Privacy Notice for Roselyn House School
Students and Parents
Roselyn House School is committed to protecting the privacy and security of personal information. This privacy notice describes how we collect and use personal information about Students, in accordance with the General Data Protection Regulation (GDPR), section 537A of the Education Act 1996 and section 83 of the Children Act 1989.
Who Collects This Information
Roselyn House School is a “data controller.” This means that we are responsible for deciding how we hold and use personal information about Students.
The Categories of Pupil Information That We Collect, Process, Hold and Share
We may collect, store and use the following categories of personal information about you: -
Collecting This Information
Whilst the majority of information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
How We Use Your Personal Information
We hold pupil data and use it for: -
The Lawful Basis on Which We Use This Information
We will only use your information when the law allows us to. Most commonly, we will use your information in the following circumstances: -
We need all the categories of information in the list above primarily to allow us to comply with legal obligations. Please note that we may process information without knowledge or consent, where this is require or permitted by law.
We may need to share your data with third parties where it is necessary. There are strict controls on who can see your information. We will not share your data if you have advised us that you do not want it shared unless it’s the only way we can make sure you stay safe and healthy or we are legally required to do so.
We share pupil information with: -
Information will be provided to those agencies securely or anonymised where possible.
The recipient of the information will be bound by confidentiality obligations, we require them to respect the security of your data and to treat it in accordance with the law.
Why We Share This Information
We do not share information about our Students with anyone without consent unless otherwise required by law.
For example, we share student’s data with the DfE on a statutory basis which underpins school funding and educational attainment. To find out more about the data collection requirements placed on us by the DfE please go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.
Storing Pupil Data
The School keep information about Students on computer systems and sometimes on paper.
Except as required by law, the School only retains information about Students for as long as necessary in accordance with timeframes imposed by law and our internal policy.
If you require further information about our retention periods, please let Mrs R Smith know who can provide you with a copy of our policy.
Automated Decision Making
Automated decision making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision making in limited circumstances.
Students will not be subject to automated decision-making, unless we have a lawful basis for doing so and we have notified you.
We have put in place measures to protect the security of your information (i.e. against it being accidentally lost, used or accessed in an unauthorised way).
Once our Students reach the age of 13, we also pass pupil information to our local authority and / or provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996.
We must provide the Students name, the parents name(s) and any further information relevant to the support services role.
This enables them to provide services as follows:
A parent or guardian can request that only their child’s name, address and date of birth is passed to their local authority or provider of youth support services by informing us. This right is transferred to the child / pupil once he/she reaches the age 16.
We will also share certain information about Students aged 16+ with our local authority and / or provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996.
This enables them to provide services as follows:
For more information about services for young people, please visit our local authority website.
The National Pupil Database
The NPD is owned and managed by the Department for Education and contains information about Students in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
We are required by law, to provide information about our Students to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Students) (England) Regulations 2013.
To find out more about the NPD, go to
The department may share information about our Students from the NPD with third parties who promote the education or well-being of children in England by:
The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
For more information about the department’s data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data
For information about which organisations the department has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received
To contact DfE: https://www.gov.uk/contact-dfe
Requesting Access to Your Personal Data
Under data protection legislation, parents and Students have the right to request access to information about them that we hold. To make a request for your personal information, contact Mrs R Smith.
You also have the right to: -
If you want to exercise any of the above rights, please contact Mrs R Smith in writing.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Right to Withdraw Consent
In circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact Mrs R Smith. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If you would like to discuss anything within this privacy notice or have a concern about the way we are collecting or using your personal data, we request that you raise your concern with Mrs R Smith in the first instance.
We have appointed a data protection officer (DPO) to oversee compliance with data protection and this privacy notice. If you have any questions about how we handle your personal information which cannot be resolved by Mrs R Smith, then you can contact the DPO on the details below: -
Data Protection Officer: Judicium Consulting Ltd
Data Protection Officer Details: Judicium Consulting Ltd, 72 Cannon Street, London, EC4N 6AE
Data Protection Officer Email: firstname.lastname@example.org
You have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues at https://ico.org.uk/concerns.
Changes to This Privacy Notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
The Data Protection Officer is responsible for overseeing data protection within the School so if you do have any questions in this regard, please do contact them on the information below: -
Data Protection Officer: Judicium Consulting Limited
Company: Judicium Consulting Ltd
Address: 72 Cannon Street, London, EC4N 6AE
Telephone: 0203 326 9174