Privacy Notice for Directors Trustees and Other Volunteers
Privacy Notice for Directors, Trustees and Other Volunteers
at St Michael’s CE Primary School
Under data protection law, individuals have a right to be informed about how the school uses any personal data that we hold about them. We comply with this right by providing ‘privacy notices’ (sometimes called ‘fair processing notices’) to individuals where we are processing their personal data.
This privacy notice explains how we collect, store and use personal data about individuals working with St Michael’s CE Primary School in a voluntary capacity, including Directors and Trustees, in line with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
We, St Michael’s CE Primary School, are the ‘data controller’ for the purposes of data protection law. Our Data Protection Officer is Simon Churchill (Contact details shown below in Section 9, How to Contact us).
1.0 The personal data we hold
We process data relating to those volunteering at our School. Personal data that we may collect, use, store and share (when appropriate) about you includes, but is not restricted to: Personal identifiers (such as name, date of birth, contact details, postcode, email address)
- Governance details (such as role, start and end dates and Director ID)
- References
- Evidence of qualifications
- Employment details
- Confirmation of Enhanced DBS clearance
- Photographs (for ID badges)
- CCTV images captured in school
We may also collect, store and use information about you that falls into “special categories” of more sensitive personal data. This may include information about (where applicable):
- Race, ethnicity, religious beliefs, sexual orientation and political opinions
- Disability and access requirements
We will take extra care of this data. The legal reason for us to collect and use this personal information is:
- to perform our statutory duties and it is required by law for reasons of public interest
- to protect your vital interests.
We may also hold data about you that we have received from other organisations.
2.0 Why we use this data
The purpose of collecting your personal data is to support the school to:
- Establish and maintain effective governance
- Meet statutory obligations for publishing and sharing Directors’/Governors/Trustees’ details
- Facilitate safe recruitment, as part of our safeguarding obligations towards pupils
- Undertake equalities monitoring
- Ensure that appropriate access arrangements can be provided for volunteers who require them
3.0 Our lawful basis for using this data
We only collect and use your personal data when the law allows us to. Most commonly, we process it where:
- We need to comply with a legal obligation (All Academy Trusts, under the Academies Financial Handbook, have a legal duty to provide the governance information as detailed in Section 1.)
- We need to perform an official task in the public interest
Less commonly, we may also process your personal data in situations where:
- We have obtained consent to use it in a certain way
- We need to protect an individual’s vital interests (protect their life)
Where you have provided us with consent to use your data, you may withdraw this consent at any time. We will make this clear when requesting your consent, and explain how you would go about withdrawing consent if you wish to do so.
Some of the reasons listed above for collecting and using your personal data overlap, and there may be several grounds which justify our use of your data.
We may also use sensitive personal data called “special category data” which requires more protection to keep it safe. This is often information you would not want to be widely known and is very personal to you. This may include information about (where applicable): race, ethnicity, religious beliefs, sexual orientation, political opinions, disability and access requirements
We will take extra care of this data. The legal reason for us to collect and use this personal information is:
- to perform our statutory duties and it is required by law
- for reasons of public interest
- to protect an individual’s vital interests
3.1 Department for Education
The Department for Education (DfE) collects personal data from educational settings and local authorities. We are required to share information about individuals in governance roles with the Department for Education (DfE) under the requirements set out in the Academies Financial Handbook
All data is entered manually on the GIAS system and held by DfE under a combination of software and hardware controls which meet the current government security policy framework. For more information, please see ‘How Government uses your data’ section.
4.0 Collecting this information
While the majority of information we collect about you is mandatory, there is some information that can be provided voluntarily.
Whenever we seek to collect information from you, we make it clear whether you must provide this information (and if so, what the possible consequences are of not complying), or whether you have a choice.
5.0 How we store this data
We maintain files in which we store personal information about all volunteers. The information contained in these files is kept secure and is only used for purposes directly relevant to your work with the school.
All personal data is stored in accordance with our Data Protection Policy. A copy of this is available from the School Office or may be downloaded from the School Policies section of our website.
When your relationship with the school has ended, we will retain/dispose of your personal information in accordance with the above-mentioned policy.
6.0 Data sharing
We do not share information about you with any third party without consent unless the law and our policies allow us to do so.
Where it is legally required, or necessary (and it complies with data protection law), we may share personal information about you with:
- The Academy Trust – for monitoring and school improvement purposes
- Government departments or agencies – to meet our legal obligations to share certain information with it, such as details of Governors/Directors/Trustees (see below)
- Our local authority – to meet our legal obligations to share certain information with it, such as details of Governors (Directors/Trustees)
- Suppliers and service providers – to enable them to provide the service we have contracted them for (such as governor/trustee support)
- Professional bodies, advisors and consultants - such as governor/trustee support
- Employment and recruitment agencies – such as for the processing of DBS clearances
- Police forces, courts – such as for the prevention/detection of crime or fraud; or there is an issue with a parent/carer that puts the safety of our pupils or staff (paid and voluntary) at risk
As part of the statutory school inspection process, we are required to share information with our regulators, OfSTED and SIAMS (Statutory Inspection of Anglican and Methodist Schools). Information may also be shared with our auditors. Where possible such data is anonymised before sharing.
Occasionally we may share information with the Health and Safety Executive as part of our legal obligation to report certain accidents/incidents/near misses under RIDDOR (Reporting of Injuries, Diseases and Dangerous Occurrences Regulations).
6.1 How the Government uses Governor/ Director data
The governor/directors data that we lawfully share with the DfE via GIAS:
- will increase the transparency of governance arrangements
- will enable Academies and the department to identify more quickly and accurately individuals who are involved in governance and who govern in more than one context
- allows the department to be able to uniquely identify an individual and in a small number of cases conduct checks to confirm their suitability for this important and influential role
6.1.1 Data collection requirements
To find out more about the requirements placed on us by the Department for Education including the data that we share with them, go to https://www.gov.uk/government/news/national-database-of-governors
Note: Some of these personal data items are not publicly available and are encrypted within the GIAS system. Access is restricted to a small number of DfE staff who need to see it in order to fulfil their official duties. The information is for internal purposes only and not shared beyond the department, unless the law allows it
6.1.2 How to find out what personal information the DFE holds about you
Under the terms of the Data Protection Act 2018, you are entitled to ask the Department:
- if they are processing your personal data
- for a description of the data they hold about you
- the reasons they’re holding it and any recipient it may be disclosed to
- for a copy of your personal data and any details of its source
If you want to see the personal data held about you by the Department, you should make a ‘subject access request’. Further information on how to do this can be found within the Department’s personal information charter that is published at the address below:
To contact DfE: https://www.gov.uk/contact-dfe
6.2 Transferring data internationally
Where we transfer personal data to a country or territory outside the European Economic Area, we will do so in accordance with data protection law.
7.0 Requesting access to personal data (Subject Access Request)
Individuals have a right to make a ‘subject access request’ to gain access to personal information that the school holds about them.
If you make a subject access request, and if we do hold information about you, we will:
- Give you a description of it
- Tell you why we are holding and processing it, and how long we will keep it for
- Explain where we got it from, if not from you
- Tell you who it has been, or will be, shared with
- Let you know whether any automated decision-making is being applied to the data, and any consequences of this
- Give you a copy of the information in an intelligible form
You may also have the right for your personal information to be transmitted electronically to another organisation in certain circumstances.
If you would like to make a request for your personal information, please contact our Data Protection Lead, Simon Churchill.
7.1 Your other rights regarding your data
Under data protection law, individuals have certain rights regarding how their personal data is used and kept safe. You have the right to:
- Have your personal data rectified, if it is inaccurate or incomplete.
- Request the deletion or removal of personal data if there is no compelling reason for its continued processing.
- Restrict our processing of your personal data (ie permitting its storage but no further processing).
- Object to direct marketing (including profiling) and processing for the purposes of scientific/historical research and statistics use of your personal data if it would cause, or is causing, damage or distress
- Not to be subject to decisions based purely on automated processing where it produces a legal or similarly significant effect on you.
- Claim compensation for damages caused by a breach of the data protection regulations
To exercise any of these rights, please contact our data protection officer.
8.0 Complaints
We take any complaints about our collection and use of personal information very seriously.
If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with our Data Protection Lead in the first instance; contact details are shown in Point 9 below.
To make a complaint, please contact our Data Protection Officer, contact details are shown in Point 9 below.
Alternatively, you can make a complaint direct to the Information Commissioner, see Point 10.
9.0 How to contact us for further information
If you would like further information or have a concern or complaint about how we are using your information, we would ask you to contact us:
Our school-based Data Protection lead is Emily Marshall, School Business Manager
Telephone: 01202 290497
Email emily.marshall@stmichaelsprimary.bournemouth.sch.uk
Emily Marshall, St Michael’s CE Primary School, Somerville Road, Bournemouth BH2 5LH
Our independent Data Protection Officer is Simon Churchill, School Business Manager, Winton Primary School
Telephone: 01202 513988
Email: simon.churchill@wintonprimary.bournemouth.sch.uk
Simon Churchill, Winton Primary School, Hadow Road, Bournemouth BH10 5HT
10.0 Information Commissioner
For further information about Information Rights legislation or to make a complaint, please contact the Information Commissioner’s Office at www.ico.org.uk or telephone 0303 123 1113 or write to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Concerns can also be reported online at https://ico.org.uk/concerns/