Privacy Notice – New GDPR Information

We are currently working on updating our policies in line with regulations. Please see below our Privacy Notice for your information.

PRIMARY PRIVACY NOTICE
Overview
Norbury Hall Primary School is committed to ensuring that we’re transparent about the ways in which we use your personal information and that we have the right controls in place to ensure it is used responsibly and is kept safe from inappropriate access, theft or misuse.
This privacy notice explains how we use your personal information and tells you about your privacy rights and how the law protects you.

Personal Information;
Personal information can be anything that identifies and relates to a living person. This can include information that when linked with other information, allows a person to be uniquely identified. For example;
• Names of staff and pupils.
• Dates of birth.
• Addresses.
• National insurance numbers.
• School marks.
• Medical information.
• Exam results.
• SEN assessments and data.
• Staff development reviews.

The law treats some types of personal information as ‘special’ because the information requires more protection due to its sensitivity. This information consists of:
• racial or ethnic origin
• sexuality and sexual life
• religious or philosophical beliefs
• trade union membership
• political opinions
• genetic and bio-metric data
• physical or mental health
• criminal convictions and offences

Purposes
We collect, store and maintain information for a number of different reasons, these include;
• to support pupil learning and the delivery of education
• to monitor and report on pupil progress
• to provide appropriate pastoral care
• to assess the quality of our services
• to comply with the law regarding data sharing
• to comply with our statutory obligations

Legal basis for processing data and information sharing
In the majority of cases, schools process personal data as the law requires. For all other processing, schools will collection personal information where:
• you, or your legal representative, have given consent
• you have entered into a contract with us
• it is required by law (such as where this is mandated by statute or under a court order)
• it is necessary for employment related purposes
• it is necessary to deliver health or social care services
• it is necessary to protect you or others from harm (e.g.in an emergency or civil disaster)
• it is necessary to protect public health
• it is necessary for exercising or defending legal rights
• you have made your information publicly available
• it is necessary for archiving, research, or statistical purposes
• it is necessary in the substantial public interest for wider societal benefits and is authorised by law
• it is necessary for fraud prevention and the protection of public funds
• it is in our legitimate interests (or those of a third party) provided your interests and fundamental rights do not override those interests
Your personal information may also be shared with other organisations, such as those who assist us in providing services and those who perform technical operations such as data storage and hosting on our behalf.
These practical arrangements and the laws governing the sharing and disclosure of personal information often differ from one service to another.
For this reason, each of our key service areas provide additional information about how we collect and use your information. These privacy notices explain:

• why we need your information
• who else we obtain or receive it from
• the legal basis for collection and the choices you have
• who we share it with and why
• whether decisions which legally affect you are made solely using machine based technologies
• how long we keep your information
• how to exercise your rights
The specific privacy notices may be accessed shortly via our website.

Data Transfers beyond EEA
We’ll only send your data outside the European Economic Area (‘EEA’):
• with your consent, or
• to comply with a lawful and legitimate request, or
• if we use service providers or contractors in non EEA countries.
If we do transfer your information beyond the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We will use one of these safeguards:
• Transfer it to a non EU country with privacy laws that give the same protection as the EU. Learn more on the European Commission Justice website.
• Put in place a contract with the recipient that means they must protect it to the same standards as the EEA. More information is available on the European Commission Justice website.
• Transfer it to organisations that are part of the Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA. You can find out more about the Privacy Shield on the European Commission Justice website

If we propose to make a transfer in response to a lawful and legitimate request we will normally tell you in advance unless there are compelling reasons, such as law enforcement or, reasons of safety which justify not doing so.

Automated decisions
This is not appropriate for Norbury Hall Primary School as we do not currently make[s] decisions which legally affect individuals through the use of a computerised system or programme. All decisions are based on human intervention.

Data Retention/criteria
We’ll only keep your personal information for as long as the law specifies. Where the law doesn’t specify this, we’ll keep your personal information for the length of time determined by our business requirements.
Our retention schedule outlines how long we retain certain types of information for and can be viewed here;

How we keep your information safe
We’re committed to ensuring your personal information is safe and protected from accidental loss or alteration, inappropriate access, misuse or theft.
As well as technical, physical and organisational controls, we recognise that a well-trained, informed and security alert workforce minimises privacy risks from human error and/or malicious threats.
We require our service providers to implement appropriate industry standard security measures. We only permit them to process your personal information for specified purposes in accordance with our contractual instructions.

Rights of individuals

You may exercise the rights listed below in relation to our use of your personal information. Some rights are absolute and others are not.
To find out more about how these rights apply in particular circumstances, please refer to our exercising rights guide which will follow shortly.

To exercise these rights, please contact our school office by emailing admin@norburyhall.stockport.sch.uk

Complaints (ICO)
If you’re not satisfied with the way we have answered a request from you or handled your personal information, you have the right to make a complaint to the Information Commissioner.
This right is not dependant on you raising a complaint with us first but we would encourage you to contact our Data Protection Officer by emailing IGSchoolSupport@stockport.gov.uk so we can consider your concerns as quickly as possible.

Keep updated on changes to our privacy notice
We may update or revise this privacy notice at any time so please refer to the version published on our website for the most up to date details.