Data Protection Statement for School Websites Nov 2019
Our Data Protection Promise
In May 2018 the European Union introduced the General Data Protection Regulation (the GDPR) in all of it’s member states, followed by the UK Government’s Data Protection Act (2018). These acts of law mean that as an organisation that processes and manages large amounts of personal data (such as names, dates of birth, addresses, test results, medical information etc) we have a legal duty to manage it with great care. As a school we can assure you that we have carefully designed processes and systems to safeguard your child’s data during their time with us. Our staff regularly undergo data management training and we are regularly reviewed and supported by our Data Protection Officer (DPO).
Our Data Protection Officer is Colin Bellis.
He can be contacted at :
T : 01704 320510
A : Illuminate Education Services UK Ltd, 93 Lexton Drive, Southport, Merseyside, PR9 8QN.
The GDPR establishes certain rights in relation to those whose data we hold. As a Trust, these rights are applicable to those holding parental responsibility for any child who attends one of our academies. Two of the main rights are the right to (a) request a review of any data we hold on your child – a Subject Access Request – and (b) the right to have any incorrect data put ‘right’ – a Data Amendment Request. If you would like to request either of these to be undertaken, please download the relevant form below OR collect one from the school office. Once completed, you can either hand it back into the school office or send it directly to Illuminate Learning ltd. The DPO can offer help and guidance on these requests.
As the GDPR places on us a significant set of requirements, giving the full detail here is not possible. However, copies of the policies and documents we work with can be downloaded by following the links below. Here you can find a full explanation of the GDPR and how it applies to us as a school. You can also download relevant forms and guidance.
Our Data Protection Updates
When parents register their child for our school, we provide them with a Data Protection Statement and Acknowledgement. This outlines all the data we process, the reason why we have it, how long we keep it for and what happens to it when we’ve finished with it.
However, as time goes by there are occasions when we need to notify parents of additional processing ‘events’. We have undertaken to publish these changes here (below), rather than to go back and get every parent / guardian to sign the agreement again.
Please remember that those with parental responsibility have the right to stop our processing of data at any time (*), so if you have any questions about these additional data notifications then please do not hesitate to contact either our DPO or your child’s academy.
(*) This does not apply to data we are legally required to hold and process
Data Sharing Notification : 23rd November 2019
In line with our published policy, we hereby notify parents / guardians of the following addition / change / amendment to our data (privacy) statement :
The addition of :
|Aspect||Nature of Material||Where It Appears||Why We Have It||Who It Can Be Accessed By||Limitations|
|Annual School Photographs Taken By External Company||Photographs of Pupils :
In Family Groups
Posts of Responsibility
Data Shared Will Include Name, Pupil Number etc.
|Posts of Responsibility Are Around School On Display Boards
Information Is Shared With Contracted Company, Who Use It To Identify Pupils In Images Taken
|To Identify Pupils With Specific Responsibilities
To Add Photographs To Pupil Records Held On Pupil Management System (SIM’s)
To Record A Child’s Time In School
|Parents Are Provided With Photographs To Purchase (If Wanted)
Any Staff Member With Access To Our Pupil Management System (SIM’s)
|Only Relevant Photographs Will Be Used In School
Only Relevant / Required Data Will Be Provided To External Company
GDPR Statement of Compliance Will Be Required From the Relevant company
Updated November 2019