Privacy Notice (How we use student information)
Rochdale Sixth Form College, part of the Altus Education Partnership needs to collect and process personal data in order to provide services to students, manage its operations and to meet certain legal obligations.
The purpose of this privacy notice is to explain how we collect and use your personal data.
For the purposes of this notice, Altus Education Partnership (“we”, “us”, “our”) is the data controller for any personal data we process about you. Altus Education Partnership is registered as a data controller with the Information Commissioner’s Office.
In the event of any changes to this privacy notice, the updated version will always be available on the college website.
The categories of student information that we process include:
- personal identifiers and contacts (such as name, unique student number, contact details and address)
- characteristics (such as ethnicity, language, and free school meal eligibility)
- safeguarding information (such as court orders and professional involvement)
- special educational needs (including the needs and ranking)
- medical and administration (such as medical conditions, medication and dietary requirements)
- attendance (such as sessions attended, number of absences, absence reasons and any previous schools attended)
- assessment and attainment (such as GCSE or A Level results, internal assessment outcomes, external assessments such as BMAT)
- behavioural information (such as exclusions and any relevant alternative provision put in place)
- payment information (such as payments for trips via ParentPay or directly to the Finance Office)
- trips and activities information (such as next of kin contact information)
Why we collect and use student information
We collect and use student information, for the following purposes:
- to support student learning
- to monitor and report on student attainment & progress
- to provide appropriate pastoral care
- to assess the quality of our services
- to safeguard children and young people
- to meet the statutory duties placed upon us for DfE and ESFA data collections
- to meet our duties with regard to the prevention and detection of crime
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing student information are:
(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
A full list of the purposes for which we process personal data and the legal basis for such processing is available via the college website.
Sensitive Personal Data
This refers to information about more sensitive topics. For example: a person’s race and ethnicity, political opinions, religious beliefs, membership of trade unions, physical or mental health, sexuality, and criminal offences.
GDPR Article 9 paragraph 1 states that:
- Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.
- Paragraph 1 shall not apply if one of the following applies:
- Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
We collect sensitive personal data (racial/ethnicity data and medical information) in accordance with the exemption in paragraph j. The relevant legislation that require us to collect such information is detailed below:
The Education (Information About Individual Pupils) (England) Regulations 2013 section 5 state that:
- Within fourteen days of receiving a request from the Secretary of State, the proprietor of a non-maintained special school or an Academy(16) shall provide to the Secretary of State such of the information referred to in Schedule 1 and (where the request stipulates) in respect of such categories of pupils, or former pupils, as is so requested.
The Children and Families Act 2014 places a duty of care on appropriate authorities to support students with medical conditions:
100 (1) The appropriate authority for a school to which this section applies must make arrangements for supporting pupils at the school with medical conditions.
How we collect student information
Most of the student information that you provide to us will be collected at the point of application (via the online application or paper application form). We will review this information with you and collect any additional information at interview and again at enrolment. The majority of the information that you provide is mandatory but where consent is needed, we will inform you that you have a choice and right to refuse or to withdraw your consent at a later date.
We may also collect data (such as prior achievements or ULN number) via the Learner Records Service.
We may collect information from the Local Authority or your former school (e.g. Free School Meal information).
We collect results information from awarding bodies via Electronic Data Interchange (EDI) file. Information is also provided to the college by the DfE via the tables checking website for the purpose of checking results against those received from the awarding bodies.
How we store student data
We hold student data securely for the set amount of time shown in our data retention schedule.
Who we share student information with
We routinely share student information with:
- students’ previous school(s)
- schools that the students attend after leaving us
- the local authority
- youth support services (students aged 13+)
- the Department for Education (DfE) and Education & Skills Funding Agency (ESFA)
- NHS / college nurse
- Third party organisations that process data on our behalf (for example Alps)
- Third party professional services (for example Social Services)
- Third parties permitted by law
- The press (results information is published in local newspapers)
Why we regularly share student information
We do not share information about our students with anyone without consent unless the law and our policies allow us to do so.
How Government uses your data
The Department for Education (DfE) collects personal data from educational settings and local authorities via various statutory data collections. We are required to share information about our students with the Department for Education (DfE) either directly or via our local authority for the purpose of those data collections, under The Education (Information About Individual Students) (England) Regulations 2013:
Part 4 requires us to provide data for each learning aim undertaken by a student including:
- the qualification number
- the date on which the pupil started the learning aim
- the date by which the pupil and the pupil’s school together plan or planned that the pupil will complete, or was to have completed, the learning aim
- the date (if applicable) on which the pupil completed the learning aim and the result obtained
- information as to the pupil’s progress or status in respect of the learning aim
- information identifying the syllabus, the subject and the awarding body for the qualification. 35. Where applicable, the date the pupil left the school
Part 5 requires us to provide information about students awarded bursaries.
The student data that we lawfully share with the DfE through data collections:
- underpins school funding, which is calculated based upon the numbers of children and their characteristics in each school.
- informs ‘short term’ education policy monitoring and school accountability and intervention (for example, school GCSE results or Student Progress measures).
- supports ‘longer term’ research and monitoring of educational policy (for example how certain subject choices go on to affect education or earnings beyond school)
Data collection requirements
To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools
All data is transferred securely and held by DfE under a combination of software and hardware controls, which meet the current government security policy framework.
Sharing by the Department
The law allows the Department to share students’ personal data with certain third parties, including:
- local authorities
- organisations connected with promoting the education or wellbeing of children in England
- other government departments and agencies
- organisations fighting or identifying crime
For more information about the Department’s NPD data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data
Organisations fighting or identifying crime may use their legal powers to contact DfE to request access to individual level information relevant to detecting that crime. Whilst numbers fluctuate slightly over time, DfE typically supplies data on around 600 students per year to the Home Office and roughly 1 per year to the Police.
For information about which organisations the Department has provided student information, (and for which project) or to access a monthly breakdown of data share volumes with Home Office and the Police please visit the following website: https://www.gov.uk/government/publications/dfe-external-data-shares
To contact DfE: https://www.gov.uk/contact-dfe
The National Pupil Database (NPD)
Much of the data about students in England goes on to be held in the National Student Database (NPD).
The NPD is owned and managed by the Department for Education and contains information about students in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department.
It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
To find out more about the NPD, go to https://www.gov.uk/government/publications/national-student-database-user-guide-and-supporting-information
The Learner Records Service
The Learning Records Service (LRS) is operated by the ESFA. The LRS collects information about learners registering for relevant post-14 qualifications, for example:
- GCSEs and A-Levels
- Entry to Employment Certificates
- Regulated Qualifications Frameworks
- Welsh Baccalaureate and associated units
The LRS uses your information to:
- issue you with a Unique Learner Number (ULN)
- create your Personal Learning Record (PLR)
In most cases, you will have been registered with the LRS at school but if you were not or if any of your information has changed, we may need to share your data. The privacy notice for the LRS can be found here: https://www.gov.uk/government/publications/lrs-privacy-notices/lrs-privacy-notice
Requesting access to your personal data
Under data protection legislation, parents and students have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact our Data Protection Officer.
You also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress
- prevent processing for the purpose of direct marketing
- object to decisions being taken by automated means
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- a right to seek redress, either through the ICO, or through the courts
If you have a concern or complaint about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/
If you would like to discuss anything in this privacy notice, please contact:
Data Protection Officer
Rochdale Sixth Form College