Student and Parent Privacy Notice

This notice is intended to provide information about how the Academy will use or “process” personal data about individuals including current, past and prospective students and their parents, carers or guardians, and host families (referred to in this notice as “parents”).

The data controller for personal information held by Morton Academy is United Learning Trust (ULT).  ULT is registered with the Information Commissioner’s Office (ICO).  The registration number is Z7415170.

The Company Secretary, Alison Hussain, is responsible for ensuring that ULT complies with the Data Protection Law.  She can be contacted on via email at company.secretary@unitedlearning.org.uk or on 01832 864538.

Melanie Irving is responsible for ensuring that the Academy complies with ULT’s policies and procedures in relation to Data Protection.  They can be contacted on 01228 822636.

Morton Academy and United Learning Trust collect, create and hold personal information relating to our students and may also receive information about them from their previous school, local authority and/or the Department for Education (DfE).  We also collect and hold personal information about our student’s parents and carers.  We use this personal data to:

• Provide education services (including SEN), career services and extra-curricular activities to students; and to monitor students’ progress and education needs;
• To safeguard students’ welfare and provide appropriate pastoral (and where necessary, medical) care. 
• To enable students to take part in national or other assessments, and to publish the results of public examinations or other achievements of students at the Academy.
• To maintain relationships with alumni and the school community.
• For the purposes of management planning and forecasting, research and statistical analysis and to enable ULT to monitor the Academy’s performance.
• To monitor use of the Academy’s IT systems in accordance with the Academy’s Acceptable Use Policy.
• To receive information about current and prospective students from any educational institution that they attended.
• To confirm the identity of prospective students and their parents.  
• To make use of images of pupils in print and digital communications, and for promotion and marketing, in accordance with the Academy’s policy on taking, storing and using images of children.
• To create invoices and process payments for services such as school meals, school trips etc.  
• For security purposes, and for regulatory and legal purposes (for example child protection and health and safety) and to comply with its legal obligations.
• To receive reports from any organisation who may be working with your child.
• Where otherwise reasonably necessary for the Academy’s purposes, including to obtain appropriate professional advice and insurance for the Academy.
• To keep you updated about the activities of the Academy including by sending updates and newsletter by email and post.
• To organise trips and visits both in the UK and abroad.

The types of personal data processed by the Academy will include:

1. Names, addresses, telephone numbers, email addresses and other contact details.
2. Academic records and national curriculum assessment results, including examination scripts and marks.
3. Personal characteristics such as your ethnic group, religious beliefs, any special educational needs you may have and any relevant medical information.
4. Attendance information, behavioural records, any exclusion information.
5. Information provided by previous educational establishments and or professionals or organisations working with students.
6. Where students go after they leave the Academy.
7. For students enrolling for post 14 qualifications, the Learning Records Service will give us the unique learner number (ULN) and may also give us details about your learning or qualifications.
8. Still and moving images, captured through video and photography and through the Academy’s CCTV system (in accordance with the Academy’s policy on taking, storing and using images of children).
9. Still and moving images in accordance with the Academy’s image use policy.
10. Biometric data on our cashless catering system

The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller and where necessary to comply with our legal obligations.

Information relating to racial or ethnic origin, religious beliefs or health (point 3) and biometric data (point 9) will only be processed with the explicit consent of the student or the student’s parents or when it is necessary for carrying out our legislative obligations.  Further information regarding the purposes for which the data would be processed will be provided with the data collection form.

The student’s educational record will move with the student to their next school.  Where the school is the last school that the student attends the records will be kept until the student is 25 years old. 

Admissions information will be retained for 6 years.

Information relating to financial transactions will be kept for 7 years.

For further information on how long we keep personal data for please refer to our records retention schedule which can be obtained from the academy.

ULT has in place technical and organisational measures that ensure a level of security appropriate to the sensitive nature of the personal data that we process.  For further information regarding how we keep personal data secure please refer to our security of personal data policy.

We use third party data processors to provide us with a variety of services  .  This use of data processors will only take place if is in compliance with the UK GDPR and the Data Protection Act 2018 (and any subsequent legislation related to data protection in applicable jurisdictions).

Decisions on whether we contract with these third party processors are subject to a robust approval process and are based on a detailed assessment of the purpose for which the data processing is required, the level and sensitivity of data involved and the arrangements in place to store and handle the data.  To be granted access to student level data, data processors must comply with strict terms and conditions covering the confidentiality and handling of data, security arrangements and retention and use of the data.

We currently use the following data processors:-

Capita, Parentpay, Smid Report,  United Learning Trust, Microsoft, Google, Sparx Maths, Pearson Active Learn, Groupcall, Wonde, CPOMS, Satchel One (Show My Homework), Careers and Enterprise Company (Compass+), PS Connected, Class Dojo, GL Assessment, Sign In App, Edukey, Tassomai, Wheelers ePlatform, The Everlearner, Activate Your Future, Onefile, Seneca, SOL Consultancy, Zoho, Soundtrap, Asset for Schools, NISAI, PET-Xi, Swivl, Sportsmart, Craig 'n' Dave (Smart Revise), Unifrog, Studybugs, BandLab, IXL Learning, The Brilliant Club, Capital Tuition, Seasoft Ltd (Elemental Music App), Governor Hub, Awaken Learning.

We may share data with the following recipients:

Keeping in touch and supporting the Academy

We would like to share student and parent personal data with both our Parent Teacher Association, our Alumni Association.  We will only do so if you have signed the appropriate consent form.  Details of how these groups use your personal data are given on the consent form.  Consent may be withdrawn at any time by writing to Melanie Irving.

Careers Guidance

Inspira - Once your child is aged 13 or over, we are required by law to pass on certain information to the provider of youth support services in your area. This is the local authority support service for young people aged 13 to 19 in England. We must provide the address of you and your child (and their date of birth), telephone numbers and any further information relevant to the support services' role.

References

We will provide references to any other educational institution that the student proposes to attend and to potential employers of past and present students.

School Inspections

On request we will share academic records with inspectors from Ofsted.

Department for Education

We are required, by law, to pass some information about our students to the Department for Education (DfE).  This information will, in turn, then be made available for use by the Local Authority. 

DfE may also share pupil level personal data that we supply to them, with third parties. This will only take place where legislation allows it to do so and it is in compliance with the Data Protection Act 2018 and the UK GDPR.

Decisions on whether DfE releases this personal data to third parties are subject to a robust approval process and are based on a detailed assessment of who is requesting the data, the purpose for which it is required, the level and sensitivity of data requested and the arrangements in place to store and handle the data. To be granted access to student level data, requestors must comply with strict terms and conditions covering the confidentiality and handling of data, security arrangements and retention and use of the data.

For more information on how this sharing process works, please visit:

https://www.gov.uk/guidance/national-pupil-database-apply-for-a-data-extract

For information on which third party organisations (and for which project) student level data has been provided to, please visit: https://www.gov.uk/government/publications/national-pupil-database-requests-received

If you need more information about how our Local Authority and/or DfE collect and use your information, please visit:-

• Our Local Authority at https://www.cumbria.gov.uk/landing_page/schoolsandlearning.asp or
• The DfE website at https://www.gov.uk/data-protection-how-we-collect-and-share-research-data

We will not give information about our students to any other third parties without your consent unless the law and our policies allow us to do so.

Data protection legislation gives individuals certain rights which are detailed below.  If you wish to exercise these rights please contact Melanie Irving on 01228 822636.

You have the right to access the personal data that the Academy holds about you.  Requests need to be made in writing.  If you child is over the age of 12 they will also need to sign the request.  We take the security of personal data seriously so we may ask you for proof of identity to verify that you are entitled to the information requested. 

Where we have obtained your consent to specific processing activities you may withdraw this consent at any time.

You have the right to have the personal data that we hold about you rectified if it is inaccurate or incomplete.  We will respond to such requests within one month.

You have the right to have personal data erased in certain specific circumstances.  If you make such a request we will consider whether the right to erasure applies and give you a full and reasoned response.

In certain circumstances you have the right to request that we restrict the processing of your personal data.  If you make such a request we will consider whether the right to restrict processing applies and give you a full and reasoned response.

For further information regarding these rights please refer to the Group’s rights of the data subject policy.

If you disagree with a decision that we have taken regarding the processing of your personal data please contact UCST’s Company Secretary, Alison Hussain, on 01832 864538 or company.secretary@unitedlearning.org.uk

You also have the right to lodge a complaint with the Information Commissioners Office on 0303 123 1113 or https://ico.org.uk/for-the-public/