Privacy Policy
GDPR: Privacy Policy
Who We Are
Exceed Learning Partnership and its academies (‘we’ or ‘us’ or ‘our’) gather and process your personal information in accordance with this privacy policy and in compliance with the relevant data protection Regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.
Exceed Learning Partnership’s registered office is at Edlington Lane, Edlington, Doncaster, DN12 1PL and we are a company registered in England and Wales under company number 10660150. We are registered on the Information Commissioner's Office Register; registration number ZA245663, and act as the Data Controller when processing your data. Our designated Data Protection Officer/Appointed Person is Lorraine Burton, who can be contacted at DPO@exceedlearningpartnership.com
What this Policy is for
This policy is intended to provide information about how the Trust/Academy will use (or “process”) personal data about individuals including: its personnel, its current, past and prospective pupils and their parents, carers or guardians (referred to in this policy as “parents”).
This information is provided in accordance with the rights of individuals under Data Protection Law to understand how their data is used. Trust/Academy personnel, parents and pupils are all encouraged to read the required Privacy Notice and understand the Trust’s obligations.
This Privacy Notice runs alongside any other information the Trust/Academy may provide about a particular use of personal data, for example when collecting data via an online or paper form.
Why the Trust/Academy needs to process personal data
1. Order to carry out its ordinary duties to staff, pupils and parents, the Trust/Academy may process a wide range of personal data about individuals as part of its daily operation. Some of this activity the Trust/Academy will need to carry out in order to fulfil its legal rights, duties or obligations. The Trust/Academy holds the legal right to collect and use personal data relating to individuals, in order to meet legal requirements and legitimate interests set out in the GDPR and UK law, including those in relation to the following:
- Article 6 and Article 9 of the GDPR
- Education Act 1996
In accordance with the above, we use data relating to pupils and their families for the following reasons:
- To support pupil learning
- To monitor and report on pupil progress
- To provide appropriate pastoral care
- To assess the quality of our service
- To comply with the law regarding data sharing
- To safeguard pupils
We use data relating to personnel for the following reasons:
- Enable the development of a comprehensive picture of the workforce and how it is deployed
- Inform the development of recruitment and retention policies
- Enable individuals to be paid
Types of personal data including sensitive personal data collected and processed by the Trust or its Academies
This will include by way of example:
- Personal information - e.g. names, addresses, telephone numbers, e-mail addresses, national insurance numbers; dates of birth, bank details, proof of identity and qualifications
- Characteristics - e.g. ethnicity, religion, language, nationality, country of birth and free school meal eligibility
- Admission and attendance information (such as sessions attended, number of absences and absence reasons)
- Pupil Progress (such as assessment information, Special Educational Needs, Behavioural information)
- Past, present and prospective student’s academic, disciplinary, admissions and attendance records (including information relating to any special education needs);
- Relevant health and medical information, including contact details for next of kin
- Contract information (such as start dates, hours worked and salary information
How the Trust/Academy collects data
Generally, the Trust/Academy receives personal data from the individual directly (including, in the case of pupils, from their parents). This may be via an online enquiry form, email, paper documentation or simply during the ordinary course of interaction or communication. In some cases, personal data may be supplied by third parties (for example another Trust/Academy, the Local Authority or other professionals or authorities working with the individual).
Whilst the majority of the personal data provided to the Trust/Academy is mandatory, some of it is provided on a voluntary basis. When collecting data, the Trust/Academy will inform you whether you are required to provide this data or if your consent is needed. Where consent is required, the Trust/Academy will provide you with specific and explicit information with regards to the reasons the data is being collected and how the data will be used.
How long we keep personal data
In accordance with the GDPR, the Trust/Academy does not store personal data indefinitely; data is only stored for as long as is necessary to satisfy the purpose for which it was collected. Exceed Learning Partnership’s GDPR Data Retention Policy identifies how long personal data is stored for.
Who has access to personal data and who does the Trust/Academy share information with
Exceed Learning Partnership and its academies takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including: SSL, TLS, encryptions, pseudonymisation, restricted access, IT authentication, firewalls, anti-virus/malware etc.
We will never disclose or share your data without your consent, unless required to do so by law. We will only retain your data for as long as is necessary and for the purpose(s) specified within our privacy notices. Where you have consented to us providing you with information relating to school events (see consent section on Privacy Notice for pupils) you are free to withdraw this consent at any time.
For the most part, personal data collected by the Trust or its Academies will remain within the Trust/Academy, and will be processed by appropriate individuals only in accordance with access protocols.
The Trust or its Academies routinely shares information with:
- Pupils’ destinations upon leaving us
- Our Local Authority
- The NHS
- The Department for Education (DfE)
Safeguarding measures
In accordance with Data Protection Law, some of the Trust’s/Academies’ processing activity is carried out on its behalf by third parties, such as IT systems, web developers, cloud storage and social media providers. Where possible this is subject to contractual assurances that personal data will be kept securely and only in accordance with the Trust or its Academies’ specific directions.
The Trust/Academies are required by law to provide information to the DfE as part of statutory data collections, such as the academy census and the academy workforce return. This data-sharing underpins school funding and educational attainment policy and monitoring.
To find out more about the data collection requirements placed on us by the DfE (for example, via the academy census) please visit the following website:
https://www.gov.uk/education/data-collection-and-censuses-for-schools
The National Pupil Database (NPD) is owned and managed by the DfE and contains information about pupils in schools in England. The law that allows this is the Education (Information about Individual Pupils) (England) Regulations 2013. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
To find out more about the NPD, please visit the following website:
https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information
The DfE may share information about our pupils from the NPD with third parties who promote the education or wellbeing of children in England by:
- Conducting research and analysis
- Producing statistics
- Providing information, advice or guidance
The DfE has robust processes in place to ensure that the confidentiality of our data is maintained, and there are stringent controls in place regarding access and use of the data. Decisions on whether the DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
- Who is requesting the data
- The purpose for which it is required
- The level and sensitivity of data requested and
- The arrangements in place to store and handle the data
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of data, security arrangements, retention and use of the data.
For more information about the DfE’s data sharing process, please visit the following website:
https://www.gov.uk/data-protection-how-we-collect-and-share-research-data
For information about which organisations the department has provided pupil information to, (and for which project), please visit the following website:
https://www.gov.uk/government/publications/national-pupil-database-requests-received
To contact the DfE go to the following website: https://www.gov.uk/contact-dfe
What are your rights
Under the data protection legislation, Individuals have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to a child’s educational record, contact the Chief Privacy Officer in the academy who will work with the Data Protection Officer for the Trust, see details below:-
Individuals also have the right to:
- Be informed about how the Trust or its Academies use their personal data
- Request access to the personal data that the Trust or its Academies hold
- Request that your personal data is amended if it is inaccurate or incomplete
- Object to processing of personal data that is likely to cause, or is causing, damage or distress
- Request that personal data is erased where there is no compelling reason for its continued processing
- Request that the processing of your data is restricted
Where the processing of your data is based on your consent, you have the right to withdraw this consent at any time.
If you have a concern about the way Exceed Learning Partnership or its academies and/or DfE is collecting or using your personal data, you can raise a concern with us in the first instance or to the Information Commissioner’s Office.
An individual wishing to access or amend their personal data should put their request in writing to the Chief Privacy Officer in your academy or with Data Protection Officer at DPO@exceedlearningpartnership.com
You should also be aware that certain data is exempt from the right of access. This may include information that identifies other individuals.
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.