Autumn Half-Term Break
School is closed during this time.
What the School or Early Years Provider, Cardiff Council Local Authority and Welsh Government does with the Educational Information they hold on Children and Young People
To meet the requirements of the Data Protection Act 2018 and General Data Protection Regulation (GDPR), schools are required to issue a Privacy Notice to children and young people and/or parents and guardians summarising the information held on record about children and young people, why it is held, and the third parties to whom it may be passed.
This Privacy Notice provides information about the collection and processing of children’s or young people’s personal and performance information by the School, Cardiff Council (LA) and Welsh Government.
The collection of personal information
The school collects information about children and young people and their parents or legal guardians when children and young people enrol at the school. The school also collects information at other key times during the school year and may receive information from other schools when children and young people transfer.
The School processes the information it collects to administer the education it provides to
children and young people. For example:
Welsh Government and Local Authority (LA) The Welsh Government receives information on pupils directly from schools normally as part of statutory data collection which consists of the following:
In addition to the data collected as part of PLASC, the Welsh Government and Local Authorities also receives information regarding National Curriculum assessments, public examination results, and attendance data at individual pupil level which comes from Schools and /or Awarding Bodies (e.g. WJEC).
The LA also uses the personal information collected to do research. It uses the results of this research to make decisions on policy and the funding of schools, to calculate the performance of schools and help them to set targets. The research is carried out in a way that ensures individual children and young people cannot be identified.
Personal information held
The sort of personal information that will be held includes:
Organisations which may share personal information
Information held by the school, Early Years providers, LA and the Welsh Government on children and young people, their parents or legal guardians may also be shared with other organisations when the law allows and providing all appropriate steps are taken to keep the information secure, for example:
Children and young people have certain rights under the Data Protection Act and General Data Protection Regulation, including a general right to be given access to personal data held about them by any “data controller.” The law allows that, by the age of 13, children and young people have sufficient maturity to understand their rights and to make an individual
right request themselves if they wish. A parent would be expected to make a request on a child’s behalf if the child is younger. If you wish to access your personal data, or that of your child, then please contact the relevant organisation in writing.
The LA, school and Welsh Government place a high value on the importance of information security and have a number of procedures in place to minimise the possibility of a compromise in data security. The LA, school and Welsh Government will endeavour to ensure that information is kept accurate at all times and processed in accordance with our legal requirements.
Your rights under the Data Protection Act 2018 and General Data Protection Regulation (GDPR)
The Data Protection laws give individuals certain rights in respect of personal information held on them by any organisation. These rights include:
You also have the right to ask the Information Commissioner, who enforces and oversees the Data Protection Act, to assess whether or not the processing of personal information is likely to comply with the provisions of our legislative responsibilities.
Seeking further information
For further information about the personal information collected and its use, if you have concerns about the accuracy of personal information, or wish to exercise your rights under the Data Protection Act 2018 and General Data Protection Regulation, you should contact: