lancashire sen school
lancashire sen school
  

GDPR

ROSELYN HOUSE SCHOOL / THE RHISE SERVICE

DATA PROTECTION POLICY

Introduction

The General Data Protection Regulation (GDPR) ensures a balance between an individual’s rights to privacy and the lawful processing of personal data undertaken by organisations in the course of their business. It aims to protect the rights of individuals about whom data is obtained, stored, processed or supplied and requires that organisations take appropriate security measures against unauthorised access, alteration, disclosure or destruction of personal data.

Roselyn House School / RHISE will protect and maintain a balance between data protection rights in accordance with the GDPR. This policy sets out how we handle the personal data of our pupils, parents, suppliers, employees, workers and other third parties.

This policy does not form part of any individual’s terms and conditions of employment with and is not intended to have contractual effect. Changes to data protection legislation will be monitored and further amendments may be required to this policy in order to remain compliant with legal obligations.

All members of staff are required to familiarise themselves with its content and comply with the provisions contained in it. Breach of this policy will be treated as a disciplinary offence which may result in disciplinary action under our Disciplinary Policy and Procedure up to and including summary dismissal depending on the seriousness of the breach.

SECTION 1 - DEFINITIONS

Personal data

Personal data is any information relating to an individual where the individual can be identified (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. This includes special category data and pseudonymised personal data but excludes anonymous data or data that has had the identity of an individual permanently removed.

Personal data can be factual (for examples a name, email address, location or date of birth) or an opinion about that person’s actions or behaviour.

Personal data will be stored either electronically or as part of a structured manual filing system in such a way that it can be retrieved automatically by reference to the individual or criteria relating to that individual.

Special Category Data

Previously termed “Sensitive Personal Data”, Special Category Data is similar by definition and refers to data concerning an individual Data Subject’s racial or ethnic origin, political or religious beliefs, trade union membership, physical and mental health, sexuality, biometric or genetic data and personal data relating to criminal offences and convictions.

Data Subject

An individual about whom such information is stored is known as the Data Subject. It includes but is not limited to employees.

Data Controller

The organisation storing and controlling such information (i.e. Roselyn House School / The RHISE Service) is referred to as the Data Controller.

Processing

Processing data involves any activity that involves the use of personal data. This includes but is not limited to: obtaining, recording or holding data or carrying out any operation or set of operations on that data such as organisation, amending, retrieving using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring personal data to third parties.

Automated Processing

Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

An example of automated processing includes profiling and automated decision making. Automatic decision making is when a decision is made which is based solely on automated processing which produces legal effects or significantly affects an individual. Automated decision making is prohibited except in exceptional circumstances.

Data Protection Impact Assessment (DPIA)

DPIAs are a tool used to identify risks in data processing activities with a view to reducing them.

Criminal Records Information

This refers to personal information relating to criminal convictions and offences, allegations, proceedings, and related security measures.

 

SECTION 2 - WHEN CAN ROSELYN HOUSE SCHOOL / THE RHISE SERVICE PROCESS PERSONAL DATA

Data Protection Principles

Roselyn House School / The RHISE Service are responsible for and adhere to the principles relating to the processing of personal data as set out in the GDPR.

The principles Roselyn House School / The RHISE Service must adhere to are: -

  1. Personal data must be processed lawfully, fairly and in a transparent manner;
  2. Personal data must be collected only for specified, explicit and legitimate purposes;
  3. Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
  4. Personal data must be accurate and, where necessary, kept up to date;
  5. Personal data must not be kept in a form which permits identification of data subjects for longer than is necessary for the purposes for which the data is processed; and
  6. Personal data must be processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Further details on each of the above principles is set out below.

Principle 1: Personal data must be processed lawfully, fairly and in a transparent manner

Roselyn House School / The RHISE Service can only collect, process and share personal data fairly and lawfully and for specified purposes. Roselyn House School / The RHISE Service must have a specified purpose for processing personal data and special category of data as set out in the GDPR.

Before the processing starts for the first time we will review the purposes of the particular processing activity and select the most appropriate lawful basis for that processing. We will then regularly review those purposes whilst processing continues in order to satisfy ourselves that the processing is necessary for the purpose of the relevant lawful basis (i.e. that there is no other reasonable way to achieve that purpose).

Personal Data

Roselyn House School / The RHISE Service may only process a data subject’s personal data if one of the following fair processing conditions are met: -

  • The data subject has given their consent;
  • The processing is necessary for the performance of a contract with the data subject or for taking steps at their request to enter into a contract;
  • To protect the data subject’s vital interests;
  • To meet our legal compliance obligations (other than a contractual obligation);
  • To perform a task in the public interest or in order to carry out official functions as authorised by law;
  • For the purposes of Roselyn House School / The RHISE Service’s legitimate interests where authorised in accordance with data protection legislation. This is provided that it would not prejudice the rights and freedoms or legitimate interests of the data subject.

Special Category Data

Roselyn House School / The RHISE Service may only process special category data if they are entitled to process personal data (using one of the fair processing conditions above) AND one of the following conditions are met: -

  • The data subject has given their explicit consent;
  • The processing is necessary for the purposes of exercising or performing any right or obligation which is conferred or imposed on Roselyn House School / The RHISE Service in the field of employment law, social security law or social protection law. This may include, but is not limited to, dealing with sickness absence, dealing with disability and making adjustments for the same, arranging private health care insurance and providing contractual sick pay;
  • To protect the data subject’s vital interests;
  • To meet our legal compliance obligations (other than a contractual obligation);
  • Where the data has been made public by the data subject;
  • To perform a task in the substantial public interest or in order to carry out official functions as authorised by law;
  • Where it is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services;
  • Where it is necessary for reasons of public interest in the area of public health;
  • The processing in necessary for archiving, statistical or research purposes.

Roselyn House School / The RHISE Service identifies and documents the legal grounds being relied upon for each processing activity.

Consent

Where Roselyn House School / The RHISE Service relies on consent as a fair condition for processing (as set out above), it will adhere to the requirements set out in the GDPR.

Consent must be freely given, specific, informed and be an unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data relating to them. Explicit consent requires a very clear and specific statement to be relied upon (i.e. more than just mere action is required).

A data subject will have consented to processing of their personal data if they indicate agreement clearly either by a statement or positive action to the processing. Consent requires affirmative action so silence, pre-ticked boxes or inactivity will not amount to valid consent.

Data subjects must be easily able to withdraw consent to processing at any time and withdrawal must be promptly honoured.

If explicit consent is required, Roselyn House School / The RHISE Service will normally seek another legal basis to process that data. However if explicit consent is required the data subject will be provided with full information in order to provide explicit consent.

Roselyn House School / The RHISE Service will keep records of consents obtained in order to demonstrate compliance with consent requirements under the GDPR.

Principle 2: Personal data must be collected only for specified, explicit and legitimate purposes

Personal data will not be processed in any matter that is incompatible with the legitimate purposes.

Roselyn House School / The RHISE Service will not use personal data for new, different or incompatible purposes from that disclosed when it was first obtained unless we have informed the data subject of the new purpose (and they have consented where necessary).

Principle 3: Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed

Roselyn House School / The RHISE Service will only process personal data when our obligations and duties require us to. We will not collect excessive data and ensure any personal data collected is adequate and relevant for the intended purposes.

When personal data is no longer needed for specified purposes, Roselyn House School / The RHISE Service shall delete or anonymise the data.

Principle 4: Personal data must be accurate and, where necessary, kept up to date

Roselyn House School / The RHISE Service will endeavour to correct or delete any inaccurate data being processed by checking the accuracy of the personal data at the point of collection and at regular intervals afterwards. We will take all reasonable steps to destroy or amend inaccurate or out of date personal data.

Data subjects also have an obligation to ensure that their data is accurate, complete, up to date and relevant. Data subjects have the right to request rectification to incomplete or inaccurate data held by Roselyn House School / The RHISE Service.

 

Principle 5: Personal data must not be kept in a form which permits identification of data subjects for longer than is necessary for the purposes for which the data is processed

Legitimate purposes for which the data is being processed may include satisfying legal, accounting or reporting requirements. Roselyn House School / The RHISE Service will ensure that they adhere to legal timeframes for retaining data.

We will take reasonable steps to destroy or erase from our systems all personal data that we no longer require. We will also ensure that data subjects are informed of the period for which data is stored and how that period is determined in our privacy notices.

Please refer to our Retention Policy for further details about how we retain and remove data.

Principle 6: Personal data must be processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage

In order to assure the protection of all data being processed, Roselyn House School / The RHISE Service will develop, implement and maintain reasonable safeguard and security measures. This includes using measures such as: -

  • Encryption;
  • Pseudonymisation (this is where Roselyn House School / The RHISE Service replaces information that directly or indirectly identifies an individual with one or more artificial identifiers or pseudonyms so that the person to whom the data relates cannot be identified without the use of additional information which is meant to be kept separately and secure);
  • Ensuring authorised access (i.e. that only people who have a need to know the personal data are authorised to access it);
  • Adhering to confidentiality principles;
  • Ensuring personal data is accurate and suitable for the process for which it is processed.

Roselyn House School / The RHISE Service follow procedures and technologies to ensure security and will regularly evaluate and test the effectiveness of those safeguards to ensure security in processing personal data.

Roselyn House School / The RHISE Service will only transfer personal data to third party service providers who agree to comply with the required policies and procedures and agree to put adequate measures in place.

Sharing Personal Data

Roselyn House School / The RHISE Service will generally not share personal data with third parties unless certain safeguards and contractual arrangements have been put in place. These include if the third party: -

  • Has a need to know the information for the purposes of providing the contracted services;
  • Sharing the personal data complies with the privacy notice that has been provided to the data subject and, if required, the data subject’s consent has been obtained;
  • The third party has agreed to comply with the required data security standards, policies and procedures and put adequate security measures in place;
  • The transfer complies with any applicable cross border transfer restrictions; and
  • A fully executed written contract that contains GDPR approved third party clauses has been obtained.

There may be circumstances where Roselyn House School / The RHISE Service is required either by law or in the best interests of our pupils, parents or staff to pass information onto external authorities, for example, the local authority, Ofsted or the department of health. These authorities are up to date with data protection law and have their own policies relating to the protection of any data that they receive or collect.

The intention to share data relating to individuals to an organisation outside of Roselyn House School / The RHISE Service shall be clearly defined within written notifications and details and basis for sharing that data given.

Transfer of Data Outside the European Economic Area (EEA)

The GDPR restricts data transfers to countries outside the EEA in order to ensure that the level of data protection afforded to individuals by the GDPR is not undermined.

Roselyn House School / The RHISE Service will not transfer data to another country outside of the EEA without appropriate safeguards being in place and in compliance with the GDPR. All staff must comply with our guidelines on transferring data outside of the EEA. For the avoidance of doubt, a transfer of data to another country can occur when you transmit, send, view or access that data in that particular country.

 

SECTION 3 - DATA SUBJECT’S RIGHTS AND REQUESTS

Personal data must be made available to data subjects as set out within this policy and data subjects must be allowed to exercise certain rights in relation to their personal data.

The rights data subjects have in relation to how Roselyn House School / The RHISE Service handle their personal data are set out below: -

  1. (Where consent is relied upon as a condition of processing) To withdraw consent to processing at any time;
  2. Receive certain information about Roselyn House School / The RHISE Service’s processing activities;
  3. Request access to their personal data that we hold;
  4. Prevent our use of their personal data for marketing purposes;
  5. Ask us to erase personal data if it is no longer necessary in relation to the purposes for which it was collected or processed or to rectify inaccurate data or to complete incomplete data;
  6. Restrict processing in specific circumstances;
  7. Challenge processing which has been justified on the basis of our legitimate interests or in the public interest;
  8. Request a copy of an agreement under which personal data is transferred outside of the EEA;
  9. Object to decisions based solely on automated processing;
  10. Prevent processing that is likely to cause damage or distress to the data subject or anyone else;
  11. Be notified of a personal data breach which is likely to result in high risk to their rights and freedoms;
  12. Make a complaint to the supervisory authority; and
  13. In limited circumstances, receive or ask for their personal data to be transferred to a third party in a structured, commonly used and machine readable format.

If any request is made to exercise the rights above, it is a requirement for the relevant staff member within Roselyn House School / The RHISE Service to verify the identity of the individual making the request.

Subject Access Requests

A Data Subject has the right to be informed by Roselyn House School / The RHISE Service of the following: -

  1. Confirmation that their data is being processed;
  2. Access to their personal data;
  3. A description of the information that is being processed;
  4. The purpose for which the information is being processed;
  5. The recipients/class of recipients to whom that information is or may be disclosed;
  6. Details of Roselyn House School / The RHISE Service’s sources of information obtained;
  7. In relation to any Personal Data processed for the purposes of evaluating matters in relation to the Data Subject that has constituted or is likely to constitute the sole basis for any decision significantly affecting him or her, to be informed of the logic of the Data Controller’s decision making. Such data may include, but is not limited to, performance at work, creditworthiness, reliability and conduct.
  8. Other supplementary information

Any Data Subject who wishes to obtain the above information must notify the School in writing of his or her request. This is known as a Data Subject Access Request.

The request should in the first instance be sent to Mrs R Smith, School Business Manager.

Direct Marketing

Roselyn House School / The RHISE Service are subject to certain rules and privacy laws when marketing. For example a data subject’s prior consent will be required for electronic direct marketing (for example, by email, text or automated calls).

Roselyn House School / The RHISE Service will explicitly offer individuals the opportunity to object to direct marketing and will do so in an intelligible format which is clear for the individual to understand. Roselyn House School / The RHISE Service will promptly respond to any individual objection to direct marketing.

Employee Obligations

Employees may have access to the personal data of other members of staff, suppliers, parents or pupils of Roselyn House School / The RHISE Service in the course of their employment or engagement. If so, Roselyn House School / The RHISE Service expects those employees to help meet our data protection obligations to those individuals. Specifically, you must: -

  • Only access the personal data that you have authority to access, and only for authorised purposes;
  • Only allow others to access personal data if they have appropriate authorisation;
  • Keep personal data secure (for example by complying with rules on access to school premises, computer access, password protection and secure file storage and destruction [Please refer to our Security Policy for further details about our security processes]);
  • Not to remove personal data or devices containing personal data from  Roselyn House School / The RHISE Service premises unless appropriate security measures are in place (such as Pseudonymisation, encryption, password protection) to secure the information;
  • Not to store personal information on local drives.

 

 

SECTION 4 - ACCOUNTABILITY

Roselyn House School / The RHISE Service will ensure compliance with data protection principles by implementing appropriate technical and organisational measures. We are responsible for and demonstrate accountability with the GDPR principles.

Roselyn House School / The RHISE Service have taken the following steps to ensure and document GDPR compliance: -

Data Protection Officer (DPO)

Please find below details of the School’s Data Protection Officer: -

Data Protection Officer: Judicium Consulting Ltd

Address: Judicium Consulting Ltd, 72 Cannon Street, London, EC4N 6AE

Email: dataservices@judicium.com

Telephone: 0203 326 9174

 

The DPO is responsible for overseeing this data protection policy and developing data-related policies and guidelines.

Please contact the DPO with any questions about the operation of this Data Protection Policy or the GDPR or if you have any concerns that this policy is not being or has not been followed. In particular, you must always contact the DPO in the following circumstances: -

  1. If you are unsure of the lawful basis being relied on by Roselyn House School / The RHISE Service to process personal data;
  2. If you need to rely on consent as a fair reason for processing (please see below the section on consent for further detail);
  3. If you need to draft privacy notices or fair processing notices;
  4. If you are unsure about the retention periods for the personal data being processed but would refer you to the Roselyn House School / The RHISE Service’s data retention policy in the first instance;
  5. If you are unsure about what security measures need to be put in place to protect personal data;
  6. If there has been a personal data breach;
  7. If you are unsure on what basis to transfer personal data outside the EEA;
  8. If you need any assistance dealing with any rights invoked by a data subject;
  9. Whenever you are engaging in a significant new (or a change in) processing activity which is likely to require a data protection impact assessment or if you plan to use personal data for purposes other than what it was collected for;
  10. If you plan to undertake any activities involving automated processing or automated decision making;
  11. If you need help complying with applicable law when carrying out direct marketing activities;
  12. If you need help with any contracts or other areas in relation to sharing personal data with third parties.

Personal Data Breaches

The GDPR requires Roselyn House School / The RHISE Service to notify any applicable personal data breach to the Information Commissioner’s Office (ICO).

We have put in place procedures to deal with any suspected personal data breach and will notify data subjects or any applicable regulator where we are legally required to do so.

If you know or suspect that a personal data breach has occurred, do not attempt to investigate the matter yourself. Immediately contact the person designated as the key point of contact for personal data breaches (who is Mrs R Smith) or your DPO.

Transparency and Privacy Notices

Roselyn House School / The RHISE Service will provide detailed, specific information to data subjects. This information will be provided through Roselyn House School / The RHISE Service‘s privacy notices which are concise, transparent, intelligible, easily accessible and in clear and plain language so that a data subject can easily understand them. Privacy notices sets out information for data subjects about how the School use their data and Roselyn House School / The RHISE Service’s privacy notices are tailored to suit the data subject.

Whenever we collect personal data directly from data subjects, including for human resources or employment purposes, we will provide the data subject with all the information required by the GDPR including the identity of the data protection officer, Roselyn House School / The RHISE Service’s contact details, how and why we will use, process, disclose, protect and retain personal data.

When personal data is collected indirectly (for example from a third party or publicly available source), we will provide the data subject with the above information as soon as possible after receiving the data. Roselyn House School / The RHISE Service will also confirm whether that third party has collected and processed data in accordance with the GDPR.

Notifications shall be in accordance with ICO guidance and, where relevant, be written in a form understandable by those defined as “children” under the GDPR

Privacy by Design

Roselyn House School / The RHISE Service adopt a privacy be design approach to data protection to ensure that we adhere to data compliance and to implement technical and organisational measures in an effective manner.

Privacy by design is an approach that promotes privacy and data protection compliance from the start. To help us achieve this, Roselyn House School / The RHISE Service takes into account the nature and purposes of the processing, any cost of implementation and any risks to rights and freedoms of data subjects when implementing data processes.

Data Protection Impact Assessments (DPIAs)

In order to achieve a privacy by design approach, Roselyn House School / The RHISE Service conduct DPIAs for any new technologies or programmes being used by them which could affect the processing of personal data. In any event Roselyn House School / The RHISE Service carries out DPIAs when required by the GDPR in the following circumstances: -

  • For the use of new technologies (programs, systems or processes) or changing technologies;
  • For the use of automated processing;
  • For large scale processing of special category data;
  • For large scale, systematic monitoring of a publicly accessible area (through the use of CCTV).

Our DPIAs contain: -

  • A description of the processing, its purposes and any legitimate interests used;
  • An assessment of the necessity and proportionality of the processing in relation to its purpose;
  • An assessment of the risk to individuals; and
  • The risk mitigation measures in place and demonstration of compliance.

Record Keeping

Roselyn House School / The RHISE Service are required to keep full and accurate records of our data processing activities. These records include: -

  • The name and contact details of Roselyn House School / The RHISE Service;
  • The name and contact details of the Data Protection Officer;
  • Descriptions of the types of personal data used;
  • Description of the data subjects;
  • Details of Roselyn House School / The RHISE Service‘s processing activities and purposes;
  • Details of any third party recipients of the personal data;
  • Where personal data is stored;
  • Retention periods; and
  • Security measures in place.

Training

Roselyn House School / The RHISE Service will ensure all relevant personnel have undergone adequate training to enable them to comply with data privacy laws.

 

 

Audit

Roselyn House School / The RHISE Service through its data protection officer regularly test our data systems and processes in order to assess compliance. These are done through data audits which take place annually in order to review use of personal data.

Related Policies

Staff should refer to the following policies that are related to this data protection policy:-

  • Data retention policy;
  • Data breach policy;
  • Security policy.

These policies are also designed to protect personal data and can be found on our website.

Monitoring

We will monitor the effectiveness of this and all of our policies and procedures and conduct a full review and update as appropriate.

Our monitoring and review will include looking at how our policies and procedures are working in practice to reduce the risks posed to Roselyn House School / The RHISE Service.

October 2020

ROSELYN HOUSE SCHOOL / THE RHISE SERVICE

SUBJECT ACCESS REQUEST POLICY

 

Introduction

Roselyn House School / The RHISE Service holds personal data (or information) about job applicants, employees, pupils and parents and other individuals for a variety of purposes.

Under Data Protection Law, individuals (known as ‘data subjects’) have a general right to find out whether Roselyn House School / The RHISE Service hold or process personal data about them, to access that data, and to be given supplementary information. This is known as the right of access, or the right to make a data subject access request (SAR). The purpose of the right is to enable the individual to be aware of, and verify, the lawfulness of the processing of personal data that Roselyn House School / The RHISE Service are undertaking.

This policy provides guidance for staff members on how data subject access requests should be handled, and for all individuals on how to make a SAR.  

Failure to comply with the right of access under the GDPR puts both staff and Roselyn House School / RHISE at potentially significant risk, and so the School takes compliance with this policy very seriously.

If you have any questions regarding this policy, please contact Rachel Smith (School Business Manager) or the School’s DPO whose details are as follows:  

Data Protection Officer: Judicium Consulting Limited

Address: 72 Cannon Street, London, EC4N 6AE

Email: dataservices@judicium.com

Web: www.judiciumeducation.co.uk

Telephone: 0203 326 9174

Lead Contact: Craig Stilwell

 

 

 

Definitions

  • Data Subjects for the purpose of this policy include all living individuals about whom we hold personal data. This includes pupils, our workforce, and other individuals.  A data subject need not be a UK national or resident. All data subjects have legal rights in relation to their personal information
  • Personal Data means any information relating to an identified or identifiable natural person (a data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
  • Processing is any activity that involves use of the data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Processing also includes transferring personal data to third parties

 

How to recognise a subject access request

A data subject access request is a request from an individual (or from someone acting with the authority of an individual, e.g. a solicitor or a parent making a request in relation to information relating to their child):

  • for confirmation as to whether Roselyn House School / RHISE process personal data about him or her and, if so
  • for access to that personal data
  • and/or certain other supplementary information

A valid SAR can be both in writing (by letter, email, WhatsApp text) or verbally (e.g. during a telephone conversation). The request may refer to the GDPR and/or to ‘data protection’ and/or to ‘personal data’ but does not need to do so in order to be a valid request. For example, a letter which states ‘please provide me with a copy of all the information that you have about me’ will be a data subject access request and should be treated as such.

A data subject is generally only entitled to access their own personal data, and not to information relating to other people.

How to make a data subject access request

Whilst there is no requirement to do so, we encourage any individuals who wish to make such a request to use the form at Appendix A of the policy. This allows Roselyn House School / The RHISE Service to easily recognise that you wish to make a data subject access request.

What to do when you receive a data subject access request

All data subject access requests should be immediately directed to Rachel Smith (School Business Manager) who will contact the DPO for assistance if needed. There are limited timescales within which Roselyn House School / The RHISE Service must respond to a request and any delay could result in failing to meet those timescales, which could lead to enforcement action by the Information Commissioner’s Office (ICO) and/or legal action by the affected individual. So it is crucial to ensure that requests are passed to the relevant individual without delay and failure to do so may result in disciplinary action being taken.

Acknowledging the request

When receiving a SAR Roselyn House School / The RHISE Service shall acknowledge the request as soon as possible and inform the requester about the statutory deadline to respond to the request. In addition to acknowledging the request, Roselyn House School / The RHISE Service may ask for proof of ID if needed or clarification about the requested information. If it is not clear where the information shall be sent, Roselyn House School / The RHISE Service must clarify what address/email address to use when sending the requested information.

Verifying the identity of a requester or requesting clarification of the request

Before responding to a SAR, Roselyn House School / The RHISE Service will take reasonable steps to verify the identity of the person making the request. In the case of current employees, this will usually be straightforward. Roselyn House School / The RHISE Service is entitled to request additional information from a requester in order to verify whether the requester is in fact who they say they are. Where Roselyn House School / The RHISE Service has reasonable doubts as to the identity of the individual making the request, evidence of identity may be established by production of a passport, driving license, a recent utility bill with current address, birth/marriage certificate, credit card or a mortgage statement.

If an individual is requesting a large amount of data Roselyn House School / The RHISE Service may ask the requester for more information for the purpose of clarifying the request, but the requester shall never be asked why the request has been made. Roselyn House School / The RHISE Service shall let the requestor know as soon as possible that more information is needed before responding to the request.

In both cases, the period of responding begins when the additional information has been received. If Roselyn House School / The RHISE Service do not receive this information, they will be unable to comply with the request.

Fee for responding to a SAR

Roselyn House School / The RHISE Service will usually deal with a SAR free of charge. Where a request is considered to be manifestly unfounded or excessive a fee to cover administrative costs may be requested. If a request is considered to be manifestly unfounded or unreasonable Roselyn House School / The RHISE Service will inform the requester why this is considered to be the case and that Roselyn House School / The RHISE Service will charge a fee for complying with the request.

A fee may also be requested in relation to repeat requests for copies of the same information.  In these circumstances a reasonable fee will be charged taking into account the administrative costs of providing the information.

If a fee is requested, the period of responding begins when the fee has been received.

Time Period for Responding to a SAR

Roselyn House School / The RHISE Service has one calendar month to respond to a SAR. This will run from either the day after the request has been received or from the day when any additional identification or other information requested is received, or payment of any required fee has been received.

In circumstances where Roselyn House School / The RHISE Service is in any reasonable doubt as to the identity of the requester, this period will not commence unless and until sufficient information has been provided by the requester as to their identity, and in the case of a third party requester, the written authorisation of the data subject has been received.

The period for response may be extended by a further two calendar months in relation to complex requests. What constitutes a complex request will depend on the particular nature of the request. The DPO must always be consulted in determining whether a request is sufficiently complex as to extend the response period.

Where a request is considered to be sufficiently complex as to require an extension of the period for response, Roselyn House School / The RHISE Service will need to notify the requester within one calendar month of receiving the request, together with reasons as to why this extension is considered necessary.

School closure periods

Requests received during or just before school closure periods will not be able to be responded to within the one calendar month response period. This is because Roselyn House School / The RHISE Service will be closed and no one will be on site to comply with the request emails during this period. As a result, it is unlikely that your request will be received during this time (and so the time period does not run until we receive the request). We may not be able to acknowledge your request during this time (i.e. until a time we receive the request) and the time period may not start until Roselyn House School / The RHISE Service re-opens. Roselyn House School / The RHISE Service will endeavor to comply with requests as soon as possible and will keep in communication with you as far as possible. If your request is urgent, please provide your request during term times and not during/close to closure periods.

Information to be provided in response to a request

The individual is entitled to receive access to the personal data we process about him or her and the following information:

  • the purposes for which we process the data;
  • the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular where those recipients are in third countries or international organisations;
  • where possible, the period for which it is envisaged the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the fact that the individual has the right:
  • to request that the Company rectifies, erases or restricts the processing of his personal data; or
  • to object to its processing;
  • to lodge a complaint with the ICO;
  • where the personal data has not been collected from the individual, any information available regarding the source of the data;
  • any automated decision we have taken about him or her (see paragraph 9 below), together with meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for him or her.

The information should be provided in a way that is concise, transparent, easy to understand and easy to access using clear and plain language, with any technical terms, abbreviations or codes explained. The response shall be given in writing if the SAR was made in writing in a commonly-used electronic format.

The information that Roselyn House School / The RHISE Service are required to supply in response to a SAR must be supplied by reference to the data in question at the time the request was received. However, as Roselyn House School / The RHISE Service have one month in which to respond they are allowed to take into account any amendment or deletion made to the personal data between the time the request is received and the time the personal data is supplied if such amendment or deletion would have been made regardless of the receipt of the SAR.

Roselyn House School / The RHISE Service is therefore, allowed to carry out regular housekeeping activities even if this means deleting or amending personal data after the receipt of a SAR. Roselyn House School / The RHISE Service is not allowed to amend or delete data to avoid supplying the data.

How to locate information

The personal data Roselyn House School / The RHISE Service need to provide in response to a data subject access request may be located in several of the electronic and manual filing systems. This is why it is important to identify at the outset the type of information requested so that the search can be focused.

Depending on the type of information requested, Roselyn House School / The RHISE Service may need to search all or some of the following:

  • electronic systems, e.g. databases, networked and non-networked computers, servers, customer records, human resources system, email data, back up data, CCTV;
  • manual filing systems in which personal data is accessible according to specific criteria, e.g. chronologically ordered sets of manual records containing personal data;
  • data systems held externally by our data processors e.g. Accountants for external payroll service;
  • occupational health records held
  • pensions data held by Appletree Finance
  • data held by Peninsula (Health and Safety and Employment Law Specialist

Roselyn House School / The RHISE Service should search these systems using the individual's name, employee number or other personal identifier as a search determinant.

Requests made by third parties

Roselyn House School / The RHISE Service need to be satisfied that the third party making the request is entitled to act on behalf of the individual, but it is the third party’s responsibility to provide evidence of this entitlement. This might be a written authority to make the request or it might be a more general power of attorney. Roselyn House School / The RHISE Service may also require proof of identity in certain circumstances.

If Roselyn House School / The RHISE Service is in any doubt or has any concerns as to providing the personal data of the data subject to the third party, then it should provide the information requested directly to the data subject.  It is then a matter for the data subject to decide whether to share this information with any third party. 

Requests made on behalf of children

Even if a child is too young to understand the implications of subject access rights, it is still the right of the child, rather than of anyone else such as a parent or guardian, to have access to the child’s personal data. Before responding to a SAR for information held about a child, Roselyn House School / The RHISE Service should consider whether the child is mature enough to understand their rights. If Roselyn House School / The RHISE Service is confident that the child can understand their rights, then they should usually respond directly to the child or seek their consent before releasing their information.

It shall be assessed if the child is able to understand (in broad terms) what it means to make a subject access request and how to interpret the information they receive as a result of doing so. When considering borderline cases, it should be taken into account, among other things:

•         the child’s level of maturity and their ability to make decisions like this;

•         the nature of the personal data;

•         any court orders relating to parental access or responsibility that may apply;

•         any duty of confidence owed to the child or young person;

•         any consequences of allowing those with parental responsibility access to the child’s or young person’s information. This is particularly important if there have been allegations of abuse or ill treatment;

•         any detriment to the child or young person if individuals with parental responsibility cannot access this information; and

•         any views the child or young person has on whether their parents should have access to information about them.

Generally, a person aged 12 years or over is presumed to be of sufficient age and maturity to be able to exercise their right of access, unless the contrary is shown.  In relation to a child 12 years of age or older, then provided that Roselyn House School / The RHISE Service is confident that they understand their rights, and there is no reason to believe that the child does not have the capacity to make a request on their own behalf, Roselyn House School / The RHISE Service will require the written authorisation of the child before responding to the requester, or provide the personal data directly to the child.

Roselyn House School / The RHISE Service may also refuse to provide information to parents if there are consequences of allowing access to the child’s information – for example if it is likely to cause detriment to the child.

Protection of third parties -exemptions to the right of subject access

There are circumstances where information can be withheld pursuant to a SAR.  These specific exemptions and requests should be considered on a case by case basis.

Roselyn House School / The RHISE Service will consider whether it is possible to redact information so that this does not identify those third parties. If their data cannot be redacted (for example, after redaction it is still obvious who the data relates to) then Roselyn House School / The RHISE Service do not have to disclose personal data to the extent that doing so would involve disclosing information relating to another individual (including information identifying the other individual as the source of information) who can be identified from the information unless:

•    the other individual has consented to the disclosure; or

•    it is reasonable to comply with the request without that individual’s consent.

In determining whether it is reasonable to disclose the information without the individuals consent, all of the relevant circumstances will be taken into account, including:

•    the type of information that they would disclose;

•    any duty of confidentiality they owe to the other individual;

•    any steps taken to seek consent from the other individual;

•    whether the other individual is capable of giving consent; and

•    any express refusal of consent by the other individual.

It needs to be decided whether it is appropriate to disclose the information in each case. This decision will involve balancing the data subject’s right of access against the other individual’s rights. If the other person consents to the school disclosing the information about them, then it would be unreasonable not to do so. However, if there is no such consent, the school must decide whether to disclose the information anyway. If there are any concerns in this regard then the DPO should be consulted.

Other exemptions to the right of subject access

In certain circumstances Roselyn House School / The RHISE Service may be exempt from providing some or all of the personal data requested. These exemptions are described below and should only be applied on a case-by-case basis after a careful consideration of all the facts.

Crime detection and prevention: Roselyn House School / The RHISE Service do not have to disclose any personal data being processed for the purposes of preventing or detecting crime; apprehending or prosecuting offenders; or assessing or collecting any tax or duty.

Confidential references: Roselyn House School / The RHISE Service do not have to disclose any confidential references given to third parties for the purpose of actual or prospective:

  • education, training or employment of the individual;
  • appointment of the individual to any office; or
  • provision by the individual of any service

This exemption does not apply to confidential references that Roselyn House School / The RHISE Service receive from third parties. However, in this situation, granting access to the reference may disclose the personal data of another individual (i.e. the person giving the reference), which means that Roselyn House School / The RHISE Service must consider the rules regarding disclosure of third-party data set out above before disclosing the reference.

Legal professional privilege: Roselyn House School / The RHISE Service do not have to disclose any personal data which are subject to legal professional privilege.

Management forecasting: Roselyn House School / The RHISE Service do not have to disclose any personal data processed for the purposes of management forecasting or management planning to assist us in the conduct of any business or any other activity.

Negotiations: Roselyn House School / The RHISE Service do not have to disclose any personal data consisting of records of intentions in relation to any negotiations with the individual where doing so would be likely to prejudice those negotiations.

Refusing to respond to a request

Roselyn House School / The RHISE Service can refuse to comply with a request if the request is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature.

If a request is found to be manifestly unfounded or excessive the school can:

  • request a "reasonable fee" to deal with the request; or
  • refuse to deal with the request.

In either case Roselyn House School / The RHISE Service need to justify the decision and inform the requestor about the decision.

The reasonable fee should be based on the administrative costs of complying with the request. If deciding to charge a fee Roselyn House School / The RHISE Service should contact the individual promptly and inform them. Roselyn House School / The RHISE Service do not need to comply with the request until the fee has been received.

 

 

Record keeping

A record of all subject access requests shall be kept by the School Business Manager. The record shall include the date the SAR was received, the name of the requester, what data was sent to the requester and the date of the response.

 

 

 

 

Appendix A

ROSELYN HOUSR SCHOOL / THE RHISE SERVICE

Subject Access Request Form

 

The Data Protection Act 2018 provides you, the data subject, with a right to receive a copy of the data/information we hold about you or to authorise someone to act on your behalf.  Please complete this form if you wish to make a request for your data. Your request will normally be processed within one calendar month upon receipt of a fully completed form and proof of identity.

Proof of identity: We require proof of your identity before we can disclose personal data. Proof of your identity should include a copy of a document such as your birth certificate, passport, driving licence, official letter addressed to you at your address e.g. bank statement, recent utilities bill or council tax bill. The document should include your name, date of birth and current address. If you have changed your name, please supply relevant documents evidencing the change.   

Section 1

Please fill in the details of the data subject (i.e. the person whose data you are requesting). If you are not the data subject and you are applying on behalf of someone else, please fill in the details of the data subject below and not your own.      

Title

 

 

Surname/Family Name

 

First Name(s)/ Forename

 

Date of Birth

 

Address

 

Post Code

 

Phone Number

 

Email address

 

 

I am enclosing the following copies as proof of identity (please tick the relevant box):   

 

 Birth Certificate  

 Driving Licence      

 Passport    

 An official letter to my address

 

 

Personal Information

 

If you only want to know what information is held in specific records. please indicate in the box below. Please tell us if you know in which capacity the information is being held, together with any names or dates you may have. If you do not know exact dates, please give the year(s) that you think may be relevant. 

 

Details:

 

 

 

 

 

 

Employment records:

 

If you are, or have been employed by KS Education Limited and are seeking personal information in relation to your employment please provide details of your Staff number/Unit/Team/Dates of employment.                 

 

Details:

 

 

 

  

 

 

Section 2   

Please complete this section of the form with your details if you are acting on behalf of someone else (i.e. the data subject). 

If you are NOT the data subject, but an agent appointed on their behalf, you will need to provide evidence of your identity as well as that of the data subject and proof of your right to act on their behalf.   

 

Title

 

 

Surname/ Family Name

 

First Name(s)/Forenames

 

Date of Birth

 

 

Address

 

 

Post Code

 

 

Phone Number

 

 

 

I am enclosing the following copies as proof of identity (please tick the relevant box):   

 

 Birth Certificate  

 Driving Licence      

 Passport    

 An official letter to my address

 

 

What is your relationship to the data subject?  (e.g. parent, carer, legal representative)               

 

 

 

 

 

 

 

I am enclosing the following copy as proof of legal authorisation to act on behalf of the data subject:   

 

 Letter of authority     

 Lasting or Enduring Power of Attorney         

 Evidence of parental responsibility     

 Other (give details):    

 

 

 

 

Section 3

Please describe as detailed as possible what data you request access to (time period/ categories of data/ information relating to a specific case/ paper records/ electronic records).

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

I wish to:   

 

 Receive the information by post*

 Receive the information by email      

 Collect the information in person         

 View a copy of the information only     

 Go through the information with a member of staff        

 

*Please be aware that if you wish us to post the information to you, we will take every care to ensure that it is addressed correctly. However, we cannot be held liable if the information is lost in the post or incorrectly delivered or opened by someone else in your household. Loss or incorrect delivery may cause you embarrassment or harm if the information is 'sensitive'.   

 

 

Please send your completed form and proof of identity by email to:

rachel@roselynhouseschool.co.uk

 

ROSELYN HOUSE SCHOOL / THE RHISE SERVICE

 

FREEDOM OF INFORMATION POLICY

 

Introduction

 

The Freedom of Information Act 2000 gives individuals the right to access official information from public bodies. Under the Act, any person has a legal right to ask for access to information held by the school. They are entitled to be told whether the school holds the information, and to receive a copy, subject to certain exemptions. While the Act assumes openness, it recognises that certain information is sensitive. There are exemptions to protect this information.

 

Public Authorities should be clear and proactive about the information they will make public.

 

This policy does not form part of any individual’s terms and conditions of employment with KS Education Limited and is not intended to have contractual effect.

 

This policy should be used in conjunction with the Internet Use Policy and Data Protection Policy.

 

 

Requests

 

Requests under Freedom of Information should be made to Mrs R Smith. However the request can be addressed to anyone at Roselyn House School / The RHISE Service; so all staff need to be aware of the process for dealing with requests.

 

Requests for information that are not data protection or environmental information requests will be covered by the Freedom of Information Act: -

 

Data Protection enquiries (or subject access requests) are requests where the enquirer asks to see what personal information Roselyn House School / The RHISE Service holds about the enquirer. If the enquiry is a Data Protection request, the Data Protection Policy should be followed.

 

Environmental Information Regulations enquiries are those which relate to air, water, land, natural sites, built environment, flora and fauna, and health, and any decisions and activities affecting any of these. These could therefore include enquiries about recycling, phone masts, school playing fields, car parking etc. If the enquiry is about environmental information, follow the guidance on the Department for Environment, Food and Rural Affairs (DEFRA) website.

 

Freedom of Information requests must be made in writing, (including email), and should include the enquirers name and correspondence address (email addresses are allowed), and state what information they require. There must be enough information in the request to be able to identify and locate the information. If this information is covered by one of the other pieces of legislation (as referred to above), they will be dealt with under the relevant policy/procedure related to that request.

 

If the request is ambiguous and/or Roselyn House School / The RHISE Service require further information in order to deal with your request, they will request this further information directly from the individual making the request. Please note that Roselyn House School / The RHISE Service do not have to deal with the request until the further information is received. Therefore, the time limit starts from the date that Roselyn House School / The RHISE Service receives all information required in order to deal with the request.

 

The requester does not have to mention the Act, nor do they have to say why they want the information. There is a duty to respond to all requests, telling the enquirer whether or not the information is held, and supplying any information that is held, except where exemptions apply. There is a time limit of 20 working days excluding school holidays for responding to the request.

 

 

 

Information

 

Provided all requirements are met for a valid request to be made, Roselyn House School / The RHISE Service will provide the information that it holds (unless an exemption applies).

 

“Holding” information means information relating to the business of Roselyn House School / The RHISE Service:

 

  • That Roselyn House School / The RHISE Service has created; or
  • That Roselyn House School / The RHISE Service has received from another body or person; or
  • Held by another body on the behalf of Roselyn House School / The RHISE Service.

 

Information means both hard copy and digital information, including email.

 

If the information is held by another public authority, such as the Local Authority, first check with them they hold it, then transfer the request to them. If this applies, Roselyn House School / The RHISE Service will notify the enquirer that they do not hold the information and to whom they have transferred the request. Roselyn House School / The RHISE Service will continue to answer any parts of the enquiry in respect of information it does hold.

 

When Roselyn House School / The RHISE Service does not hold the information, it has no duty to create or acquire it; just to answer the enquiry, although a reasonable search will be made before confirming whether Roselyn House School / The RHISE Service has the information requested.

 

If the information requested is already in the public domain, for instance through the Publication Scheme or on Roselyn House School / The RHISE Service’s website, Roselyn House School / The RHISE Service will direct the enquirer to the information and explain how to access it.

 

The requester has the right to be told if the information requested is held by Roselyn House School / The RHISE Service (subject to any of the exemptions). This obligation is known as Roselyn House School / The RHISE Service ‘s ”duty to confirm or deny” that it holds the information. However, Roselyn House School / The RHISE Service does not have to confirm or deny if:-

 

  • The exemption is an absolute exemption; or
  • In the case of qualified exemptions, confirming or denying would itself disclose exempted information.

 

 

Vexatious Requests

 

There is no obligation on Roselyn House School / The RHISE Service  to comply with vexatious requests. A vexatious request is one which is designed to cause inconvenience, harassment or expense rather than to obtain information, and would require a substantial diversion of resources or would otherwise undermine the work of the school. This however does not provide an excuse for bad records management.

 

In addition, Roselyn House School / The RHISE Service do not have to comply with repeated identical or substantially similar requests from the same applicant unless a “reasonable” interval has elapsed between requests.

 

 

Fees

 

Roselyn House School / The RHISE Service may charge the requester a fee for providing the requested information. This will be dependent on whether the staffing costs in complying with the request exceeds the “threshold.” The threshold is currently £450 with staff costs calculated at a fixed rate of £25 per hour (therefore 18 hours’ work is required before the threshold is reached).

 

If a request would cost less than the threshold, then Roselyn House School / The RHISE Service can only charge for the cost of informing the applicant whether the information is held, and communicating the information to the applicant (e.g. photocopying, printing and postage costs).

 

When calculating costs/threshold, Roselyn House School / The RHISE Service can take account of the staff costs/time in determining whether the information is held by Roselyn House School / The RHISE Service, locating and retrieving the information, and extracting the information from other documents. Roselyn House School / The RHISE Service will not take account of the costs involved with considering whether information is exempt under the Act.

 

If a request would cost more than the appropriate limit, (£450) Roselyn House School / The RHISE Service can turn the request down, answer and charge a fee or answer and waive the fee.

 

If Roselyn House School / The RHISE Service are going to charge they will send the enquirer a fees notice. Roselyn House School / The RHISE Service do not have to comply with the request until the fee has been paid. More details on fees can be found on the ICO website.

 

If planning to turn down a request for cost reasons, or charge a high fee, you should contact the applicant in advance to discuss whether they would prefer the scope of the request to be modified so that, for example, it would cost less than the appropriate limit.

 

Where two or more requests are made to Roselyn House School / The RHISE Service by different people who appear to be acting together or as part of a campaign the estimated cost of complying with any of the requests may be taken to be the estimated total cost of complying with them all.

 

Time Limits

 

Compliance with a request must be prompt and within the time limit of 20 working days (excluding school holidays). Failure to comply could result in a complaint by the requester to the Information Commissioner. The response time starts from the time the request is received.

 

Where Roselyn House School / The RHISE Service has asked the enquirer for more information to enable it to answer, the 20 working days start time begins when this further information has been received.

 

If some information is exempt this will be detailed in Roselyn House School / The RHISE Service’s response.

 

If a qualified exemption applies and Roselyn House School / The RHISE Service need more time to consider the public interest test, Roselyn House School / The RHISE Service will reply in 20 working days stating that an exemption applies but include an estimate of the date by which a decision on the public interest test will be made. This should be within a “reasonable” time.

 

Where Roselyn House School / The RHISE Service has notified the enquirer that a charge is to be made, the time period stops until payment is received.

 

 

Third Party Data

 

Consultation of third parties may be required if their interests could be affected by release of the information requested, and any such consultation may influence the decision.

 

Consultation will be necessary where:

 

  • Disclosure of information may affect the legal rights of a third party, such as the right to have certain information treated in confidence or rights under Article 8 of the European Convention on Human Rights;
  • The views of the third party may assist Roselyn House School / The RHISE Service to determine if information is exempt from disclosure; or
  •  he views of the third party may assist Roselyn House School / The RHISE Service  to determine the public interest test.

 

Personal information requested by third parties is also exempt under this policy where release of that information would breach the Data Protection Act. If a request is made for a document (e.g. Governing Body minutes) which contains personal information whose release to a third party would breach the Data Protection Act, the document may be issued by blanking out the relevant personal information as set out in the redaction procedure.

 

Exemptions

 

The presumption of the Freedom of Information Act is that Roselyn House School / The RHISE Service will disclose information unless the Act provides a specific reason to withhold it. The Act recognises the need to preserve confidentiality and protect sensitive material in certain circumstances.

 

Roselyn House School / The RHISE Service may refuse all/part of a request, if one of the following applies: -

 

  1. There is an exemption to disclosure within the act;
  2. The information sought is not held;
  3. The request is considered vexatious or repeated; or
  4. The cost of compliance exceeds the threshold.

 

A series of exemptions are set out in the Act which allow the withholding of information in relation to an enquiry. Some are very specialised in their application (such as national security) and would not usually be relevant to schools.

 

There are two general categories of exemptions:-

 

  1. Absolute: where there is no requirement to confirm or deny that the information is held, disclose the information or consider the public interest; and
  2. Qualified: where, even if an exemption applies, there is a duty to consider the public interest in disclosing information.

 

 

Absolute Exemptions

 

There are eight absolute exemptions set out in the Act. However the following are the only absolute exemptions which will apply to Roselyn House School / The RHISE Service: -

 

  • Information accessible to the enquirer by other means (for example by way of the School’s Publication Scheme);
  • National Security/Court Records;
  • Personal information (i.e. information which would be covered by the Data Protection Act);
  • Information provided in confidence.

 

If an absolute exemption exists, it means that disclosure is not required by the Act. However, a decision could be taken to ignore the exemption and release the information taking into account all the facts of the case if it is felt necessary to do so.

 

 

Qualified Exemptions

 

If one of the below exemptions apply (i.e. a qualified disclosure), there is also a duty to consider the public interest in confirming or denying that the information exists and in disclosing information.

 

The qualified exemptions under the Act which would be applicable to Roselyn House School / The RHISE Service are: -

 

  • Information requested is intended for future publication (and it is reasonable in all the circumstances for the requester to wait until such time that the information is actually published);
  • Reasons of National Security;
  • Government/International Relations;
  • Release of the information is likely to prejudice any actual or potential legal action or formal investigation involving Roselyn House School / The RHISE Service;
  • Law enforcement (i.e. if disclosure would prejudice the prevention or detection of crime, the prosecution of offenders or the administration of justice);
  • Release of the information would prejudice the ability of Roselyn House School / The RHISE Service to carry out an effective audit of its accounts, resources and functions;
  • For Health and Safety purposes;
  • Information requested is Environmental information;
  • Information requested is subject to Legal professional privilege; and
  • For “Commercial Interest” reasons.

 

Where the potential exemption is a qualified exemption, Roselyn House School / The RHISE Service will consider the public interest test to identify if the public interest in applying the exemption outweighs the public interest in disclosing it.

 

In all cases, before writing to the enquirer, the person given responsibility by Roselyn House School / The RHISE Service for dealing with the request will need to ensure that the case has been properly considered, and that the reasons for refusal, or public interest test refusal, are sound.

 

Refusal

 

If it is decided to refuse a request, Roselyn House School / The RHISE Service will send a refusals notice, which must contain

 

  • The fact that the responsible person cannot provide the information asked for;
  • Which exemption(s) apply;
  • Why the exemption(s) apply to this enquiry (if it is not self-evident);
  • Reasons for refusal; and
  • The complaints procedure.

 

For monitoring purposes and in case of an appeal against a decision not to release the information or an investigation by the Information Commissioner, the responsible person must keep a record of all enquiries where all or part of the requested information is withheld and exemptions are claimed. The record must include the reasons for the decision to withhold the information.

 

 

Complaints/Appeals

 

Any written (including email) expression of dissatisfaction should be handled through the existing complaints procedure. Wherever practicable the review should be handled by someone not involved in the original decision.

 

The Governing Body should set and publish a target time for determining complaints and information on the success rate in meeting the target. Roselyn House School / The RHISE Service should maintain records of all complaints and their outcome.

 

If the outcome is that Roselyn House School / The RHISE Service’s original decision or action is upheld, then the applicant can appeal to the Information Commissioner. The appeal can be made via their website or in writing to:

 

Customer Contact
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF

 

 

Headteacher Awards week ending 16/10/20
Important Information for Parents & Carers 24th September Update

<< New image with text >>

Information for Prospective New Students
Eco Schools Update July 2020
Check Out Mr Howarth's Amazing Light Painting Tutorial
Please click on picture to read
The Oak National Academy launched on Monday 20 April. It will provide 180 video lessons for free each week, across a broad range of subjects, for every year group from Reception through to Year 10. It will continue to offer new lessons and resources each
The BBC has also launched its own education package across TV and online to help children keep learning. If you have any questions, please email COVID.Technology@education.gov.uk for more information.
Parents' Toolkit: SEND
Print Print | Sitemap
This website is maintaned By David Somers ICT Dept Roselyn House School © Roselyn House School 2020