1. What Personal Information Do Bede’s School Collect and How It Is Used?.
1.1. Pupil Information.
1.2. Staff Information.
2. How is My Personal Information Protected?.
3. User-Supplied Information.
5. Usage & Web Server Logs.
6. Third Party Services.
7. Cookies Policy.
8. Who Has Access to Personal Information?.
9. How May I Correct, Amend, or Delete My Personal Data and/or Change the Information I Receive?
10. Associated Policies.
11. Policy Owner & Distribution.
12. Policy Review Schedule.
1. What Personal Information Do Bede’s School Collect and How Is It Used?
Bede’s School collects information about current and prospective students, parents and guardians, staff, volunteers and governors in a variety of ways including, but not limited to: direct from the individuals (for example, when registering for an Open Day, subscribing to a newsletter, signing up for a school shop account), from previous employers, publicly available information, and through cookies, and/or similar technology.
We use the information primarily to provide you with a personalised experience that delivers the information most relevant and helpful to you.
1.1. Pupil Information
We collect and hold personal information relating to our pupils and may also receive information about them from their previous school, local authority and/or the Department for Education (DfE). We use this personal data to:
- Support our pupils’ learning
- Monitor and report on their progress
- Provide appropriate pastoral care; and
- Assess the quality of our services
This information will include contact details, national curriculum assessment results, attendance information, any exclusion information, where they go after they leave us and personal characteristics such as their ethnic group, any special educational needs they may have as well as relevant medical information.
Bede’s School are required, by law, to pass some information about our pupils to the Department for Education (DfE). This information will, in turn, then be made available for use by East Sussex County Council (ESCC).
DfE may also share pupil level personal data that we supply to them, with third parties. This will only take place where legislation allows it to do so and it is in compliance with the Data Protection Act 1998.
Decisions on whether DfE releases this personal data to third parties are subject to a robust approval process and are based on a detailed assessment of who is requesting the data, the purpose for which it is required, the level and sensitivity of data requested and the arrangements in place to store and handle the data. To be granted access to pupil level data, requestors must comply with strict terms and conditions covering the confidentiality and handling of data, security arrangements and retention and use of the data.
For more information on how this sharing process works, please visit: https://www.gov.uk/guidance/national-pupil-database-apply-for-a-data-extract
For information on which third party organisations (and for which project) pupil level data has been provided to, please visit: https://www.gov.uk/government/publications/national-pupil-database-requests-received.
On the occasion of a student moving to an alternative school, we pass on details of a student’s academic record to the school office for that school and a copy of the safeguarding and medical files to the school’s Designated Safeguarding Lead and/or Medical Lead (where relevant).
1.2. Staff Information
We process personal data relating to those we employ to work at, or otherwise engage to work at our school. This is for employment purposes to assist in the running of the school and to enable individuals to be paid.
This personal data includes identifiers such as names and National Insurance numbers and characteristics such as ethnic group, employment contracts and remuneration details, qualifications and absence information.
We will not share information about you with third parties without your consent unless the law allows us to.
We are required, by law, to pass on some of this personal data to:
- East Sussex County Council (ESCC)
- the Department for Education (DfE)
If you require more information about how ESCC and the DfE store and use your personal data please visit:
2. How is My Personal Information Protected?
We maintain administrative, technical and physical safeguards to protect against loss, misuse or unauthorised access, disclosure, alteration or destruction of the personal information provided to us.
As a UK educational establishment, inspected by the Independent Schools Inspectorate (ISI), the safety of our students and their families in our main priority at all times. All our staff and volunteers are engaged using safe recruitment processes following vetting and barring scheme procedures issued by the UK Government. Access to data held by our school is only granted when staff and volunteers pass such vetting processes.
Bede’s School complies with Data Protection/Privacy regulations, laws and industry best practices in respects to security around personal information.
All our staff are required to regularly review the Information Security policy (which encompasses the Data Protection policy) and attend training.
We have implemented certain appropriate security measures to help protect your personal information from accidental loss and from unauthorized access, use, or disclosure. For example, some areas of our websites, such as our Parent Portal and Virtual Learning Environment, are protected with Secure Sockets Layer (SSL) technology. Also, we store the information about you in a data centre with restricted access and appropriate monitoring, and we use a variety of technical security measures to secure your data. In addition, we use maintained firewalls and virus protection software.
Also, please note that we may store and process your personal information in systems located outside of your home country. Currently, this is restricted to online payments for our shop website and obtaining references, however this is not a limited list and is liable to change. Regardless of where storage and processing may occur, we take appropriate steps to ensure that your information is protected, consistent with the principles set forth under this Policy, and as required under Data Protection/Privacy laws. We also regularly audit our suppliers to ensure compliance with this policy. By giving your information you consent to these transfers.
3. User-Supplied Information
When you register interest in Bede’s School, or order uniform either online or directly with us, we ask you to provide some personal information, for example, your name, address, phone number, email address, if required, payment card or bank information, and/or certain additional categories of information resulting from use of our websites and services, such as your child details. We maintain this information in our Management Information Systems to administer Bede’s School and support our students and their families.
We may use certain information you provide to offer you information that we believe may be of interest to you or for our market research purposes to improve the educational experience of Bede’s School. You will be invited to participate in this research and/or subscribe to lists. You can select not to participate and can also log into your parent portal or school shop accounts to opt out. If in doubt, please email email@example.com with details of your request and we will endeavour to assist you in amending this data or changing your subscriptions.
5. Usage and Web Server Logs
When you visit our web sites, we may track information about your usage and/or visit, and store that information in usage or web server logs, which are records of the activities on sites. Our servers automatically capture and save the information electronically. Examples of the information we may collect include:
- Your unique Internet protocol address
- The name of your unique Internet service provider
- The city, and country from which you access our website
- The kind of browser or computer you use
- The number of links you click within the site
- The date and time of your visit
- The web page from which you arrived to our site
- The pages you viewed on the site
- Certain searches/queries that you conducted via our product(s) and/or website(s)
The information we collect in usage or web server logs helps us administer our websites, analyse its usage, protect the website and its content from inappropriate use, and improve the website visitor’s experience.
6. Third Party Services
We may also use analytics tools provided by Google, Inc. ("Google") or other similar providers. Analytics tools serve cookies through our products or website and collect aggregated data on an anonymised basis about visitors' use of the product or website. The data collected enables us to understand aggregated visitor activity and how we may improve our website. This data is collected and used on an anonymised, aggregated basis only and does not enable any visitor to be personally identified.
We respect your right to choose whether or not to accept cookies.
Please note that if you do not set your browser and e-mail settings to disable cookies, you will be indicating your consent to receive them.
7. Cookies Policy
By using our websites, you agree that we can place these types of cookies on your device.
You have the right to refuse or disable cookies served through our products or website although, if you choose to do so, certain functionality may subsequently become unavailable to you. As the means by which you may do this vary from browser to browser, we recommend that you visit your browser's help menu for further information.
8. Who Has Access to Personal Information?
We will not sell, rent, or lease mailing lists or other customer data to others, and we will not make your personal information available to any unaffiliated parties, except as follows:
- To agents and/or contractors who may use it on our behalf or in connection with their relationship with us (for example, we may use third parties to help us with promotional campaigns).
- As required by law, in a matter of public safety or policy.
We share some of our administrative functions with other Bede’s School companies, such as Dicker Enterprises (trading as the Bede’s School Shop). These companies form the St Bede’s School Trust, and as such, are held accountable under the same policies and procedures.
Your access to some of website content may be password protected. We recommend that you refrain from disclosing your username(s) and password(s) to anyone. We also recommend that you sign out of that website account at the end of each session. You may also wish to close your browser window on ceasing each session, especially if you share a computer with someone else or if you are using a computer in a public place.
9. How May I Correct, Amend, or Delete My Personal Data and/or Change the Information I Receive?
You can view, amend, update or delete your personal data by contacting us at firstname.lastname@example.org. You can also contact our school office if you wish to change the information you receive from Bede’s School.
10. Associated Policies
This policy should be read in conjunction with the following policies:
Information Security Policy (encompassing Data Protection) - February 2013. Currently under review.
11. Policy Owner and Distribution
Owned by: Head of IT Services
Authorised by: SSSLG
Date: November 2016
Review Date: November 2017
Circulation: Inclusion on all Bede’s Websites
12. Policy Review Schedule
First issue of policy, reviewed and ratified by SSSLG