Data Protection
William Farr CofE Comprehensive School (“the School”) takes data protection and its obligations with regard to data protection seriously.
The Regulation (Data Protection Act 2018) puts in place numerous safeguards for the use of data about individuals, known as personal data. The data protection principles set out the main responsibilities for organisations.
The School has a statutory duty to comply with the requirements of the Data Protection Act as it collects data about students and adults connected with the school for the purpose of conducting school business. The School is a Data Controller for the purposes of the Data Protection Act 2018 and the General Data Protection Regulation (together “Data Protection Law”) and is registered with Information Commissioner’s Office (“ICO”). Our registration number is Z2514765. This section of the school website provides information on how the School uses (“processes”) personal data about individuals (together “data subjects”).
All of the information we hold on individuals follows six key principles:
- Fair, lawful and transparent
- Collected for specified, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary
- Accurate and, where necessary, kept up to date
- Kept in a form which permits identification for no longer than is necessary
- Processed in a manner that ensures appropriate security
The school has a privacy notice explaining how information is collected and processed.
Information about your rights under Data Protection Act 2018 can be found on the Information Commissioner’s Office website at this link.
The School’s Compliance Officer acts as the School’s Data Protection Manager and is available to contact on any Data Protection issue by emailing: dataprotection@williamfarr.lincs.sch.uk
Personal Data
Personal data is data relating to a living individual who can be identified from that information or from that data and other information in the School’s possession (for example: name, address, telephone number). It can also include expressions of opinions about an individual. Sensitive or special category personal data relates to racial or ethnic origin, political opinions, religious beliefs, trade union membership, health, sex life, criminal convictions. Personal data concerning disability is sensitive data.
In order to carry out its ordinary duties to staff, pupils and parents, the school needs to process a wide range of personal data about individuals (including current, past and prospective staff, pupils or parents) as part of its daily operations. Dependent on the nature of the School’s relationship with the data subject, there will be different reasons and purposes for the school processing your personal data, the types of data held, how the data is collected, the legal basis for processing the data, who has access to the data, who the data is shared with, the retention period for that data, and the specific subject rights with regard to that data.
Privacy Notices
For ease of reference and understanding, the School has produced different Privacy Notices for the different categories of individuals it deals with. These can be accessed below.
Your Rights and Contact Details
All data subjects have certain rights under Data Protection Law, including a right to be given access to data held about them by a data controller. Other rights will be dependent on the nature of the information given and are more fully explained in the privacy notices below.
If you have any concerns about the School’s handling of your personal data, please contact the School’s Data Protection Manager on dataprotection@williamfarr.lincs.sch.uk. You can also find details of your rights under Data Protection Law at: www.ico.org.uk.
Your Rights under Data Protection Legislation
As a school, we aim to be open and transparent with data. However, we must also protect the individual and their right for their data to be held securely.
Individuals have a range of rights with any organisation that holds personal data under the UK General Data Protection Regulation (UK GDPR). The rights are not absolute. Exemptions can be applied where appropriate.
You can read a guide to individual rights under UK GDPR on the Information Commissioner's Office (ICO) website.
The most used Right is the right to ask an organisation whether it is using or storing your personal information and ask for copies of it. This is called the Right of access and is commonly known as making a Subject Access Request or SAR. If you do need access to the data that we hold, and you cannot currently access it through the school’s management information system (Bromcom), then please follow the advice from the Information Commissioner's Office. You will also find a template for a Subject Access Request on the website. This information is available from this link.
Due to the nature of accessing the data we hold on you, and depending on how much data you request, this can take time, taking staff off their normal roles and responsibilities and, therefore, this does need to be taken into consideration. Requests, therefore, can take up to 30-days, but in extreme circumstances can take up to 90-days. Please bear this in mind when requesting personal data.
Under UK GDPR, you can also ask the School to:
- Amend personal data that is inaccurate. (Right to rectification).
- Erase personal data that we hold. This right is only applicable in certain situations. (Right to be forgotten).
- Restrict how personal data is used. This right is only applicable in certain situations. (Right to restriction).
- Object to the way we use your personal data. This right is only applicable in certain situations. (Right to objection).
- Provide you with your personal data so you can move it to a new provider. This right is only applicable in certain situations. (Right to data portability).
To exercise any of your data subject rights please contact dataprotection@williamfarr.lincs.sch.uk
If you exercise a Right under UK GDPR, we will keep a record of the correspondence with you. We do this to meet our legal obligations, to check compliance, and to monitor demand.