Exceed Learning Partnership and its academies (‘we’ or ‘us’ or ‘our’) gather and process your personal information in accordance with this privacy policy and in compliance with the relevant data protection Regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.
Exceed Learning Partnership’s registered office is at Edlington Lane, Edlington, Doncaster, DN12 1PL and we are a company registered in England and Wales under company number 10660150. We are registered on the Information Commissioner's Office Register; registration number ZA245663, and act as the Data Controller when processing your data. Our designated Data Protection Officer/Appointed Person is Lorraine Burton, who can be contacted at DPO@exceedlearningpartnership.com
This policy is intended to provide information about how the Trust/Academy will use (or “process”) personal data about individuals including: its personnel, its current, past and prospective pupils and their parents, carers or guardians (referred to in this policy as “parents”).
This information is provided in accordance with the rights of individuals under Data Protection Law to understand how their data is used. Trust/Academy personnel, parents and pupils are all encouraged to read the required Privacy Notice and understand the Trust’s obligations.
This Privacy Notice runs alongside any other information the Trust/Academy may provide about a particular use of personal data, for example when collecting data via an online or paper form.
1. Order to carry out its ordinary duties to staff, pupils and parents, the Trust/Academy may process a wide range of personal data about individuals as part of its daily operation. Some of this activity the Trust/Academy will need to carry out in order to fulfil its legal rights, duties or obligations. The Trust/Academy holds the legal right to collect and use personal data relating to individuals, in order to meet legal requirements and legitimate interests set out in the GDPR and UK law, including those in relation to the following:
In accordance with the above, we use data relating to pupils and their families for the following reasons:
We use data relating to personnel for the following reasons:
This will include by way of example:
Generally, the Trust/Academy receives personal data from the individual directly (including, in the case of pupils, from their parents). This may be via an online enquiry form, email, paper documentation or simply during the ordinary course of interaction or communication. In some cases, personal data may be supplied by third parties (for example another Trust/Academy, the Local Authority or other professionals or authorities working with the individual).
Whilst the majority of the personal data provided to the Trust/Academy is mandatory, some of it is provided on a voluntary basis. When collecting data, the Trust/Academy will inform you whether you are required to provide this data or if your consent is needed. Where consent is required, the Trust/Academy will provide you with specific and explicit information with regards to the reasons the data is being collected and how the data will be used.
In accordance with the GDPR, the Trust/Academy does not store personal data indefinitely; data is only stored for as long as is necessary to satisfy the purpose for which it was collected. Exceed Learning Partnership’s GDPR Data Retention Policy identifies how long personal data is stored for.
Exceed Learning Partnership and its academies takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including: SSL, TLS, encryptions, pseudonymisation, restricted access, IT authentication, firewalls, anti-virus/malware etc.
We will never disclose or share your data without your consent, unless required to do so by law. We will only retain your data for as long as is necessary and for the purpose(s) specified within our privacy notices. Where you have consented to us providing you with information relating to school events (see consent section on Privacy Notice for pupils) you are free to withdraw this consent at any time.
For the most part, personal data collected by the Trust or its Academies will remain within the Trust/Academy, and will be processed by appropriate individuals only in accordance with access protocols.
The Trust or its Academies routinely shares information with:
In accordance with Data Protection Law, some of the Trust’s/Academies’ processing activity is carried out on its behalf by third parties, such as IT systems, web developers, cloud storage and social media providers. Where possible this is subject to contractual assurances that personal data will be kept securely and only in accordance with the Trust or its Academies’ specific directions.
The Trust/Academies are required by law to provide information to the DfE as part of statutory data collections, such as the academy census and the academy workforce return. This data-sharing underpins school funding and educational attainment policy and monitoring.
To find out more about the data collection requirements placed on us by the DfE (for example, via the academy census) please visit the following website:
https://www.gov.uk/education/data-collection-and-censuses-for-schools
The National Pupil Database (NPD) is owned and managed by the DfE and contains information about pupils in schools in England. The law that allows this is the Education (Information about Individual Pupils) (England) Regulations 2013. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
To find out more about the NPD, please visit the following website:
https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information
The DfE may share information about our pupils from the NPD with third parties who promote the education or wellbeing of children in England by:
The DfE has robust processes in place to ensure that the confidentiality of our data is maintained, and there are stringent controls in place regarding access and use of the data. Decisions on whether the DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of data, security arrangements, retention and use of the data.
For more information about the DfE’s data sharing process, please visit the following website:
https://www.gov.uk/data-protection-how-we-collect-and-share-research-data
For information about which organisations the department has provided pupil information to, (and for which project), please visit the following website:
https://www.gov.uk/government/publications/national-pupil-database-requests-received
To contact the DfE go to the following website: https://www.gov.uk/contact-dfe
Under the data protection legislation, Individuals have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to a child’s educational record, contact the Chief Privacy Officer in the academy who will work with the Data Protection Officer for the Trust, see details below:-
Individuals also have the right to:
Where the processing of your data is based on your consent, you have the right to withdraw this consent at any time.
If you have a concern about the way Exceed Learning Partnership or its academies and/or DfE is collecting or using your personal data, you can raise a concern with us in the first instance or to the Information Commissioner’s Office.
An individual wishing to access or amend their personal data should put their request in writing to the Chief Privacy Officer in your academy or with Data Protection Officer at DPO@exceedlearningpartnership.com
You should also be aware that certain data is exempt from the right of access. This may include information that identifies other individuals.
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.