School Privacy Notice

What the School or Early Years Provider, Cardiff Council Local Authority and Welsh
Government does with the Educational Information they hold on Children and Young
People

To meet the requirements of the Data Protection Act 2018 and UK General Data Protection Regulation (GDPR), schools are required to issue a Privacy Notice to children and young people and/or parents and guardians summarising the information held on record about children and young people, why it is held, and the third parties to whom it may be passed.

This Privacy Notice provides information about the collection and processing of children’s or young people’s personal and performance information by the School, Cardiff Council (LA) and Welsh Government.

The collection of personal information
The school collects information about children and young people and their parents or legal guardians when children and young people enrol at the school. The school also collects information at other key times during the school year and may receive information from other schools when children and young people transfer. The School processes the information it collects to administer the education it provides to children and young people. For example:

• the provision of educational services to individuals;
• monitoring and reporting on pupils’/children’s educational progress;
• the provision of welfare, pastoral care and health services;
• the giving of support and guidance to children and young people, their parents and
legal guardians;
• the organisation of educational events and trips;
• the planning and management of the school.

Welsh Government and Local Authority (LA)

The Welsh Government receives information on pupils directly from schools normally as part of statutory data collection which consists of the following:

▪ Post-16 data collection
▪ Pupil Level Annual School Census (PLASC)
▪ Educated other than at school (EOTAS) pupil level collection
▪ National data collection (NDC)
▪ Attendance collection
▪ Welsh National Tests (WNT) data collection
▪ The School Workforce Annual Census (SWAC)
▪ Welsh Government’s Hwb system for pupils.

In addition to the data collected as part of PLASC, the Welsh Government and Local Authorities also receives information regarding National Curriculum assessments, public examination results, and attendance data at individual pupil level which comes from Schools and /or Awarding Bodies (e.g. WJEC).

The Welsh Government uses this personal information for research (carried out in a way that ensures individual children and young people cannot be identified) and for statistical purposes, to inform, influence and improve education policy and to monitor the performance of the education service as a whole.

The LA also uses the personal information collected to do research. It uses the results of this research to make decisions on policy and the funding of schools, to calculate the performance of schools and help them to set targets. The research is carried out in a way that ensures individual children and young people cannot be identified.

Personal information held

The sort of personal information that will be held includes:

• personal information (such as name, unique pupil number and address)
• characteristics (such as ethnicity, language, nationality, country of birth and free
school meal eligibility)
• details about children’s and young people’s immigration status (this is used only to
prepare summary statistical analyses);
• attendance information (such as sessions attended, number of absences and
absence reasons)
• behavioural information (such as exclusions and any relevant alternative provision
put in place)
• safeguarding information (such as court orders, social services and professional
involvement)
• special educational needs (including the needs and ranking)
• medical and administration (such as doctors information, child health, dental health,
allergies, medication and dietary requirements)
• contact details, contact preferences, date of birth, identification documents
• performance in internal and national assessments and examinations, assessment
information
• pupil and curricular records
• details of any medical conditions, including physical and mental health
• details of any support received, including care packages, plans and support providers
• dietary requirements
• photographs
• CCTV images captured in school
• biometric information (for use in cashless catering systems)

Organisations which may share personal information

Information held by the school, Early Years providers, LA and the Welsh Government on children and young people, their parents or legal guardians may also be shared with other organisations when the law allows and providing all appropriate steps are taken to keep the information secure, for example:

• other education and training bodies, including schools, when children and young
people are applying for courses or training, transferring schools or seeking guidance
on opportunities;
• bodies contracted to conduct research for the Welsh Government, LA and
schools/Early Years providers with appropriate steps taken to ensure that the
information secure;
• central and local government for the planning and provision of educational services;
• social services and other health and welfare organisations where there is a need to
share information to protect and support individual children and young people;
• management Information System (MIS) providers in order to ensure that system
functionality and accuracy is maintained;
• the Council’s and or Schools approved suppliers of the schools ‘cashless’ system to
ensure all pupils, parents & guardians with parental responsibility and school staff are
able to use it as appropriate;
• the Central South Consortium Joint Education System (CSCJES) to support regional
statistical analysis as required by Welsh Government;
• various regulatory bodies, such as ombudsmen and inspection authorities, where the
law requires that information be passed on so that they can do their work;
• the Office of National Statistics (ONS) in order to improve the quality of migration and
population statistics

Children and young people have certain rights under the Data Protection Act and UK General Data Protection Regulation, including a general right to be given access to personal data held about them by any “data controller.” The law allows that, by the age of 13, children and young people have sufficient maturity to understand their rights and to make an individual right request themselves if they wish. A parent would be expected to make a request on a child’s behalf if the child is younger. If you wish to access your personal data, or that of your child, then please contact the relevant organisation in writing.

Other information
The LA, school and Welsh Government place a high value on the importance of information security and have a number of procedures in place to minimise the possibility of a compromise in data security. The LA, school and Welsh Government will endeavour to ensure that information is kept accurate at all times and processed in accordance with our legal requirements.

Your rights under the Data Protection Act 2018 and UK General Data Protection Regulation (GDPR)

The Data Protection laws give individuals certain rights in respect of personal information held on them by any organisation. These rights include:

• the right to ask for and receive copies of the personal information held on yourself,
although some information can sometimes be legitimately withheld;
• the right, in some circumstances, to prevent the processing of personal information if
doing so will cause damage or distress;
• the right to ask for incorrect information to be put right;
• the right to request that information is not processed

You also have the right to ask the Information Commissioner, who enforces and oversees the Data Protection Act, to assess whether or not the processing of personal information is likely to comply with the provisions of our legislative responsibilities.

Seeking further information

We contract with Cardiff Council’s Information Governance Team as the Contracted Data Protection Officer. For further information about the personal information collected and its use, if you have concerns about the accuracy of personal information, or wish to exercise your rights under the Data Protection Act 2018 and UK General Data Protection Regulation, you should contact:

This document is available in Welsh / Mae’r ddogfen hon ar gael yn Gymraeg

School Calendar

Calendar of Events

M Mon

T Tue

W Wed

T Thu

F Fri

S Sat

S Sun

0 events,

0 events,

1 event,

0 events,

0 events,

0 events,

0 events,

0 events,

0 events,

0 events,

0 events,

0 events,

0 events,

0 events,

0 events,

0 events,

1 event,

1 event,

0 events,

0 events,

0 events,

0 events,

0 events,

0 events,

1 event,

0 events,

0 events,

0 events,

1 event,

1 event,

1 event,

1 event,

1 event,

0 events,

0 events,