Here at Hillcrest Primary School, just like schools throughout the country, we collect a variety of data about our students and parents/carers, staff and volunteers.
Under the new General Data Protection Regulation (GDPR) laws, that came into effect on 25th May 2018, we now publish a variety of documents for your information, informing you how we use and store people's personal information.
The GDPR is in place to give data subjects control of their data and gives organisations processing that data (including schools) more responsibilities in relation to how they collect, process, store, share and destroy data. It’s not just about information technology, but all data we hold as an organisation.
As a school we collect and hold a great deal of personal data - not only about students, but also staff, parents, volunteers, visitors, suppliers and other ‘data subjects’. GDPR requires us to not only minimise any risks to the unauthorised access and loss of personal data within the organisation, but also to provide evidence and documentation of our processing activity.
In order to demonstrate our commitment to GDPR compliance we are doing the following:
- Documenting our processing activity, including ensuring we have a lawful basis for processing
- Auditing this processing and identifying and creating an action plan to mitigate any risks to personal data
- Documenting the compliance of third-party providers and reviewing contracts to ensure compliance with GDPR
- Ensuring that we have processes and procedures in place to ensure the rights of data subjects
- Reviewing the technical and organisational measures in place to protect data
- Training staff on GDPR and our data handling procedures – we hope Governor’s will also undertake this training.
We have also appointed an external organisation, Data Protection Education Ltd. as our Data Protection Officer. Our named DPO within that organisation is Stuart Lee.
As a school we collect and process large amounts of data. We take our responsibility as custodians of this data very seriously and embrace the opportunities GDPR provides to make improvements in how we handle data.
GDPR is a long-term project and we are committed to developing a privacy programme that becomes a cornerstone of our approach to data in the school. Whilst there will be changes, we are committed to ensuring that there is no negative impact on teaching and learning and the welfare of students and staff.
Processors of Data
We use several third party data processors to enable us to carry out our educational duties. All data processors are GDPR compliant and their GDPR information can be found below.
Times Tables Rockstars https://ttrockstars.com/page/privacy
Reading Planet https://www.hoddereducation.co.uk/privacynotice
Lexia Core 5 https://www.lexialearning.com/website-privacy-policy
Third Space Planning https://www.lexiauk.co.uk/privacy-policy/
Thrive Online https://www.thriveapproach.com/privacy-policy/
Google Classroom https://edu.google.com/intl/en_uk/why-google/privacy-security/
Class DoJo https://www.classdojo.com/en-gb/privacy/
Pret-a-Portrait prêt-a-portrait » Privacy Statement (pret-a-portrait.net)
CCTV on site
To keep our pupils, adults and site safe, we utilise Closed Circuit Television cameras around the school site. Please note that our CCTV system records images for viewing at a later date.