School Privacy Notice
In accordance with General Data Protection Regulation (GDPR) which came into force on 25th May 2018, this notice sets out what the Local Authority Education service and Ysgol Dyffryn Conwy does with children’s and young peoples, personal and performance information, and any personal information relating to you as parent / guardian.
The information in this notice will be kept under review to incorporate any further changes communicated by the Information Commissioner’s Office.
1. The Collection of personal data
The school collects information about children, young people and their parents or legal guardians when they go to a new school, they also collect information at other times during the school year. Information is also received from other schools when pupils transfer.
The Local Authority will receive information on children/young people from the school / education establishment.
Upon receipt of the information the School and Local Authority becomes the data controller.
We have CCTV systems in key locations for the purposes of safety and the prevention and detection of crime. Signs are prominently displayed notifying you that CCTV is in operation and providing you with details of who to contact for further information about them.
We will only disclose CCTV images to third parties for the purposes of public safety and the prevention and detection of crime.
2. What information is held
Personal and special category information that will be collected includes:
▪ Date of birth
▪ Ethnic group
▪ Disability status
▪ Other health information
▪ Additional Learning Needs information
▪ National assessment and examinations results
▪ Information in relation to your education at school
▪ Fingerprint images and templates for Biometric Enabled Check-In
3. What is happening with your information?
The information collected is used to safeguard children and young people and to ensure appropriate contact details are available to contact parents / guardians.
The school and Local Authority also uses the information it collects to do research. It uses the results of the research to make decisions on policy and the funding of schools, to calculate the performance of schools and help them to set targets.
The research also informs the education which is provided to children and young people for example:
▪ The provision of educational services to individuals;
▪ Monitoring and reporting on children / young people’s educational progress;
▪ The provision of welfare, pastoral care, and health services; SEN and transport requirements; exclusions, attendance and nursery data
▪ The giving of support and guidance to children, young people, their parents and legal guardians;
▪ The organisation of educational events and trips;
▪ Planning and management of the school.
▪ Recording of monetary payments to and from pupils/students and parents/guardians.
We may use your use your information for automated decision making, including profiling. This is where we may make a decision automatically about you without human intervention.
4. Who is your information shared with?
Information is sent to Welsh Government on children and young people directly from schools and the Local Authority normally as part of statutory data collection which consists of the following:
▪ Post-16 data collection
▪ Pupil Level Annual School Census (PLASC)
▪ Educated other than at school (EOTAS) pupil level collection
▪ National data collection (NDC)
▪ Attendance collection
▪ Welsh National Tests (WNT) data collection
Information held by the School and Local Authority on children and young people and their parents or legal guardians may be shared with other organisations when the law allows, for example with;
▪ Other education and training bodies, including schools, when pupils are applying for courses, training, school transfer or seeking guidance on opportunities;
▪ Bodies doing research for the WG, LA and schools, so long as steps are taken to keep the information secure;
▪ Central and local government for the planning and provision of educational services;
▪ Social services and other health and welfare organisations where there is a need to share information to protect and support individual children and young people;
▪ Various regulatory bodies, such as ombudsmen, inspection authorities and Government fraud initiatives, where the law requires that information be passed on so that they can do their work.
5. How long will we keep this information?
The school and Local Authority will retain and destroy the information in line with their retention schedules, these can be obtained from the contact details below.
6. Your rights under GDPR
You have the right to:
▪ Have access to the personal information that the school and Local Authority are processing about you;
▪ Require the schools or Local Authority to rectify inaccuracies in that information;
▪ The right (in some circumstances) to object to processing on grounds relating to your particular situation
▪ The right to restrict processing (in some circumstances)
▪ Lodge a complaint with the information commissioner who is the independent regulator for data protection
For further information about the information which the school and Local Authority holds and its use, or if you wish to exercise your rights under the GDPR, please see contact details below:
Mr Owain Gethin Davies, Headteacher
Ysgol Dyffryn Conwy,
Local Authority contact:
Schools Designated Data Protection Officer (DPO)
Information Governance Officer (Education)
SCE - Education Services
CONWY County Borough Council
Andrew Nixon - Senior Business and MIS officer
To contact the Information Commissioner’s Office, please see details below:
Information Commissioners Office
Telephone helpline: 029 2067 8400 (Wales helpline) or 0303 123 1113 (UK helpline)