.   .   .  
 

Matthew Arnold School Data Protection Policy

1. General Statement of the School's Duties

Matthew Arnold School is required to process relevant personal data regarding staff, students, their parents and carers. We shall take all reasonable steps to do so in accordance with this policy. Processing may include obtaining, recording, holding, disclosing, destroying or otherwise using data. Reference to students in this policy includes current, past or prospective students.

2. The Principles

Our general principle is that information regarding a student will only be shared where it is in the best interest of the student’s safety, well-being, or education to do so. Further information can be found in the document Matthew Arnold School Guidance on Information Sharing.

Under the Data Protection Act 1998 all schools processing personal data must comply with the eight enforceable principles of good practice. Data must be:

The school is a registered Data Protection Controller which seeks to ensure that all personal data is processed fairly, securely and in compliance with the principles of the Data Protection Act.

3. Personal Data

Definitions of personal data are highly complex, and it is difficult to define categorically. However, broadly speaking and in day-to-day use, ‘personal data’ is information which relates to a living, identifiable individual.

In the context of this document and the School’s requirement to process ‘personal data’ as part of its duty of care and to educate its students, 'personal data' may include:

4. Processing Personal Data

If it is necessary for the School to process certain personal data to fulfil its obligations to students and their parents or guardians then consent is not required. However, any information which falls under the definition of personal data, and is not otherwise exempt, will remain confidential. Data will only be disclosed to third parties with the consent of the appropriate individual or under the terms of this Policy.

5. Sensitive Personal Data

'Sensitive data' may include:

Where sensitive personal data is processed by the School, the explicit consent of the appropriate individual will be required in writing.

6. Rights of Access

Individuals have a right of access to information held by the School. Any individual wishing to access their personal data should put their written request to the Headteacher. The School will try to respond to any such written requests as soon as is reasonably practicable and in any event, within 40 days for access to records and 21 days to reply to an access to information request.

It is important to note that certain data is exempt from the right of access under the Data Protection Act. This can include:

7. Data Rights

Under the Data Protection Act, the rights to the data belong to the individual to whom the data relates. However, in most cases, the School will rely on parental consent to process data relating to students unless, given the circumstances and the student's age and understanding, it is unreasonable to rely on the parent's consent. Parents should be aware that in such situations they may not be consulted. These situations are very rare, and it is a general policy in the School to always seek parental or guardian consent before processing a child's personal data.

8. Disclosure of Information

The School confirms that it will not generally disclose information about individuals, unless the individual has given their consent or one of the specific exemptions under the Data Protection Act applies. However, for the following purposes, the school does intend to disclose data as is necessary to third parties:

When the School receives a disclosure request from a third party it will always take action to establish the identity of that third party before making any disclosure.

9. Use of Personal Information by the School

As part of the entry procedure into the School at any age, all students are asked to sign an agreement giving the School their consent to use their personal data for:

10. Accuracy

In accordance with the Data Protection Act 1998 it is School policy to ensure that any personal data held about an individual is accurate. Conversely, the School will seek to encourage all students and staff to notify the School of any changes to information held about them (change of address, change of marital status etc).

11. Security

Where it is reasonably practicable, the School will take steps to ensure that members of staff will only have access to personal data relating to students, their parents or guardians where it is necessary for them to do so. All staff will be made aware of this policy and their duties under the Data Protection Act. The School will ensure that all personal information is held in a secure central location and is not accessible to unauthorised persons.

12. Enforcement

If an individual believes that the School has not complied with this Policy or acted otherwise than in accordance with the Data Protection Act, they should make a complaint to the School using the School’s Complaints Procedure (copy available from the School or the School's website www.maschool.org.uk).

Real Time Web Analytics