The Rose Learning TrustThe Rose Learning Trust

GDPR

 

PRIVACY NOTICE

 Who we are:

The Rose Learning Trust is committed to keeping your personal information safe and secure.  This notice is intended to provide information about how the Trust will use of “process” personal data about individuals including current, past and prospective pupils (“Pupils”) and their parents, carers or guardians (referred to in this notice as “parents”). This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why, and when we process your personal data.

The Rose Learning Trust’s registered office is:

The Rose Learning Trust

Central Office

Stevens Road

Doncaster

DN4 0LT

We are a company registered in England and Wales under company number 108820308

We are registered on the Information Commissioner's Office Register; registration number is ZA 229898, and act as the Data Controller when processing your data.

The trust employs an independant designated Data Protection Officer (DPO), who is helping to guide the schools to ensure full compliance with GDPR. The DPO can be contacted with any queries by email or in writing to any of our schools. Our designated Data Protection Officer is Tim Pinto (E-Safety Office), who can be contacted at tpinto@esafetyoffice.co.uk

We also have a Data Protection Single Point of Contact for the trust. If you would like to speak to us about Data Protection, please contact Lyndsey Williams, Rose Learning Trust Governance and Compliance Officer, by email at enquiries@roselearning.co.uk or by telephone 01302 243528.

 

 

Why the Trust needs to process personal data

In order to carry out its ordinary duties to staff, pupils and parents, the Trust may process a wide range of personal data about individuals as part of its daily operation. Some of this activity the Trust will need to carry out in order to fulfil its legal rights, duties, or obligations. To make sure we can help you learn and look after you at school.  For the same reasons we get information about you from some other places too, like other schools, the local council, medical and educational professionals, and the government. The Trust holds the legal right to collect and use personal data relating to individuals, in order to meet legal requirements and legitimate interests set out in the GDPR and UK law, including those in relation to the following:

  • Article 6 and Article 9 of the GDPR
  • Education Act 1996

We hold some personal information about you to make sure we can help you learn and look after you at school. For the same reasons, we get information about you from some other places too, like other schools, the local council, medical and education professionals, and the governments

This information includes: - This list is not exhaustive

The personal data that we may collect, use, store, and share (when appropriate) about you and your children includes, but is not restricted to:

  • Personal identifiers, contacts, and characteristics such as name, unique pupil number, contact details and address
  • Attendance details such as sessions attended, number of absences and reason for absence
  • Information relating to episodes of being a child in need (such as referral information, assessment information, Section 47 information, Initial Child Protection Information and Child Protection Plan information)
  • Results of internal assessments and externally set tests
  • Pupil and curricular records
  • Characteristics, such as ethnic background, eligibility for free school meals, or special educational needs
  • Exclusion information
  • Special Education Needs information (including the needs, information from other professional services, information contained in an ECHP
  • Details of any medical conditions, including physical and mental health
  • Attendance information such as sessions attended, number of absences, absence reasons and any previous schools attended
  • Behavioural information such as exclusions and any relevant alternative provision put in place
  • Safeguarding information (such as court orders and professional involvement)
  • Details of any support received, including care packages, plans and support providers
  • Assessment and attainment information such as Key Stage 1 and phonics results, Key Stage 2 results
  • School trip information such as consents and current medical issues, or voluntary contributions made
  • Provision of educational software in support of teaching and learning
  • Information to enable the pupil to be provided with a school meal
  • Medical information and administration
  • Information required in order to meet our statutory requirements for statutory returns and audit

Why we use this information

We use this data to help run the school, including to: -

  • Provide you with an education including extra-curricular activities
  • Safeguarding pupils’ welfare and provide appropriate pastoral and where necessary, medical care
  • Monitor pupils’ progress and educational needs
  • Enable pupils to take part in national or other assessments, and to publish the results of public examinations or other achievements of pupils at the school
  • Maintain relationships with the school community
  • Help us with the management planning and forecasting, research, and statistical analysis and to enable us to monitor the Trust’s performance
  • Allocate the correct teaching resource
  • Provide any additional support
  • Monitor use of the Trust’s IT system in accordance with the school’s Acceptable Use Policy
  • Receive information about current and prospective pupils from any educational institution that they attend
  • Confirm the identity of prospective pupils and their parents
  • Use photographic or video images of pupils in learning journeys or in school displays for legitimate educational purposes.  Photographs for promotional use for use in school newsletters or school or other websites or media will only be used with pupil’s/parents’ permission
  • Create invoices and process payments for services such as school meals, school trips etc
  • For security purposes and for regulatory and legal purposes, for example, child protection and health and safety and to comply with its legal obligations
  • Receive reports from any organisations that may be working with your child
  • Where otherwise reasonably necessary for the trust’s purposes, including to obtain appropriate professional advice and insurance for the school
  • To keep you updated about the running of the school, such as emergency closures, events or activities including by sending updates and newsletters by text, email and post

Use of personal data for marketing purposes

  • Where you have given us consent to do so, we may send you marketing information by email or text promoting school events, campaigns, charitable causes or services that may be of interest to you. This may include relevant and appropriate information about fundraising events held by the school PTA or other local charities, or information about local commercial or not for profit services such as holiday clubs, child-friendly activities or other children’s services.
  • You can withdraw consent or ‘opt out’ of receiving these emails and/or texts by contacting your school office
  • We commission school photographers to take photos of pupils which are uploaded to our student information management systems. You may be offered these photographs for purchase through such service providers but there is no obligation to buy your child’s photograph.
  • We always obtain data sharing agreements for any such providers.
  • We never sell your data.

Our legal basis for using this information

 We will only collect and use your information when the law allows us to.  Most often, we will use your information where:

  • We need to comply with the law in meeting the statutory duties placed upon us
  • We need to use it to carry out a task in the public interest in order to provide you with an education

Sometimes, we may also use your person information where:

 You, or your parents/carers have given us permission to use it in a certain way

  • We need to protect you or someone’s else’s vital interests (protect your life)
  • Where we have got permission to use your data, you or your parents/carers may withdraw this at any time.  We will make this clear when we ask for permission and explain how to go about withdrawing consent.
  • Some of the reasons listed above for collecting and using your information overlap, and there may several grounds which mean we can use your data.

Collecting this information

 Pupil data is essential for the school’s operational use.

  • While in most cases you, or your parents/carers, must provide the personal information we need to collect, there are some occasions when you can choose whether or not to provide the data
  • We will always tell you if it’s optional.  If you must provide the data, we will explain what might happen if you do not
  • In addition, when a child joins us from another school, we receive a secure file containing relevant information called a Common Transfer File (CTF)
  • We ask parent to keep pupil information up to date via the school office.  You will receive reminders to update your information regularly throughout the school year.

Storing Information

We keep personal information about pupils and parents/carers while they are attending our trust.  We may also keep it beyond their attendance at our trust if this is necessary in order to comply with our legal obligations.

For information on our Records Management Policy and Retention Schedule and how we keep your data safe, please see the trust website.

Why we share pupil information

We do not share information about pupils with any third party without consent unless the law and our policies allow us to do so.

  • Where it is legally required, or necessary (and it complies with data protection law) we may share personal information about pupils with:
  • Our local authority to meet our legal obligations to share certain information with it, such as safeguarding concerns and exclusions
  • The Department for Education
  • The pupil’s family and representatives
  • Schools within The Rose Learning Trust
  • Educators and examining bodies
  • Our regulator – Ofsted
  • Financial Organisations
  • Our auditors
  • Survey and research organisations
  • Health authorities such as the School Nurse and other medical professionals
  • Health and social welfare organisations
  • Professional advisers and consultants
  • Charities and voluntary organisations in support of pupils’ needs
  • Police forces, courts and tribunals
    Professional bodies
  • Schools that the pupils attend after leaving us
  • Our ICT support suppliers who support us with MIS and other ICT
  • School meal providers where relevant allergy information is vital
  • Suppliers and service providers and educational software providers in support of teaching and learning to enable them to prove the service we have contracted them for such as: -
  • Arbor – our school information management system
  • CPOMS – safeguarding and behaviour management system
  • Video Conferencing e.g. Zoom/Teams
  • Parent Pay – our parent communication and payment systems
  • Parent Mail – our parent communication system
  • Free School Meal Eligibility Team
  • Education software in support of teaching and learning
  • Assessment software in support of pupil assessment
  • Microsoft Outlook email communication system
  • Cool Milk to enable free milk for reception/nursery pupils

This list is not exhaustive.

We may also share your information with:

Other partners, where we have your consent e.g., peripatetic music teachers

  • Other third-party partners, where we have your consent, providing services such as after school clubs

Remote Learning/Home Working

Staff, learners, and other associates at the Rose Learning Trust will make use of personal data both in and outside of the organisation setting.

This will include homework, planning, marking, remote learning and collaboration with colleagues. It will also include administration processes and facilities management.

The Rose Learning Trust will review the use of suitable technology for remote working and home learning, and ensure that appropriate technical, security and organisational measures are taken. The choice of technologies and processes will take into account the needs of the Rose Learning Trust to respect and protect the rights and freedoms of its staff, learners, and the wider community with respect to personal data.

CCTV

We use CCTV in various locations around our school sites within the Trust to ensure it remains safe. We will adhere to the ICO’s Code of Practice for the use of CCTV.

We do not need to ask individuals’ permission to use CCTV, but we make it clear where individuals are being recorded. Security cameras are clearly visible and accompanied by prominent signs explaining that CCTV is in use.

Any enquiries about the CCTV system should be directed to the DPO

The National Pupil Database (NPD)

The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.

We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.

To find out more about the pupil information we share with the department, for the purpose of data collections, go to: -

 https://www.gov.uk/education/data-collection-and-censuses-for-schools.

 To find out more about the NPD, go to: -

https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information.

The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:

  • conducting research or analysis
  • producing statistics
  • providing information, advice or guidance

Safeguarding Measures

The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:

  • who is requesting the data?
  • the purpose for which it is required
  • the level and sensitivity of data requested: and
  • the arrangements in place to store and handle the data

To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.

In accordance with Data Protection Law, some of the Trusts processing activity is carried out on its behalf by third parties, such as IT systems, web developers, cloud storage and social media providers.  Where possible this is subject to contractual assurances that personal data will be kept securely and only in accordance with the Trusts specific directions.

The Trust is required by law to provide information to the DfE as part of statutory data collections such as the academy census and the academy workforce return.  This data sharing underpins school funding and educational attainment policy and monitoring

For more information about the department’s data sharing process, please visit:

https://www.gov.uk/data-protection-how-we-collect-and-share-research-data

For information about which organisations the department has provided pupil information, (and for which project), please visit the following website:

https://www.gov.uk/government/publications/national-pupil-database-requests-received

To contact DfE: https://www.gov.uk/contact-dfe

Your Rights

How to access personal information we hold about you.

You can find out if we hold any personal information about you, and how we use it, by making a ‘subject access request’, as long as we judge that you can properly understand your rights and what they mean.

If we do hold information about you, we will:

  • Give you a description of it
  • Tell you why we are holding it and using it, and how long we keep it for
  • Explain where we got it from, if not from you or your parents
  • Tell you who it has been, or will be, shared with
  • Let you know if we are using your data to make any automated decisions (Decision being taken by a computer or machine, rather than by a person)
  • Give you a copy of the information
  • You may also ask us to send your personal information to another organisation electronically in certain circumstances

Your other rights over your data

 You have other rights over how your personal data is used and kept safe, including the right to: -

  • Say that you do not want it to be used if this would cause, or is causing, harm or distress
  • Stop it being used to send you marketing materials
  • Say that you do not want it used to make automated decisions (decisions made by a computer or machine, rather than by a person)
  • Have it corrected, deleted, or destroyed if it is wrong, or restrict our use of it
  • Claim compensation if the data protection rules are broken and this harms you in some way

Privacy Policy Changes

Although most changes are likely to be minor, The Rose Learning Trust may change its Privacy Policy from time to time at The Rose Learning Trust’s sole discretion.

Complaints

We take any complaints about how we collect and use your personal data very seriously, so please let us know if you think we have done something wrong.

You can make a complaint at any time by contacting our Governance and Compliance officer by email at enquiries@roselearning.co.uk or by contacting our designated Data Protection Officer Tim Pinto (E-Safety Office), who can be contacted at tpinto@esafetyoffice.co.uk

You can also complain to the Information Commissioner’s Office in one of the following ways:

Online:  https://ico.org.uk/concerns

Call:  0303 123 1113

Write to:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire, SK9 5AF

Contact Us

If you have any questions, concerns or would like more information about anything mentioned in this privacy notice, please contact Lyndsey Williams, Governance and Compliance officer by email at enquiries@roselearning.co.uk or by telephone 01302 243528.

 

 

Files to Download

GDPR - Confidentiality and Sharing Information Policy V1 GDPR - Data Protection Policy V10 GDPR - Information Governance Policy V3 GDPR - National Cyber Security Centre Practical tips for everyone working in education ICO Data Protection Registration Certificate 2024-2025 ICO Model Publication Scheme

Transforming futures collaboratively

STAFF LOGIN
COOKIES / PRIVACY