This notice is intended to explain how and why the school collects personal information and what it does with that data. It also explains the decisions that individuals can make about their own data.
Why does the School collect and use Data?
Personal Information is information that identifies someone as an individual and relates to them. Lingfield College’s primary reasons for using this information are to provide educational services and to promote students’ welfare. The School uses data for the following reasons:
- to support students’ education
- to monitor and report on progress
- to provide appropriate pastoral care
- to keep student safe if they are at risk of harm
- to assess the quality of the education students receive
- to help students decide what to do after leaving school
- to comply with the law regarding data sharing
Lingfield College collects and uses pupil data under section 537A of the Education Act 1996 and section 83 of the Children Act 1989. The school also complies with Article 6(1)(e) and Article 9(2)(b) of the General Data Protection Regulation (GDPR).
What Data does Lingfield College hold?
Lingfield College keeps information on computer systems and on paper. The school must make sure that this data is up to date and relevant, not excessive. The types of data that the school collects, holds and may share include:
- Assessment Information
- Attendance Information
- Behaviour Information
- Characteristics (such as ethnicity, language, nationality, country of birth)
- Destinations after Lingfield College (a student’s next school, university or college)
- Financial Information
- Images (CCTV, photographs or videos)
- Medical Information
- Personal Information (names, contact details, email addresses)
- Safeguarding Information
- SEND Information
How does Lingfield College store Data?
The law states that the school must hold students’ education records securely until they reach the age of 25, after which they are safely destroyed. Child Protection and SEND files may be stored for longer with sufficient reason.
Who does the School share Data with?
There are strict controls on who can see personal information. The school will not share data if an individual has refused to give their consent unless it is the only way that a child’s welfare can be guaranteed, or there is a legal requirement to do so. Please see the Data Protection Policy on the school website for further details.
In specific circumstances, Lingfield College will share information with the following bodies:
- The Department for Education (DfE)
- Schools, Colleges and Universities that students attend after leaving Lingfield (References)
- The Local Authority, Surrey County Council, and their providers of local authority services:
- Surrey, Kent and Sussex Children’s Services (Safeguarding)
- Police, Educational Welfare (Safeguarding)
- NHS, Health Services (Safeguarding)
- Examination Boards
- CEM Baseline Assessment (Tracking Academic Progress)
The law prevents data from being transferred to countries outside the European Economic Area without prior checks being conducted to ensure that adequate protection processes are in place.
The Right to protect Personal Data
- Students and Parents can ask what information the school holds about them and may be provided with a copy of this information, depending on the situation. The school will also give extra details, such as why it uses this information, where it came from and what types of people it has been sent to
- If personal data is incorrect, the data owner can ask the school to correct it
- Requests can be made to delete the information that the school holds in certain circumstances, eg. where the school no longer needs the information
- The school can be stopped from using data for marketing purposes ie. stop students’ photographs being used on its social media sites
- Students and Parents can object to the school using their data in a way that is causing them damage or distress
Any concerns about the way that Lingfield College is collecting or using personal data should be raised with Mrs Brassett, the Data Protection Officer at firstname.lastname@example.org.
Alternatively, please contact the Information Commissioner’s Office at https://ico.org.uk/concerns/