Privacy Notices

• Personal identifiers (such as name, unique pupil number and contact details)
• Characteristics (such as ethnicity, language, and free school meal eligibility)
• Safeguarding information
• Medical information
• Attendance
• Assessment and attainment
• Behavioural information
• Fingerprints for our cashless catering or library services
• Photographs and video recordings of you and your work
• Your image captured on our CCTV system when you are on school premises
• Your facial image captured on our electronic visitor management system
• Your consent preferences

We need this information for a variety of reasons, for example to process your admission request to join one of our schools; help us build a picture of your educational, social and health needs, so we can support you and comply with our legal responsibilities for data sharing with the Department for Education (DfE).

For more details, see Pupil Privacy Notice

Pupil Privacy Notice – Approved July 2020

• Your name and contact details
• Relationship to your child/our pupil and your parental responsibility status
• Information about guardianship or family circumstances (eg court orders, parental separation/divorce, professional involvement or other matters which may affect the pupil’s home or school life)
• Bank account details
• Your consent preferences
• Whether or not you are a serving member of the armed forces
• Your image captured on our CCTV system when you are on school premises
• Your facial image captured on our electronic visitor management system

We need this information for a variety of reasons, for example to:

• Register your child at school
• Keep you informed of your child’s attainment, achievements and attendance levels
• Contact you in an emergency
• Enable you to pay for school trips; student resources or catering services online
• Safeguard and promote the welfare of your child or others and where relevant enable us to assist in crime prevention, detection and public safety
• Keep you informed about school news, events and celebrations

• Your name and contact details
• Your relationship to the pupil
• Special notes about collecting the pupil (e.g. password, regular days you are authorised to collect the child)
• Your image captured on our CCTV system when you are on school premises

We need this information to contact you following an incident or emergency involving one of our pupils, where we have been unable to contact their parents or to enable us to release the child into your care.

• Your name and contact details
• Relationship to the employee

We need this information to contact you following an incident or emergency involving one of our employees, where they are unable to contact you themselves (e.g. due to illness or injury).

• Your name and contact details
• Relationship to the job applicant (eg current or previous employer)
• Reference you provide about the applicant

We need this information to contact you to seek a reference about the applicant and to assess their suitability for the role.

• Your name and contact details
• Outcome of your Disclosure and Barring Service (DBS) check and certificate number
• Relevant training or qualifications
• Dates when you have volunteered
• Health, disability or dietary requirements you have chosen to share with us
• Your image captured on our CCTV system when you are on school premises
• Your facial image captured on our electronic visitor management system
• Photographs of you which may be captured during official school photos; class work; sports or other activities or performances

We need this information to keep in touch with you; to keep a record of any school events, trips and activities you are involved in and to safeguard the health and welfare of our volunteers, employees and students.

We collect the following information about you:

• Your name and contact details
• Company you work for (where relevant)
• Your car registration number (if parked on our premises)
• Disclosure and Barring Service (DBS) Certificate number (where relevant)
• Your image captured on our CCTV system when you come into school
• Your facial image captured on our electronic visitor management system

We need this information keep a register of who is on our premises, for use in case of a fire or other incident; to meet our statutory duties for safeguarding children and to create an identification badge for security purposes.

We collect the following information about you:

• Your name and contact details
• Details about your complaint, request or enquiry and the outcome

We need this information to address your complaint, request or enquiry and to keep a record of the outcome for our administration purposes, and to use in any appeals or tribunals.

• Your name and contact details
• The position you are applying for
• Characteristics information (such as your gender, age and ethnic group)
• Your education, experience and qualifications
• Personal statement to support your application
• Your health, disability or dietary requirements you have chosen to share with us

We need this information to assess your suitability for the role; contact you if you are successful in your application; keep a record of our decision making and monitor and comply with our responsibilities under the Equality Act 2010.

We collect the following information about you:

• Your name and contact details
• Contract information (such as start date, hours worked, post, roles, salary information and bank details)
• Characteristics information (such as your gender, age, ethnic group)
• Education, experience and qualifications
• Health, disability or dietary requirements you have chosen to share with us
• Car registration number (if parked on our premises)
• Your image captured on our CCTV system when you come into school
• Your facial image captured on our electronic visitor management system
• Your Disclosure and Barring Service Certificate number
• Your fingerprints for our cashless catering or library services

We need this information to:

• Assess and recruit staff
• Maintain staff records
• Meet statutory duties placed upon us for safeguarding children
• Monitor and comply with our responsibilities under the Equality Act 2010
• Ensure staff and student security
• Complete the Department for Education (DfE) school workforce census
• Provide library, ICT, learning and information services
• Pay our workers and make the appropriate tax deductions and contributions
• Safeguard and monitor the health and welfare of workers
• Provide cashless catering and payment services

We collect the following information about you:

• Personal identifiers (such as your name, employee or teacher number, national insurance number)
• Characteristics information (such as gender, age, ethnic group)
• Contract information (such as start date, hours worked, post, roles, salary information and bank details)
• Work absence information (such as number of absences and reasons)
• Qualifications (and where relevant, subjects taught)
• Outcome of your Disclosure and Barring Service (DBS) check and certificate number
• Employment references
• Health, disability or dietary requirements you have chosen to share with us

We need this information for a variety of reasons such as recruitment; to enable individuals to be paid; monitor and comply with our responsibilities under the Equality Act 2010; complete the Department for Education (DfE) school workforce census; and undertake our responsibilities for safeguarding children. For more details, see Employee Privacy Notice

Employee Privacy Notice – Approved July 2020

We collect the following information about you:

• Your name and contact details
• Governance details (such as your role, start and end dates and governor ID)
• Outcome of your Disclosure and Barring Service (DBS) check and certificate number
• Health, disability or dietary requirements you have chosen to share with us
• Material interests arising from relationships between governors or relationships between governors and school staff (including spouses, partners and close relatives)
• Personal statement when applying for the role and relevant training or qualifications

We need this information to comply with our legal obligations and governance standards and build a comprehensive picture of our school governance and how it is deployed.
For more details, see Members, Governors and Trustees Privacy Notice

Members Trustees Governors Privacy Notice – Approved July 2020

When you visit our website, we collect standard internet log information and details about visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of our website. We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting this website and will not associate any data gathered, with any personally identifying information from any source. For details about the Cookies we use, see our Cookie Policy

We share information with a range of organisations, companies and agencies, where it is necessary for us to carry out our legal responsibilities and duties as a Trust. We only share information about you where it is strictly necessary for us to do so, and the law and our policies allow us to do this. The following are examples of who we share information with:

Department for Education (DfE)

We have a legal requirement to share certain information about our pupils, employees and governors to the DfE (see individual privacy notices).

Our local authority – school admission and safeguarding teams

We have a legal requirement to share certain information about our pupils, parents, employees and governors with our local authority (see individual privacy notices).

Educational psychologists, school nurses and health visitors

We sometimes share information about our pupils with other professionals, to help them receive the necessary educational and pastoral support they need. This is usually shared with the parent’s consent (and if appropriate pupil’s consent) unless it is necessary for us to carry out our official duties or safeguard the welfare of the child (see Pupil Privacy Notice).

Other schools when a pupil leaves us

We are required to transfer our pupils’ educational file to their next school when they leave us (see Pupil Privacy Notice).

Standards and Testing Agency (SATs)

We are required to share information about pupils in year 2 and in year 6 to the Standards and Testing Agency, so they can facilitate and report on our key stage 1 and key stage 2 national curriculum tests (commonly referred to as SATs) (see Pupil Privacy Notice).

Examination boards and moderators

We are required to share information about our secondary pupils with examination boards and moderators, so they can enter those pupils into exams, mark their work and issue their grades (see Pupil Privacy Notice).

Ofsted

We may be required to support an Ofsted inspection, where an inspector asks to see a sample of the school’s records. These records could identify a pupil, employee or visitor. Any personal information the inspector may see, will not be taken away or used in their reports.

Youth support services and careers advisors

We are required to share certain information about our pupils aged 13-19 with our local authority and / or a provider of youth support services, so they can provide further education, advice and training to the pupil (see Pupil Privacy Notice).

Police and law enforcement agencies

We may be required to share information about any person we hold information about, to the police or other law enforcement agencies, to assist them in an investigation or to prevent or detect a crime or safeguard individuals at risk.

Schools within our Multi-Academy Trust
We may sometimes be required to share information about our pupils or employees within our Multi-Academy Trust (MAT), so we can monitor and assess the quality and consistency of our services across the MAT; share resources or to provide particular educational support to individual pupils. We will only share identifiable pupil or employee information, where this is strictly necessary to enable us to carry out our official duties as a Trust.

Service providers

We use companies that provide us with a service to help us run effectively as a Trust; the services we often receive are IT support, professional or legal advice, learning or teaching resources, communication services, catering or transport. To receive these services, we sometimes need to share personal information.

We also work alongside other organisations or individuals that provide services directly to our parents or pupils, such as the school photographer, organisers of extra-curricular clubs or activities or companies that run school trips or provide accommodation or transport. The companies/individuals we use in these circumstances, may change on a regular basis. If you would like information about any specific companies or individuals we work alongside, please contact us at info@ventrus.org.uk

The main legal bases we rely on when we process personal information are as follows:

• It is necessary for us to perform a task which is in the public interest or to exercise our official duties as a Trust

This broad legal basis is applicable to almost all the processing we do involving personal data.

• It is necessary for compliance with a legal obligation

This is applicable where a specific law requires us to collect or share personal data (this usually involves pupils’, employees’ or governors’ data). This will include sharing data with the Department for Education (DfE), Her Majesty’s Revenue and Customs (HMRC) or HM Courts and Tribunal Service (e.g. following a court order).

• It is necessary for the performance of a contract

This will mainly be applicable when we enter into a contract with our employees or with our service providers.

• The data subject has given their consent

Consent is not required for most of the processing we do, however, there are occasions when we ask for consent. For example, if we want to publish photographs or videos of pupils; collect pupil or employee fingerprints to provide them with access to our cashless catering or library systems; share data with other organisations or individuals where we are not legally required to share that data; send parents/carers electronic direct marketing or fundraising communications, which they have opted-in to receiving. Where we are processing your data with your consent, you have the right to withdraw that consent. If you change your mind, or if you are unhappy with our use of your personal data, please let us know by contacting the school office.

• The processing is necessary to protect the vital interests of the data subject or someone else

This is applicable where a person’s life could be at risk and we need to share or make available information to help them. This could involve sharing serious allergy information with staff, paramedics or other medical professionals, or other information requested by the police or social services, to assist them in their enquiries to protect that person.

When we process ‘special category’ data, we must have another legal basis. Special category data is personal data which reveals a person’s racial or ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, genetic data, biometric data (such as fingerprints), health, sex life or sexual orientation. The main legal bases we rely on when we process this type of data is as follows:

• The data subject has given explicit consent

This is usually applicable where we ask for health or dietary information (usually about our employees or pupils).

• The processing is necessary for performing any right or obligation which is imposed on the Trust in relation to employment, social security and social protection law (e.g. safeguarding individuals at risk; protection against unlawful acts; prevention against fraud)

This is usually applicable where we are performing our duties under employment related laws e.g. in relation to health and safety, equality or tax or where we have taken action to safeguard students at risk.

• It is necessary to protect the vital interests of any person where the data subject is physically or legally incapable of giving consent

This could be relied upon in situations where someone has become seriously ill on our premises and we are asked by medical practitioners (such as paramedics), to share information we know about that person’s health or allergies.

• The processing is necessary for the establishment, exercise or defence of legal claims
  We may share or use special category data where legal action is being considered or underway.
• The processing is necessary in the substantial public interest
  This may be relied upon in circumstances such as where our processing is necessary to safeguard children or others at risk or where we respond to requests from the Police or law enforcement bodies, to assist in an investigation to prevent or detect an unlawful act.
• The processing is necessary for the assessment of the working capacity of the employee
  This will be applicable where an employee has been absent from work due to illness or injury and we need to assess whether they are fit to return to work.

This list is not exhaustive.

We take our security responsibilities seriously in order to protect your personal data from accidental or unlawful access, disclosure, loss, damage or destruction. For example:

• Access to our data is on a strict need to know basis
• Our electronic records are held on encrypted servers
• We use up to date virus and malware protection software; security patches are applied promptly and we back up our data regularly
• Our sensitive paper files are locked away with restricted access to the keys
• Our employees, volunteers and governors are subject to Disclosure and Barring Service (DBS) checks and they understand their duty of confidentiality
• We have policies, procedures and training around data protection, security, record disposal and confidentiality
• We have strict visitor management security procedures in place
• We use encrypted email or secure file sharing platforms to share confidential personal data with external organisations
• We carry out due diligence checks on our service providers and Data Protection Impact Assessments, where required.

The personal information we collect and store is essential for our Trust’s operational use. We only keep personal information for as long as we need to, and where it is necessary to comply with any legal, contractual, accounting or reporting obligations. After this period, we delete or securely destroy personally identifiable data.

For more information about how long we keep personal data for, see our record retention schedule

Overseas transfers

We store our data in the UK or the European Economic Area (EEA), however some of our service providers may store personal data outside these areas (usually in the USA). We have a contract in place with these service providers, which ensures they process our data securely and in line with our data protection laws. To find out which service providers process data outside the EEA see Our Service Providers.

You have the following rights under the data protection laws:

Your right of access

You have the right to ask us for copies of your personal data. There are some exemptions, which means you may not always receive all the information we process.

Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances.

Your right to object to processing

You have the right to object to us processing your information where we consider this is necessary for us to perform a task in the public interest. You can also object to us using your contact details to send you direct marketing or fundraising communications, which you have previously opted-in to receiving.

Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under a contract (or in talks about entering into a contract) and the processing is automated.

Your right to complain

We work to high standards when it comes to processing your personal information. We hope you will always be happy with the way we handle your information, however if we have not met your expectations, please let us know so we can put things right. To do this, please email the school at cosec@ventrus.org.uk. If you remain dissatisfied, you have the right to complain to the Information Commissioner’s Office (ICO). The ICO’s contact details are available at https://ico.org.uk/concerns Further information about your data protection rights, can be found on the Information Commissioner’s Office website at www.ico.org.

For information about how we handle requests from people exercising their rights, see our Data Protection Request Procedure available on our website.

Our Data Protection Officer (DPO) is Amber Badley, an external consultant appointed under a service contract. If you have any queries about this privacy notice or any matter relating to the handling of your personal data, you can contact our DPO directly at DPO@firebirdltd.co.uk or by writing to the school at DPO@ventrus.org.uk

Changes to this privacy notice

We may need to update this privacy notice periodically, so we recommend that you revisit this information from time to time. This version was last updated on 13 July 2020.

There are many ways you can contact us, including by phone, email and post. Our contact details are as follows:

Address:             Ventrus Multi Academy Trust

Woodwater Academy

Woodwater Lane

Exeter

EX2 5AW

Email:                  Info@ventrus.org.uk

Telephone:        01392 256020

If you would like to make a request or complaint, please contact us. You are not required to pay a fee for exercising your rights and we have one month to respond to you.