privacy notices’ (sometimes called ‘fair processing notices’) to individuals where we are processing their personal data.

This privacy notice explains how we collect, store and use personal data about individuals we employ, or otherwise engage, to work at our school.

We, Broomhill Bank School, are the ‘data controller’ for the purposes of data protection law.

Our data protection officer is  Eileen Andrade, Director of Business Estates and Communication

 

  1. The personal data we hold

We process data relating to those we employ, or otherwise engage, to work at our school. Personal data that we may collect, use, store and share (when appropriate) about you includes, but is not restricted to:

  • Contact details
  • Date of birth, marital status and gender
  • Next of kin and emergency contact numbers
  • Salary, annual leave, pension and benefits information
  • Bank account details, payroll records, National Insurance number and tax status information
  • Recruitment information, including copies of right to work documentation, references and other    information included in a CV or cover letter or as part of the application process
  • Qualifications and employment records, including work history, job titles, working hours, training records and professional memberships
  • Safeguarding information, DBS number, Disqualification by Association information
  • Performance information
  • Outcomes of any disciplinary and/or grievance procedures
  • Absence data,
  • Copy of driving license and car registration
  • Photographs
  • CCTV images.

 

We may also collect, store and use information about you that falls into "special categories" of more sensitive personal data. This includes information about (where applicable):

  • Race, ethnicity, religious beliefs and sexual orientation
  • Health, including any medical conditions, sickness records and disability status
  • Photographs and CCTV images captured in school.

We may hold data about you that we have received from other organisations, including other schools and social services, the Disclosure and Barring Services in respect of criminal offences data / we collect, use, store and share (where appropriate) information about criminal convictions and offences.

 

3.Why we collect and use this data

We use the data listed above to:

  1. Enable the development of a comprehensive picture of the workforce and how it is deployed
  2. Inform and improve the management of workforce data across the sector
  3. Inform our recruitment and retention policies
  4. Enable individuals to be paid
  5. Enable monitoring of selected protected characteristics
  6. Facilitate safe recruitment, as part of our safeguarding obligations towards students
  7. Support effective performance management
  8. Inform the development of recruitment and retention policies
  9. Allow financial audits and conduct better financial modelling and planning
  10. Fulfil our duty of care towards our staff
  11. Enable equalities monitoring.
  12. Enable sickness monitoring
  13. Support pension payments and calculations
  14. Enable leave payments (such as sick pay and maternity leave)

 

3.1 Under the UK General Data Protection Regulations (UK GDPR), the legal basis we rely on for processing personal information for general purposes

We do not share information about workforce members with anyone without consent unless the law and our policies allow us to do so. We only collect and use personal information about you when the law allows us to. Most commonly, we use it where we need to:

  • Fulfil a contract we have entered into with you
  • Comply with a legal obligation
  • Carry out a task in the public interest

 

Less commonly, we may also use personal information about you when:

  • You have given us consent to use it in a certain way
  • We need to protect your vital interests (or someone else’s interests).

Where you have provided us with consent to use your data, you may withdraw this consent at any time. We will make this clear when requesting your consent and explain how you go about withdrawing consent if you wish to do so.

Some of the reasons listed above for collecting and using personal information about you overlap, and there may be several grounds which justify the school’s use of your data.

 

 

3.2 Use of your personal data in automated decision making and profiling

We do not currently process any staff members’ personal data through automated decision making or  profiling. If this changes in the future, we will amend any relevant privacy notices in order to explain the processing to you, including your right to object to it.

3.3 Use of your personal data for filtering and monitoring purposes

While you’re in our school, we may monitor your use of our information and communication systems,   equipment and facilities (e.g. school computers). We do this so that we can:

  • Comply with health and safety and other legal obligations
  • Comply with our policies (e.g. child protection policy, IT acceptable use policy) and our legal obligations
  • Keep our network(s) and devices safe from unauthorised access, and prevent malicious    software from harming our network(s)
  1. Our lawful basis for processing your personal data Article 6 (1) (A to F)

As an employee of the school, your personal information is processed (created, stored and transmitted) in a variety of paper and electronic formats by the school in accordance with the provisions of the current data protection law.

The UK GDPR provides six different lawful bases for public authorities to process personal data and organisations like Broomhill Bank School must outline which lawful basis it allows it to process your personal data. No one basis is ‘better’ or more important that the other and Broomhill Bank School must have a lawful basis for doing so.

We will only your personal data where we have one of the 6 ‘lawful bases’ (legal reasons) to do so under data protection law:

  • The data needs to be processed so that the school can fulfil a contract with the individual, or the individual has asked the school to take specific steps before entering into a contract
  • The data needs to be processed so that the school can comply with a legal obligation
  • The data needs to be processed to ensure that vital interests of the individual or another person i.e. to protect someone’s life
  • The data needs to be processed so that the school, as a public authority, can perform a task in the public interest or exercise its official authority
  • The data needs to be processed for the legitimate interests of the school (where the processing in not for any tasks the school performs as a public authority) or a third party, provided the individual’s rights and freedom are not overridden
  • The individual has freely given clear consent

Where you have provided us with consent to use your data, you may withdraw this consent at any time. We will make this clear when requesting your consent, and explain how you would go about withdrawing consent, if you wish to do so.

 

4.1 Our lawful basis for using special category data Article 9 (2) (A to J)

For ‘special category’ data of personal data, we will also meet one of the special category conditions for processing under data protection law:

  • The data has been obtained through your explicit consent to use your personal data in a certain way
  • The data needs to be processed to perform or exercise obligations or rights in relation to employment, social security or social protection law
  • The data needs to be processed to ensure the vital interests of the individual or another person, where the individual is physically or legally incapable of giving consent
  • The data has already been made manifestly public by the individual
  • The data needs to be processed for the establishment, exercise or defence of legal claims
  • The data needs to be processed for reasons of substantial public interest as defined in legislation
  • The data needs to be processed for reasons of health or social care purposes, and the processing is done by, or under the direction of, a health or social work professional or by any other person obliged to confidentiality under law
  • The data needs to be processed for public health reasons, and the processing is done by, or under the direction of, a health professional or by any other person obliged to confidentiality under law
  • The data needs to be processed for archiving purposes, scientific or historical research purposes, or for statistical purposes, and the processing is in the public interest.

 

For criminal offence data, we will only collect and use it when we have both a lawful basis, as set out above, and a condition for processing as set out in UK data protection law. Conditions include:

  • The individual has given consent to use it in a specific way
  • The data needs to be processed to ensure the vital interests of the individual or another person, where the individual is physically or legally incapable of giving consent
  • The data has already been made manifestly public by the individual
  • The data neds to be processed for or in connection with legal proceedings, to obtain legal advice, or for the establishment, exercise or defence of legal rights
  • The data needs to be processed for reasons of substantial public interest as defined in legislation.

 

Whenever we first collect personal data directly from individuals, we will provide them with the relevant information required by data protection law.

We will always consider the fairness of our data processing. We will ensure we do not handle personal data in ways that individuals would not reasonably expect or use personal data in ways which have unjustified effects on them.

4.2 The categories of school information that we process include:

  • Personal information (such as Teacher number, HCPC number, name, employee or national insurance number)
  • Characteristics information (such as gender, age, ethnic group)
  • Contract information (such as start date, hours worked, post, roles and salary information)
  • Work absence information (such as number of absences and reasons, medical letters)
  • Qualification (and, where relevant, subjects taught).

 

5.Collecting this data

While the majority of information we collect about you is mandatory, there is some information that can be provided voluntarily.

Whenever we seek to collect information from you, we make it clear whether you must provide this information (and if so, what the possible consequences are of not complying), or whether you have a choice.

Most of the data we hold about you will come from you, but we may also hold data about you from:

  • Local authorities
  • Government departments or agencies
  • Police forces, courts, tribunals

 

6.How we store this data

We keep personal information about you while you work at our school. We may also keep it beyond your employment at our school if this is necessary. Our record retention schedule/records management policy sets out how long we keep information about staff. We will hold your personal information for 6 years in line with KCC’s personnel retention record keeping guidelines. However, we may keep it beyond your employment at our school if this is necessary.

If you wish to receive a copy of the policy, please email Personnel@broomhill-bank.kent.sch.uk

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

  • We create and maintain a Staff employment file for each staff member: one is paper based, and one is electronic
  • The information contained in this file is kept secure, paper files are kept in a secure locked filing cabinet which has a coded door. The electronic file is accessible by the HR team and the Executive Headteacher only. These files are only used for purposes directly relevant to your employment.

Once your employment with us has ended, we will store your personnel paper files in a locked cabinet in a secure location and we will archive your electronic files. We will then dispose of your personal data securely when we no longer need it and in keeping with the Records Management Policy and KELSI Retention Schedule

 

  1. Who we share data with

We do not share information about you with any third party without your consent unless the law and our policies allow us to do so.

Where it is legally required, or necessary (and it complies with the UK General Data Protection Regulation, otherwise known as the UK GDPR) we may share personal information about you with:

  • Our local authority, Kent County Council, management information, financial services, Cantium payroll services, to meet a legal obligation
  • Our regulator, Ofsted, to meet a legal obligation
  • The Department for Education, to meet a legal obligation
  • Our auditors, to meet a legal obligation
  • Cabinet Office – National Fraud Initiative, for the purposes of assisting the prevention and detection of fraud, under a legal obligation
  • Police forces, courts, tribunals, to meet a legal obligation
  • Health and social welfare organisations, to meet a legal obligation
  • Educators and examining bodies, to fulfil a contract
  • Professional advisors and consultants, to fulfil a contract
  • Suppliers and service providers – to enable them to provide the services we have contracted them for, to meet legal obligations under health and safety
  • Your family or representative with written consent, to protect your vital interests

 

8. Why we share school workforce information

We do not share information about our workforce members with anyone without consent unless the law and our policies allow us to do so.

8.1       Department for Education

We are required to share information about our school employees with the Department for Education (DfE) under section 5 of the Education (Supply of Information about the School Workforce) (England) Regulations 2007 and amendments: www.gov.uk/education/data-collection-and-census-for-school.

The Department of Education (DfE) collects personal data from educational settings and local authorities via various statutory data collections. We are required to make a statutory return under 113 and 114 of the Education Act 2005.

8.2       Data collection requirements

If you would like to get a copy of the information about you that Kent County Council (KCC) shares with the DfE or how they use your information, please contact the Information Resilience and Transparency Team at data.protection@kent.gov.uk.

For further information visit https://www.kent.gov.uk/about-the-council/about-the-website/privacy-statement

To find out more about the data collection requirements placed on us by the Department for Education including the data that we share with them, go to:

https://www.gov.uk/education/data-collection-and-censuses-for-schools.

To find out more about the staff information we share with the DfE, for the purpose of data collections, go to https://www.gov.uk/education/school-workforce-censuses

 For more information about the DfE’s data sharing process, please visit:

https://www.gov.uk/data-protection-how-we-collect-and-share-research-data

 

9. How government uses your data

The workforce data that we lawfully share with the DfE through data collections:

  • Informs departmental policy on pay and the monitoring of the effectiveness and diversity of the school workforce
  • Links to school funding and expenditure
  • Supports ‘longer term’ research and monitoring of educational policy.

9.1       Sharing by the department

The DfE may share information about school employees with third parties who promote the education or well-being of children or the effective deployment of school staff in England by:

  • conducting research or analysis
  • producing statistics
  • providing information, advice or guidance

 

The DfE has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:

  • who is requesting the data
  • the purpose for which it is required
  • the level and sensitivity of data requested: and
  • the arrangements in place to store and handle the data

 

To be granted access to school workforce information, organisations must comply with its strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.

All data is transferred securely and held by DfE under a combination of software and hardware controls which meet the current government security policy framework.

 

9.2 How to find out what personal information DfE hold about you

Under the terms of the Data Protection Act 2018, you are entitled to ask the Department:

  • If they are processing your personal data
  • For a description of the data that they hold about you
  • The reasons they are holding it and any recipient it may be disclosed to
  • For a copy of your personal data and any details of its source.

 

If you want to see the personal data held about you by the Department, you should make a ‘subject access request’.  Further information on how to do this can be found within the Department’s personal information charter that is published at the address below:

https://www.gov.uk/government/organisations/department-for-education/about/personal-information-charter

To contact the department: https://www.gov.uk/contact-dfe.

10. Your rights

10.1     Requesting access to your personal data

Under UK data protection law, you have the right to make a ‘subject access request’ to gain access to personal information we hold about you. To make a ‘subject access request’ please contact Eileen Andrade – Director of Business, Estates and Communication the schools Data Protection Officer.

If you make a subject access request, and if we do hold information about you, we will (subject to any exemptions that may apply):

  • Give you a description of it
  • Tell you why we are holding and processing it, and how long we will keep it for
  • Explain where we got it from, if not from you
  • Tell you who it has been, or will be, shared with
  • Give you a copy of the information in an intelligible form.

 

You may also have the right for your personal information to be transmitted electronically to another organisation in certain circumstances. If you would like to make a request, please contact Eileen Andrade.

 

10.2     Your other rights regarding your data:

  • To ask us for access to information about you that we hold
  • To have your personal data rectified, if it is inaccurate or incomplete
  • To request the deletion or removal of personal data where there is no compelling reason for its continued processing
  • To restrict our processing of your personal data (i.e. permitting its storage but no further processing)
  • To object to direct marketing (including profiling) and processing for the purposes of scientific/historical research and statistics
  • Not to be subject to decisions based purely on automated processing where it produces a legal or similarly significant effect on you
  • In certain circumstances, be notified of a data breach
  • Make a complaint to the Information Commissioner’s Office.

If you have a concern about the way we are collecting or using your personal data, we ask that you raise your concern with Eileen Andrade in the first instance.

Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/

For further information on how to request access to personal information held centrally by DfE, please see the ‘How Government uses your data’ section of this notice.

11. Complaints

We take any complaints about our collection and use of personal information very seriously.

Where we are processing your personal data with your consent, you have the right to withdraw that consent. If you change your mind, or you are unhappy with our use of your personal data, please let us know by contacting Eileen Andrade at eandrade@broomhill-bank.kent.sch.uk

If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance.

Alternatively, you can make a complaint to the Information Commissioner’s Office:

  • Report a concern online at https://ico.org.uk/make-a-complaint/
  • Call 0303 123 1113
  • Or write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

11.1     Contact

If you have any questions, concerns or would like more information about anything mentioned in this privacy notice, please contact our data protection officer:

 

12. Last updated

We may need to update this privacy notice periodically, so we recommend that you revisit this information from time to time.

This version was last updated on August 2024

Approved by the Resources Committee

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×