Student and Parent Privacy Notice for Morton Academy, a United Learning Trust Academy
This notice is intended to provide information about how the Academy will use or “process” personal data about individuals including current, past and prospective students and their parents, carers or guardians, and host families (referred to in this notice as “parents”).
Responsibility for Data Protection
The data controller for personal information held by Morton Academy is United Learning Trust (ULT). ULT is registered with the Information Commissioner’s Office (ICO). The registration number is Z7415170.
The Company Secretary, Steve Whiffen, is responsible for ensuring that ULT complies with the Data Protection Law. He can be contacted on via email at email@example.com or on 01832 864538.
Melanie Irving is responsible for ensuring that the Academy complies with ULT’s policies and procedures in relation to Data Protection. They can be contacted on 01228 822636.
The purposes for which we process student and parent personal data
Morton Academy and United Learning Trust collect, create and hold personal information relating to our students and may also receive information about them from their previous school, local authority and/or the Department for Education (DfE). We also collect and hold personal information about our student’s parents and carers. We use this personal data to:
- Provide education services (including SEN), career services and extra-curricular activities to students; and to monitor students’ progress and education needs;
- To safeguard students’ welfare and provide appropriate pastoral (and where necessary, medical) care.
- To enable students to take part in national or other assessments, and to publish the results of public examinations or other achievements of students at the Academy.
- To maintain relationships with alumni and the school community.
- For the purposes of management planning and forecasting, research and statistical analysis and to enable ULT to monitor the Academy’s performance.
- To monitor use of the Academy’s IT systems in accordance with the Academy’s Acceptable Use Policy.
- To receive information about current and prospective students from any educational institution that they attended.
- To confirm the identity of prospective students and their parents.
- To make use of photographic images of students in school publications and on the Academy website in accordance with the Academy’s policy on taking, storing and using images of children.
- To create invoices and process payments for services such as school meals, school trips etc.
- For security purposes, and for regulatory and legal purposes (for example child protection and health and safety) and to comply with its legal obligations.
- To receive reports from any external bodies who may be working with your child.
- Where otherwise reasonably necessary for the Academy’s purposes, including to obtain appropriate professional advice and insurance for the Academy.
- To keep you updated about the activities of the Academy including by sending updates and newsletter by email and post.
- To organise trips and visits both in the UK and abroad.
The categories of personal data held about students
The types of personal data processed by the Academy will include:
- Names, addresses, telephone numbers, email addresses and other contact details.
- Academic records and national curriculum assessment results, including examination scripts and marks.
- Personal characteristics such as your ethnic group, religious beliefs, any special educational needs you may have and any relevant medical information.
- Attendance information, behavioural records, any exclusion information.
- Information provided by previous educational establishments and or professionals or organisations working with students.
- Where students go after they leave the Academy.
- For students enrolling for post 14 qualifications, the Learning Records Service will give us the unique learner number (ULN) and may also give us details about your learning or qualifications.
- Images captured by the Academy’s CCTV system (in accordance with the Academy’s policy on taking, storing and using images of children).
The legal basis for the processing of student and parent data
The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller and where necessary to comply with our legal obligations.
Information relating to racial or ethnic origin, religious beliefs or health (point 3) will only be processed with the explicit consent of the student or the student’s parents or when it is necessary for carrying out our legislative obligations. Further information regarding the purposes for which the data would be processed will be provided with the data collection form.
Data Retention Periods
The student’s educational record will move with the student to their next school. Where the school is the last school that the student attends the records will be kept until the student is 25 years old.
Admissions information will be retained for 6 years.
Information relating to financial transactions will be kept for 7 years.
For further information on how long we keep personal data for please refer to our records retention schedule which can be obtained from the academy.
ULT has in place technical and organisational measures that ensure a level of security appropriate to the sensitive nature of the personal data that we process. For further information regarding how we keep personal data secure please refer to our security of personal data policy.
We use third party data processors to provide us with a management information system, accounts software, cloud storage services, apps and software for use in the classroom and to facilitate the secure transfer of data between the Academy and Central Office. This use of data processors will only take place if in compliance with the Data Protection Act 1998 and the General Data Protection Regulation.
Decisions on whether we contract with these third party processors are subject to a robust approval process and are based on a detailed assessment of the purpose for which the data processing is required, the level and sensitivity of data involved and the arrangements in place to store and handle the data. To be granted access to student level data, data processors must comply with strict terms and conditions covering the confidentiality and handling of data, security arrangements and retention and use of the data.
We currently use the following data processors:-
Capita, Parentpay, Sisra, Smid Report, United Learning Trust, Microsoft, Hegarty Maths, MyMaths, Pearson active learn, Groupcall, Wonde, CPOMS, Show My Homework, PS Connected, Parents Evening System, Class Dojo, Kudos, GL Assessment, Sign In App, Edurio, Edukey, Tassomai.
Sharing Data with Third Parties (other data controllers)
We may share data with the following recipients:
Keeping in touch and supporting the Academy
We would like to share student and parent personal data with both our Parent Teacher Association, our Alumni Association. We will only do so if you have signed the appropriate consent form. Details of how these groups use your personal data are given on the consent form. Consent may be withdrawn at any time by writing to Melanie Irving.
Inspira - Once your child is aged 13 or over, we are required by law to pass on certain information to the provider of youth support services in your area. This is the local authority support service for young people aged 13 to 19 in England. We must provide the address of you and your child (and their date of birth), telephone numbers and any further information relevant to the support services' role.
We will provide references to any other educational institution that the student proposes to attend and to potential employers of past and present students.
On request we will share academic records with inspectors from Ofsted.
Department for Education
We are required, by law, to pass some information about our students to the Department for Education (DfE). This information will, in turn, then be made available for use by the Local Authority.
DfE may also share student level personal data that we supply to them, with third parties. This will only take place where legislation allows it to do so and it is in compliance with the Data Protection Act 1998 and the General Data Protection Regulation.
Decisions on whether DfE releases this personal data to third parties are subject to a robust approval process and are based on a detailed assessment of who is requesting the data, the purpose for which it is required, the level and sensitivity of data requested and the arrangements in place to store and handle the data. To be granted access to student level data, requestors must comply with strict terms and conditions covering the confidentiality and handling of data, security arrangements and retention and use of the data.
For more information on how this sharing process works, please visit:
For information on which third party organisations (and for which project) student level data has been provided to, please visit: https://www.gov.uk/government/publications/national-pupil-database-requests-received
If you need more information about how our Local Authority and/or DfE collect and use your information, please visit:-
We will not give information about our students to any other third parties without your consent unless the law and our policies allow us to do so.
Rights of the Data Subject
Data protection legislation gives individuals certain rights which are detailed below. If you wish to exercise these rights please contact Melanie Irving on 01228 822636.
Right of access to personal data “subject access request”
You have the right to access the personal data that the Academy holds about you. Requests need to be made in writing. If you child is over the age of 12 they will also need to sign the request. We take the security of personal data seriously so we may ask you for proof of identity to verify that you are entitled to the information requested.
Right to withdrawn consent
Where we have obtained your consent to specific processing activities you may withdraw this consent at any time.
Right to rectification
You have the right to have the personal data that we hold about you rectified if it is inaccurate or incomplete. We will respond to such requests within one month.
Right to erasure
You have the right to have personal data erased in certain specific circumstances. If you make such a request we will consider whether the right to erasure applies and give you a full and reasoned response.
Right to restrict processing
In certain circumstances you have the right to request that we restrict the processing of your personal data. If you make such a request we will consider whether the right to restrict processing applies and give you a full and reasoned response.
For further information regarding these rights please refer to the Group’s rights of the data subject policy.
If you disagree with a decision that we have taken regarding the processing of your personal data please contact UCST’s Company Secretary, Steve Whiffen, on 01832 864538 or firstname.lastname@example.org
You also have the right to lodge a complaint with the Information Commissioners Office on 0303 123 1113 or https://ico.org.uk/for-the-public/