GDPR
Privacy Notice
Who we are
The Rose Learning Trust is committed to keeping your personal information safe and secure. This notice is intended to provide information about how the Trust will use of “process” personal data about individuals including current, past and prospective pupils (“Pupils”) and their parents, carers or guardians (referred to in this notice as “parents”). This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why, and when we process your personal data.
The Rose Learning Trust’s registered office is:
The Rose Learning Trust
Central Office
Stevens Road
Doncaster
DN4 0LT
We are a company registered in England and Wales under company number 108820308
We are registered on the Information Commissioner's Office Register; registration number is ZA 229898, and act as the Data Controller when processing your data.
The trust employs an independent designated Data Protection Officer (DPO), who is helping to guide the schools to ensure full compliance with GDPR. The DPO can be contacted with any queries by email or in writing to any of our schools. Our designated Data Protection Officer is Tim Pinto (E-Safety Office), who can be contacted at tpinto@esafetyoffice.co.uk
We also have a Data Protection Single Point of Contact for the trust. If you would like to speak to us about Data Protection, please contact Lyndsey Williams, Rose Learning Trust Governance and Compliance Officer, by email at enquiries@roselearning.co.uk or by telephone 01302 243528.
Why the Trust needs to process personal data
In order to carry out its ordinary duties to staff, pupils and parents, the Trust may process a wide range of personal data about individuals as part of its daily operation. Some of this activity the Trust will need to carry out in order to fulfil its legal rights, duties, or obligations to make sure we can help you learn and look after you at school. For the same reasons we get information about you from some other places too, like other schools, the local council, medical and educational professionals, and the government.
The Trust holds the legal right to collect and use personal data relating to individuals, in order to meet legal requirements and legitimate interests set out in the GDPR and UK law, including those in relation to the following:
Article 6 and Article 9 of the GDPR
Education Act 1996
We hold some personal information about you to make sure we can help you learn and look after you at school. For the same reasons, we get information about you from some other places too, like other schools, the local council, medical and education professionals, and the governments
This information includes: - This list is not exhaustive
The personal data that we may collect, use, store, and share (when appropriate) about you and your children includes, but is not restricted to:
Personal identifiers, contacts, and characteristics such as name, unique pupil number, contact details and address
Attendance details such as sessions attended, number of absences and reason for absence
Information relating to episodes of being a child in need (such as referral information, assessment information, Section 47 information, Initial Child Protection Information and Child Protection Plan information)
Results of internal assessments and externally set tests
Pupil and curricular records
Characteristics, such as ethnic background, eligibility for free school meals, or special educational needs
Exclusion information
Special Education Needs information (including the needs, information from other professional services, information contained in an ECHP
Details of any medical conditions, including physical and mental health
Attendance information such as sessions attended, number of absences, absence reasons and any previous schools attended
Behavioural information such as exclusions and any relevant alternative provision put in place
Safeguarding information (such as court orders and professional involvement)
Details of any support received, including care packages, plans and support providers
Assessment and attainment information such as Key Stage 1 and phonics results, Key Stage 2 results
School trip information such as consents and current medical issues, or voluntary contributions made
Provision of educational software in support of teaching and learning
Information to enable the pupil to be provided with a school meal
Medical information and administration
Information required in order to meet our statutory requirements for statutory returns and audit
Why we use this information
We use this data to help run the school, including to: -
Provide you with an education including extra-curricular activities
Safeguarding pupils’ welfare and provide appropriate pastoral and where necessary, medical care
Monitor pupils’ progress and educational needs
Enable pupils to take part in national or other assessments, and to publish the results of public examinations or other achievements of pupils at the school
Maintain relationships with the school community
Help us with the management planning and forecasting, research, and statistical analysis and to enable us to monitor the Trust’s performance
Allocate the correct teaching resource
Provide any additional support
Monitor use of the Trust’s IT system in accordance with the school’s Acceptable Use Policy
Receive information about current and prospective pupils from any educational institution that they attend
Confirm the identity of prospective pupils and their parents
Use photographic or video images of pupils in learning journeys or in school displays for legitimate educational purposes. Photographs for promotional use for use in school newsletters or school or other websites or media will only be used with pupil’s/parents’ permission
Create invoices and process payments for services such as school meals, school trips etc
For security purposes and for regulatory and legal purposes, for example, child protection and health and safety and to comply with its legal obligations
Receive reports from any organisations that may be working with your child
Where otherwise reasonably necessary for the trust’s purposes, including to obtain appropriate professional advice and insurance for the school
To keep you updated about the running of the school, such as emergency closures, events or activities including by sending updates and newsletters by text, email and post
Use of personal data for marketing purposes
Where you have given us consent to do so, we may send you marketing information by email or text promoting school events, campaigns, charitable causes or services that may be of interest to you. This may include relevant and appropriate information about fundraising events held by the school PTA or other local charities, or information about local commercial or not for profit services such as holiday clubs, child-friendly activities or other children’s services.
You can withdraw consent or ‘opt out’ of receiving these emails and/or texts by contacting your school office
We commission school photographers to take photos of pupils which are uploaded to our student information management systems. You may be offered these photographs for purchase through such service providers but there is no obligation to buy your child’s photograph.
We always obtain data sharing agreements for any such providers.
We never sell your data.
Our legal basis for using this information
We will only collect and use your information when the law allows us to. Most often, we will use your information where:
We need to comply with the law in meeting the statutory duties placed upon us
We need to use it to carry out a task in the public interest in order to provide you with an education
Sometimes, we may also use your person information where:
You, or your parents/carers have given us permission to use it in a certain way:
We need to protect you or someone’s else’s vital interests (protect your life)
Where we have got permission to use your data, you or your parents/carers may withdraw this at any time. We will make this clear when we ask for permission and explain how to go about withdrawing consent.
Some of the reasons listed above for collecting and using your information overlap, and there may several grounds which mean we can use your data.
Collecting this information
Pupil data is essential for the school’s operational use.
While in most cases you, or your parents/carers, must provide the personal information we need to collect, there are some occasions when you can choose whether or not to provide the data
We will always tell you if it’s optional. If you must provide the data, we will explain what might happen if you do not
In addition, when a child joins us from another school, we receive a secure file containing relevant information called a Common Transfer File (CTF)
We ask parent to keep pupil information up to date via the school office. You will receive reminders to update your information regularly throughout the school year.
Storing Information
We keep personal information about pupils and parents/carers while they are attending our trust. We may also keep it beyond their attendance at our trust if this is necessary in order to comply with our legal obligations. For information on our Records Management Policy and Retention Schedule and how we keep your data safe, please see the trust website.
Why we share pupil information
We do not share information about pupils with any third party without consent unless the law and our policies allow us to do so.
Where it is legally required, or necessary (and it complies with data protection law) we may share personal information about pupils with:
Our local authority to meet our legal obligations to share certain information with it, such as safeguarding concerns and exclusions
The Department for Education
The pupil’s family and representatives
Schools within The Rose Learning Trust
Educators and examining bodies
Our regulator – Ofsted
Financial Organisations
Our auditors
Survey and research organisations
Health authorities such as the School Nurse and other medical professionals
Health and social welfare organisations
Professional advisers and consultants
Charities and voluntary organisations in support of pupils’ needs
Police forces, courts and tribunals
Professional bodiesSchools that the pupils attend after leaving us
Our ICT support suppliers who support us with MIS and other ICT
School meal providers where relevant allergy information is vital
Suppliers and service providers and educational software providers in support of teaching and learning to enable them to prove the service we have contracted them for such as: -
Arbor – our school information management system
CPOMS – safeguarding and behaviour management system
Video Conferencing e.g. Zoom/Teams
Parent Pay – our parent communication and payment systems
Parent Mail – our parent communication system
Free School Meal Eligibility Team
Education software in support of teaching and learning
Assessment software in support of pupil assessment
Microsoft Outlook email communication system
Cool Milk to enable free milk for reception/nursery pupils
This list is not exhaustive.
We may also share your information with:
Other partners, where we have your consent e.g., peripatetic music teachers
Other third-party partners, where we have your consent, providing services such as after school clubs
Remote Learning/Home Working
Staff, learners, and other associates at the Rose Learning Trust will make use of personal data both in and outside of the organisation setting.
This will include homework, planning, marking, remote learning and collaboration with colleagues. It will also include administration processes and facilities management.
The Rose Learning Trust will review the use of suitable technology for remote working and home learning, and ensure that appropriate technical, security and organisational measures are taken. The choice of technologies and processes will take into account the needs of the Rose Learning Trust to respect and protect the rights and freedoms of its staff, learners, and the wider community with respect to personal data.
CCTV
We use CCTV in various locations around our school sites within the Trust to ensure it remains safe. We will adhere to the ICO’s Code of Practice for the use of CCTV. We do not need to ask individuals’ permission to use CCTV, but we make it clear where individuals are being recorded. Security cameras are clearly visible and accompanied by prominent signs explaining that CCTV is in use.
Any enquiries about the CCTV system should be directed to the Data Protection Single Point of Contact for the trust.
The National Pupil Database (NPD)
The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.
To find out more about the pupil information we share with the department, for the purpose of data collections, go to: -
https://www.gov.uk/education/data-collection-and-censuses-for-schools.
To find out more about the NPD, go to: -
The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:
conducting research or analysis
producing statistics
providing information, advice or guidance
Safeguarding Measures
The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
who is requesting the data?
the purpose for which it is required
the level and sensitivity of data requested: and
the arrangements in place to store and handle the data
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data. In accordance with Data Protection Law, some of the Trusts processing activity is carried out on its behalf by third parties, such as IT systems, web developers, cloud storage and social media providers. Where possible this is subject to contractual assurances that personal data will be kept securely and only in accordance with the Trusts specific directions.
The Trust is required by law to provide information to the DfE as part of statutory data collections such as the academy census and the academy workforce return. This data sharing underpins school funding and educational attainment policy and monitoring.
For more information about the department’s data sharing process, please visit:
https://www.gov.uk/data-protection-how-we-collect-and-share-research-data
For information about which organisations the department has provided pupil information, (and for which project), please visit the following website:
https://www.gov.uk/government/publications/national-pupil-database-requests-received
To contact DfE: https://www.gov.uk/contact-dfe
Your Rights
How to access personal information we hold about you
You can find out if we hold any personal information about you, and how we use it, by making a ‘subject access request’, as long as we judge that you can properly understand your rights and what they mean. If we do hold information about you, we will:
Give you a description of it
Tell you why we are holding it and using it, and how long we keep it for
Explain where we got it from, if not from you or your parents
Tell you who it has been, or will be, shared with
Let you know if we are using your data to make any automated decisions (Decision being taken by a computer or machine, rather than by a person)
Give you a copy of the information
You may also ask us to send your personal information to another organisation electronically in certain circumstances
Your other rights over your data
You have other rights over how your personal data is used and kept safe, including the right to: -
Say that you do not want it to be used if this would cause, or is causing, harm or distress
Stop it being used to send you marketing materials
Say that you do not want it used to make automated decisions (decisions made by a computer or machine, rather than by a person)
Have it corrected, deleted, or destroyed if it is wrong, or restrict our use of it
Claim compensation if the data protection rules are broken and this harms you in some way
Privacy Policy Changes
Although most changes are likely to be minor, The Rose Learning Trust may change its Privacy Policy from time to time at The Rose Learning Trust’s sole discretion.
Complaints
We take any complaints about how we collect and use your personal data very seriously, so please let us know if you think we have done something wrong.
You can make a complaint at any time by contacting our Governance and Compliance Officer by email at enquiries@roselearning.co.uk or by contacting our designated Data Protection Officer Tim Pinto (E-Safety Office), who can be contacted at tpinto@esafetyoffice.co.uk
You can also complain to the Information Commissioner’s Office in one of the following ways:
Online: https://ico.org.uk/concerns
Call: 0303 123 1113
Write to:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire, SK9 5AF
Contact Us
If you have any questions, concerns or would like more information about anything mentioned in this privacy notice, please contact Lyndsey Williams, Governance and Compliance Officer by email at enquiries@roselearning.co.uk or by telephone 01302 243528.