Who are we?

Lythe School is a ‘Data Controller’ as defined by Article 4 (7) of GDPR. This means that we determine the purposes for which, and the manner in which, your personal data is processed. We have a responsibility to you and your personal data and will only collect and use this in ways which are compliant with data protection legislation.

The school has appointed Veritau Ltd to be its Data Protection Officer (DPO). The role of the DPO is to ensure that the school is compliant with GDPR and to oversee data protection procedures. If you would like to discuss anything in this privacy notice, please contact (insert SPOC details) or Veritau Ltd. Veritau’s contact details are:

  Schools Data Protection Officer

Veritau Ltd

County Hall

Racecourse Lane

Northallerton

DL7 8AL

 schoolsDPO@veritau.co.uk

01609 53 2526

 *Please ensure you include the name of the School in all correspondence with the DPO

What information do we collect?

The categories of information that we collect, hold and share include the following:

 Personal information of pupils and their family members  (e.g. name, pupil number, DOB and address)

• Educational and assessment attainment (such as KS1 and phonics results, post 16 courses and relevant results)
• Free school meal eligibility
• Attendance information (such as sessions attended, number of absences, absence reasons and any previous schools attended)
• Behavioural information (such as exclusions and any relevant alternative provision put in place)
• Safeguarding information (including but not limited to court orders and professional involvement)
• Photographs and communication preferences
• School trips
• Extra curricular activities
• Before and after school clubs

 We will also process certain ‘special category’ data about our pupils including:

 Relevant medical information – please be aware that where the pupil has a severe allergy or is thought to be at risk of needing emergency care for a medical issue then this will be shared with all relevant staff members. We may do this in the form of photo identification in the staff room to ensure that all staff members are aware of the issues should an emergency situation arise

• Special Educational Needs and Disabilities information (including the needs and ranking)
• Race, ethnicity and religion
• Biometric data e.g. thumbprints
• The school may also have information relating to you or your child’s sexual orientation and/or sexual activity. This is not routine and only likely to be collected if there is a safeguarding risk.

 Why do we collect your personal data?

We use the information we collect:

 to support pupil learning

• to monitor and report on pupil progress
• to provide appropriate pastoral care
  • to assess the quality of our services
  • to keep children safe (food allergies or emergency contact details)to meet the statutory duties placed upon us by the DfE
  • we also may keep some information for historical and archiving purposes in the public interest

 Any personal data that we process about our pupils and parents is done so in accordance with Article 6 and Article 9 of GDPR.

 Our legal basis for processing your personal data, in line with Article 6(1)(c) (legal obligation) includes (but not necessarily limited to):

• Education Act 1944,1996, 2002, 2011
• Education and Adoption Act 2016
• Education (Information About Individual Pupils)(England) Regulations 2013
• Education (Pupil Information) (England) Regulations 2005
• Education and Skills Act 2008
• Children Act 1989, 2004
• Children and Families Act 2014
• Equality Act 2010
• Education (Special Educational Needs) Regulations 2001

 We also process information in accordance with Article 6(e) (public task), Article 6(a) (consent), Article 9 (2)(a) (explicit consent where applicable) and Article 9(2)(g) (reasons of substantial public interest).

 We mainly collect pupil information through admission forms and common transfer file or secure file transfer from previous school. The majority of pupil information you provide to us is mandatory in line with your parental responsibility – for further details please see the following link https://www.gov.uk/government/publications/dealing-with-issues-relating-to-parental-responsibility/understanding-and-dealing-with-issues-relating-to-parental-responsibility.

However, some information we ask for on a voluntary basis. When we do process this additional information we will ensure that we ask for your consent to process it. 

 Where we are processing your personal data with your consent you have the right to withdraw that consent. If you change your mind, or are unhappy with our use of your personal data, please let us know by contacting the headteacher.

 Who do we obtain your information from?

Much of the information we process will be obtained directly from you (pupils and parents). We will also process information received from:

• Department for Education (DfE)
• Local Education Authority (North Yorkshire County Council)
• Previous schools attended

 Who do we share your personal data with?

We routinely share pupil information with:

• schools that the pupils attend after leaving us
• our Local Education Authority (North Yorkshire County Council) to ensure that they can conduct their statutory duties
• the Department for Education (DfE)
• National Health Service bodies

For more information on information sharing with the DfE (including the National Pupil Database and Census) please go to: https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information

We will not share any information about you outside the school without your consent unless we have a lawful basis for doing so. For example, we may also share your data with classroom/teaching apps and some websites for the purpose of enhancing pupil learning. Where we do this we will rely on either Article 6(e) (public task) or Article 6(a) (consent).

Where we rely on Article 6(e) you have the right to object to processing and where we are relying on Article 6(a) you have the right to withdraw that consent at any time. Please see section below on data subject rights.

How long do we keep your personal data for?

Lythe School will keep your data in line with our Information Policy. Most of the information we process about you will be retained as determined by statutory obligations. Any personal information which we are not required by law to retain will only be kept for as long as is necessary to fulfil our organisational needs.

What rights do you have over your data?

Under GDPR parents and pupils have the following rights in relation to the processing of their personal data:

• to be informed about how we process your personal data. This notice fulfils this obligation
• to request access to your personal data that we hold, and be provided with a copy of it
• to request that your personal data is amended if inaccurate or incomplete
• to request that your personal data is erased where there is no compelling reason for its continued processing
• to request that the processing of your personal data is restricted
• to object to your personal data being processed

If you have any concerns about the way we have handled your personal data or would like any further information, then please contact our DPO on the address provided above.

Please be aware that usually pupils are considered to have the mental capacity to understand their own data protection rights from the age of 12 years old. The school may therefore consult with the pupil if it receives a request to exercise a data protection right from a parent.

If we cannot resolve your concerns you may also complain to the Information Commissioner’s Office (the Data Protection Regulator) about the way in which the school has handled your personal data. You can do so by contacting:

First Contact Team

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow Cheshire

SK9 5AF

casework@ico.org.uk  // 0303 123 1113

Last Updated

We may need to update this privacy notice periodically so we recommend that you revisit this information from time to time. This version was last updated on 24^th April 2020.

This Privacy Notice has been written to inform you about how Lythe School processes your personal data when you visit our website. This notice only applies to how the school uses your data when you visit our website. For more information about how the school uses personal data in general please see our other privacy notices by clicking on the links to the left.

Who are we?

Lythe School is a ‘Data Controller’ as defined by Article 4 (7) of GDPR. This means that we determine the purposes for which, and the manner in which, your personal data is processed. We have a responsibility to you and your personal data and will only collect and use this in ways which are compliant with data protection legislation.

The school has appointed Veritau Ltd to be its Data Protection Officer (DPO). The role of the DPO is to ensure that the school is compliant with GDPR and to oversee data protection procedures. Veritau’s contact details are:

Information Governance     

Veritau Ltd

County Hall

Racecourse Lane

Northallerton

DL7 8AL

 schoolsDPO@veritau.co.uk

01609 53 2526 

 Cookies

When you visit our website we will place a small file on your electronic device (computer, phone, or tablet etc) – this file is called a ‘Cookie’. This is a common practice that most websites that you visit will use.

Cookies are used so that:

• We can remember the  information you’ve provided us with while on our website, so you don’t have to keep re-entering the information whenever you visit a new page
• We can look at how you use our website so that we can improve it for other users

When you use our website you agree that we can put these cookies on your device. 

We do not use Cookies that also monitor other websites that you’ve visited (these are known as privacy intrusive cookies).

Our cookies will not identify you but if you prefer you may wish to turn Cookies off. For more information about how to this, and more information about Cookies i general, please see https://www.aboutcookies.org/ 

Google Analytics

Because we want to make sure our web content is the best that it could possibly be we use something called Google Analytics to collect information about how people use this website.

Google Analytics collects information about:

• · What pages you visit on this website,
• · How long you are on this website,
• · What you did to get here (through another website or by search engine),
• · What you clicked on when visiting this website,
• · The number of times a word is searched for and the number of negative returns of a search result.

We do not collect any personal information (such as your name) only the above activity.

This is an example of how we store this data and how long we keep it for:

For more information about Google Analytics and to opt out of Google Analytics all together please see: http://tools.google.com/dlpage/gaoptout

Copyright

Any information on this website, including not limited to graphics, design, text, and images are subject to Copyright which belongs to the School or a third party that has given permission for the School to use this information. The School grants permissions to electronically copy, print to hard copy, or transfer such material so long as it is for school business only.

Disclaimer and External Links

The School makes every effort to ensure the content on this website is correct and factual. The School accepts no liability for any inconvenience or loss caused by reliance on any information contained on this website.

The School makes every effort to ensure links to external websites are secure. The School accepts no liability for the privacy practices of those external websites.

Accessibility

To see our website accessibility statement, click here.

This Privacy Notice has been written to inform prospective employees of Lythe School  about what we do with your personal information.

Who are we?

Lythe School is a ‘Data Controller’ as defined by Article 4 (7) of GDPR. This means that we determine the purposes for which, and the manner in which, your personal data is processed. We have a responsibility to you and your personal data and will only collect and use this in ways which are compliant with data protection legislation.

The school has appointed Veritau Ltd to be its Data Protection Officer (DPO). The role of the DPO is to ensure that the school is compliant with GDPR and to oversee data protection procedures. Veritau’s contact details are:

Schools Data Protection Officer

Veritau Ltd

County Hall

Racecourse Lane

Northallerton

DL7 8AL

schoolsDPO@veritau.co.uk

01609 53 2526

*Please ensure you include the name of the School in all correspondence with the DPO.

What information do we collect and why do we require it?

As part of your job application Lythe School will need to assess your suitability for the vacancy. This means that we need to collect information about you in order to facilitate this.

This information includes, but is not necessarily limited to:

• Your name(s), title, contact details, address, and National Insurance Numbers;
• ID Documents;
• Eligibility to Work
• Previous employment history;
• Education and Professional Qualifications;
• Membership of professional or government bodies;
• Referee Details;
• Equalities information (so that we can monitor workplace equality);
• Any information provided by your nominated referees (which includes any relevant disciplinary actions and/or sickness information)
• Any other relevant information you wish to provide to us;

Who do we obtain your information from?

Much of the information we process will be obtained directly from your application form. However, we may need to collect data about you from, but not necessarily limited to, the following organisations:

• Your nominated referees,
• The Disclosure and Barring Service,
• The Local Authority.

Who do we share your personal data with?

Generally we will keep your personal data within the school but in some instances may be required to disclose your personal data to:

• Third party assessment providers (in order to facilitate your suitability for a role),
• The Local Authority (who may assist the school with the recruitment process),
• Our governing body.

Sometimes your application may need to be submitted to an assessment panel. These panels could include individuals from other organisations. We will tell you if this is the case.

How long do we keep your personal data for?

What is our lawful basis for processing your personal data?

The School is required to process your personal data and your special category data for the performance of your employment contract or to take necessary steps to enter in to an employment contract.

The School is also legally required to collect some information as defined by employment law (i.e equalities and diversity).

What rights do you have over your data?

Under GDPR you have the following rights in relation to the processing of your personal data:

• To be informed about how we process your personal data. This notice fulfils this obligation
• To request access to your personal data that we hold, and be provided with a copy of it
• To request that your personal data is amended if inaccurate or incomplete
• To request that your personal data is erased where there is no compelling reason for its continued processing
• To request that the processing of your personal data is restricted
• To object to your personal data being processed

You can exercise any of these rights by contacting: <Insert Contact Details of School>

If you have any concerns about the way we have handled your personal data or would like any further information, then please contact our DPO on the address provided above.

If we cannot resolve your concerns you may also complain to the Information Commissioner’s Office (the Data Protection Regulator) about the way in which the school has handled your personal data. You can do so by contacting:

This privacy notice has been written to inform prospective, current, and former employees of Lythe School about how and why we process their personal data.

Who are we?

Lythe School is a ‘Data Controller’ as defined by Article 4 (7) of GDPR. This means that we determine the purposes for which, and the manner in which, your personal data is processed. We have a responsibility to you and your personal data and will only collect and use this in ways which are compliant with data protection legislation.

Employees of voluntary controlled and community schools are considered to be employees of the local authority and therefore both the School and North Yorkshire County Council are considered to be joint data controllers in regards to employee data.

The school has appointed Veritau Ltd to be its Data Protection Officer (DPO). The role of the DPO is to ensure that the school is compliant with GDPR and to oversee data protection procedures. Veritau’s contact details are:

Information Governance     

Veritau Ltd

County Hall

Racecourse Lane

Northallerton

DL7 8AL

 schoolsDPO@veritau.co.uk

01609 53 2526  

What information do we collect and why do we need it?

The School and the Local Authority require your personal information, and sometimes your special category data, in order to fulfil requirements set out in both your employment contract and by employment legislation.

To find out more about what information we collect, why we collect it, and what our lawful basis is then please see the Employment Privacy Notices on the Local Authority’s website:

Delete/Add as appropriate

North Yorkshire County Council  

City of York Council

East Riding of Yorkshire County Council

Hartlepool Borough Council

Redcar and Cleveland Borough Council

Doncaster Council

Cumbria County Council

Newcastle Council

Photographs

We will seek your consent to use your photo on our website. Please note that you can withdraw this consent at any time.

Who has access to your personal data in the School?

Your information will only be made available to those who need it to do their job in relation to your employment. This includes your line manager(s), the business manager, and relevant administrative staff.

Please see the Council Privacy Notices to see who in the Council has access to your personal data.

Your name, job title, work email address, telephone number and photograph will be available in your personnel file and on SIMS, which are accessible to the Head Teacher and the school Secretary.

Who do we share your personal data with?

Please see the Council employee privacy notices to find out more about who the School and Council may share your data with.

We have duties under the Freedom of Information Act 2000 to disclose information we hold unless there is a very good reason to withhold it. Therefore we may disclose your name and work email address publicly in response to a request if we are required to do so.

The school also has a specific duty (section 537A of the Education Act 1996) to share your information with the Department of Education for the purpose of the annual school census.

How long do we keep your personal data for?

Lythe School will keep your data in line with our Information Policy. Most of the information we process about you will be determined by statutory obligations. Any personal information which we are not required by law to retain will only be kept for as long as is necessary to fulfil our organisational needs.

Do we transfer your data outside of the UK?

Generally the information that the school holds is all held within the UK. However, some information may be held on computer servers which are held outside of the UK. We will take all reasonable steps to ensure your data is not processed in a country that is not seen as ‘safe’ by the UK government. If we do need to send your data out of the European Economic Area it will ensure it has extra protection from loss or unauthorised access.

What rights do you have over your data?

Under GDPR, individuals have the following rights in relation to the processing of their personal data:

• to be informed about how we process your personal data. This notice fulfils this obligation
• to request access to your personal data that we hold, and be provided with a copy of it
• to request that your personal data is amended if inaccurate or incomplete
• to request that your personal data is erased where there is no compelling reason for its continued processing
• to request that the processing of your personal data is restricted
• to object to your personal data being processed

If you have any concerns about the way we have handled your personal data or would like any further information, then please contact our DPO on the address provided above.

If we cannot resolve your concerns you may also complain to the Information Commissioner’s Office (the Data Protection Regulator) about the way in which the school has handled your personal data. You can do so by contacting:

First Contact Team

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow Cheshire

SK9 5AF

casework@ico.org.uk  // 0303 123 1113

The Surveillance Policy and CCTV privacy notice are under review September 2019

This Privacy Notice has been written to inform individuals who are contemplating making a complaint, are in the progress of making a complaint, or have previously made a complaint about what Lythe CEVC School does with your personal data as part of the school’s complaints process.

Who are we?

Lythe CEVC School is a ‘Data Controller’ as defined by Article 4 (7) of GDPR. This means that we determine the purposes for which, and the manner in which, your personal data is processed. We have a responsibility to you and your personal data and will only collect and use this in ways which are compliant with data protection legislation.

The school has appointed Veritau Ltd to be its Data Protection Officer (DPO). The role of the DPO is to ensure that the school is compliant with GDPR and to oversee data protection procedures. Veritau’s contact details are:

Schools Data Protection Officer

Veritau Ltd

County Hall

Racecourse Lane

Northallerton

DL7 8AL

schoolsDPO@veritau.co.uk

01609 53 2526

*Please ensure you include the name of the School in all correspondence with the DPO

 What information do we collect and why do we require it?

As school we are obliged to have a complaints procedure in place. As part of our complaints procedure we are required to process personal data. 

The personal data we collect about you includes:

• Personal identifiers (your name, address, contact details)
• Any relevant information we hold on School systems and databases,
• Any information you, or a party to the complaint, provides us with,
• Any information passed to us by any other organisation,
• Witness statements,
• Any relevant correspondence we have had with you or another party to the complaint – including internal correspondence about you,
• Any relevant video recording (including CCTV), audio recordings,  or images,
• Investigation interview notes.

Who do we obtain your information from?

Much of the information we process will be obtained directly from your complaint or from a complaint made by another individual. However, we may need to collect data about you from, but not necessarily limited to, the following organisations:

• Department of Education,
• The Local Authority,
• Our appointed Data Protection Officer
• Ofsted
• The Police and/or other Law Enforcement bodies
• Local Health and/or social care providers

Who do we share your personal data with?

According to our complaints procedure all complaints are handled by the Headteacher or Governors. However, Within the School we will disclose any relevant data to any individual (usually an employee or governor) that requires the data in order to complete the investigation, to administer the complaint, or to receive advice about how to handle a complaint.

The following organisations may also receive your data if allowed by law:

• Department of Education
• The Local Authority
• Our appointed Data Protection Officer
• Ofsted
• Information Commissioner’s Office
• Any other organisation and/or regulator when the School is legally required to disclose your information.

How long do we keep your personal data for?

Generally the school will keep personal data collected as part of the complaints process for six years upon closure of the complaint. This is to ensure that the School can demonstrate the complaint has been handled appropriately.

In some cases information gathered as part of a complaint investigation will need to be kept for longer than six years in accordance with various legislation. For example any complaints in relation to Looked after Children will be kept for 70 Years from closure of the file.

Do you transfer my data outside of the UK?

Generally the information that the school holds is all held within the UK. However, some information may be held on computer servers which are held outside of the UK. We will take all reasonable steps to ensure your data is not processed in a country that is not seen as ‘safe’ by the UK government. If we do need to send your data out of the EU it will ensure it has extra protection from loss or unauthorised access.

What is our lawful basis for processing your personal data?

The School is legally required to operate a relevant complaints procedure as per the

(Maintained Schools, VA Schools, VC Schools) Education Act 2002

As such the School relies on Article 6(1)(c) and Article 9(2)(g) of the GDPR to process your personal and special category data. This is in pursuance with Schedule 1, Part 2 (6)(2)(a) of the Data Protection Act 2018 – this means that the School can process your data as part of the official authority vested in us by the above legislation.

What rights do you have over your data?

Under GDPR, individuals have the following rights in relation to the processing of their personal data:

• to be informed about how we process your personal data. This notice fulfils this obligation
• to request access to your personal data that we hold, and be provided with a copy of it
• to request that your personal data is amended if inaccurate or incomplete
• to request that your personal data is erased where there is no compelling reason for its continued processing
• to request that the processing of your personal data is restricted
• to object to your personal data being processed

You can exercise any of these rights by contacting: Headteacher Mrs Lisa Armstrong

If you have any concerns about the way we have handled your personal data or would like any further information, then please contact our DPO on the address provided above.

If we cannot resolve your concerns you may also complain to the Information Commissioner’s Office (the Data Protection Regulator) about the way in which the school has handled your personal data. You can do so by contacting: