School User Privacy Policy

Manor Teaching School Hub (which includes its strategic and delivery partners as referred to in the DfE TSH Delivery Plan) are committed to providing a secure and safeguarded environment for all its workforce and associates. Security of all data and personal information is of paramount importance and we strongly believe that each and every person has a duty of care to ensure all personal data is treated with upmost respect and care. It is strongly advised that you read carefully the Manor Multi Academy Trust Data Protection Policy, e-Safety Policy and the Manor Teaching School Hub Safeguarding and Child Protection Policy that encompass our true reflection on our approach to all aspects of operating our secure environment. It is also very important that our associates understand that the use of any personal data will be lawfully processed and used for multiple work-related purposes during the term of your engagement with Manor Teaching School Hub. We encourage you to question this if they feel this may not be the case and to bring to the immediate attention of the MAT Data Protection Officer. The categories of Teaching School Hub information that we process include: • personal information (such as name, employee or teacher number, national insurance number) • characteristics information (such as gender, age, ethnic group) • photographs • education details • limited employment details • CPD information (training record) • relevant medical and dietary information • DBS (Disclosure & Barring Service) – may include Passport, Utility Bills, Driving Li-cense information • emergency contact details (Name and contact number) of spouse, partner or fami-ly members • Attending School Member Class / Child Information (limited personal detail but re-lated progress is required)

This list is not exhaustive but covers the majority of personal details we may process and hold on record during the time with us. It is important the Teaching School Hub attendees relay the Privacy documentation to their school for reference.   Why we collect and use this information

We use this data to:

a) enable the development of a comprehensive picture of the individual b) inform the development and continuing work of the Teaching School Hub c) to maintain our own accounts and records of everyone using the services we pro-vide d) to meet audit requirements e) to meet statutory requirements f) to support staff training effectively g) to assess the quality of our provision h) to comply with the law regarding data sharing

Under the UK General Data Protection Regulation (GDPR), the legal basis we rely on for processing personal information for general purposes are (Article 6):

  1. Processing shall be lawful only if and to the extent that at least one of the follow-ing applies:
  2. the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  3. processing is necessary for the performance of a contract to which the data sub-ject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  4. processing is necessary for compliance with a legal obligation to which the con-troller is subject;
  5. processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  6. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

  7. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which re-quire protection of personal data, in particular where the data subject is a child. Point (6) of the first subparagraph shall not apply to processing carried out by public authorities in the performance of their tasks.

  8. Member States may maintain or introduce more specific provisions to adapt the ap-plication of the rules of this Regulation with regard to processing for compliance with points (c) and (e) of “Why we collect this information” by determining more precisely specific requirements for the processing and other measures to ensure lawful and fair processing including for other specific processing situations as pro-vided for in Article 85-91.

  9. The basis for the processing referred to in point (c) and (e) of “Why we collect this information” shall be laid down by:

  10. Union law; or

  11. Member State law to which the controller is subject. The purpose of the processing shall be determined in that legal basis or, as regards the processing referred to in point (e) of paragraph 1, shall be necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. That legal basis may contain specific provisions to adapt the application of rules of this Regulation, inter alia: the general conditions governing the lawfulness of processing by the controller; the types of data which are subject to the processing; the data subjects concerned; the entities to, and the purposes for which, the personal data may be disclosed; the purpose limitation; storage periods; and processing operations and processing procedures, including measures to ensure lawful and fair processing such as those for other specific processing situations as provided for in Chapter IX. 4The Union or the Member State law shall meet an objective of public interest and be proportionate to the legitimate aim pursued.

  12. Where the processing for a purpose other than that for which the personal data have been collected is not based on the data subject’s consent or on a Union or Member State law which constitutes a necessary and proportionate measure in a democratic society to safeguard the objectives referred to in Article 23, the con-troller shall, in order to ascertain whether processing for another purpose is com-patible with the purpose for which the personal data are initially collected, take into account, inter alia:

  13. any link between the purposes for which the personal data have been collected and the purposes of the intended further processing;
  14. the context in which the personal data have been collected, in particular re-garding the relationship between data subjects and the controller;
  15. the nature of the personal data, in particular whether special categories of per-sonal data are processed, pursuant to Article 9, or whether personal data relat-ed to criminal convictions and offences are processed, pursuant to Article 10;
  16. the possible consequences of the intended further processing for data subjects;
  17. the existence of appropriate safeguards, which may include encryption or pseu-donym

In addition, concerning any special category data (Article 9): 1. Processing of personal data revealing racial or ethnic origin, political opinions, reli-gious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural per-son, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited. 2. Paragraph 1 shall not apply if one of the following applies: 1. the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject; 2. processing is necessary for the purposes of carrying out the obligations and ex-ercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is au-thorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject; 3. processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent; 4. processing is carried out in the course of its legitimate activities with appropri-ate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects; 5. processing relates to personal data which are manifestly made public by the da-ta subject; 6. processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity; 7. processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, re-spect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject; 8. processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3; 9. processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or en-suring high standards of quality and safety of health care and of medicinal prod-ucts or medical devices, on the basis of Union or Member State law which pro-vides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy; 10. processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the in-terests of the data subject. 3. Personal data referred to in paragraph 1 may be processed for the purposes re-ferred to in point (h) of paragraph 2 when those data are processed by or under the responsibility of a professional subject to the obligation of professional secrecy un-der Union or Member State law or rules established by national competent bodies or by another person also subject to an obligation of secrecy under Union or Mem-ber State law or rules established by national competent bodies. 4. Member States may maintain or introduce further conditions, including limitations, with regard to the processing of genetic data, biometric data or data concerning health.

Collecting your information We may collect personal information via electronic or manual handwritten form method.

Storing your information We hold data securely for service users of Manor Teaching School Hub and its Strategic Partner Schools will retain workforce information during the employment of the individual concerned. Workforce information can be stored in two secure ways. Manual records will be kept in a secure room within secure locked filing cabinets. Physical access to the storage is limited by key access on both parts. Electronically the information is securely stored on local server infrastructure on an encrypted physical drive which is also permissioned and account password protected accordingly to staff that only require access to this information. Administrative ICT access is allowed for maintenance reasons including backup and retention. It is also requires us to remove the information as and when the retention schedule on the data ends. Onsite and Offsite backup location remain with the Multi Academy Trust and not shared with any 3rd Party. Information may be secured within Manor Multi Academy Trust Microsoft Office 365 cloud environment and again this is account password protected and permissioned accordingly. Policy determines that all information synchronised / stored on devices are account / password or pin protected as well as being encrypted if Windows/ Google or Apple based. Mobile devices require a minimum of pin code or password protection which are not to be shared. All School devices are encrypted, monitored (laptops) and geographically tracked and managed (iPADS) using our two different methods of Safeguarding software across the Trust. Teaching School Hubs are required to store your information on the DFE Data Collection Hub online service hosted by the DFE. Manor Teaching School Hub will use online systems to help manage the day to day running of the service which include specifically systems such as ECT Manager. Access to online systems will be secure and permissioned appropriately within job roles associated across Manor Teaching School Hub and its associated Strategic Partners and working partner organisations if required.

Who we share your information with We routinely share this information with:

• The Department for Education (DfE) and central government • School SLE and Administrative staff and governing committees of Manor Teaching School Hub • The Directors of Manor MAT • Strategic and delivery partners of Manor Teaching School Hub • Financial organisations and systems we use • Law enforcement organisation and courts • Business associates and other professional advisers • Security organisations (including CCTV and signing in systems) • Press and the media (with consent)

The above list is not exhaustive but includes current working practices and the potential for information to be shared with legally, appropriately and purposefully in the interest of all parties involved.

Why we share your information We do not share information about our workforce members with anyone without consent unless the law and our policies allow us to do so.

Our main purposes to share the information with the DFE are: a) Summary Evidence of support b) Summary of Data to demonstrate impact and outcomes of delivery ofteaching school hub role against KPIs

Department for Education The Department for Education (DfE) collects personal data from educational settings and local authorities via various statutory data collections. We are required to share information about our children and young people with the Department for Education (DfE) for the purpose of those data collections, in accordance with the Data Protection Act 1998.

All data is transferred securely and held by DfE under a combination of software and hardware controls which meet the current government security policy framework.

Requesting access to your personal data Under data protection legislation, you have the right to request access to information about you that we hold. To make a request for your personal information, contact the Manor Teaching School Hub Data Protection Officer.

You also have the right to:

• object to processing of personal data that is likely to cause, or is causing, damage or distress • prevent processing for the purpose of direct marketing • object to decisions being taken by automated means • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and • a right to seek redress, either through the ICO, or through the courts

If you have a concern about the way we are collecting or using your personal data, we ask that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/

Contact If you would like to discuss anything in this privacy notice, please contact:

If you would like to get any further clarification of the information about you that Manor Multi Academy Trust (Manor Primary School) shares with the DfE or how they use your information, please contact: Email: [email protected]

Manor Teaching School Hub Ettingshall Road Wolverhampton West Midlands WV14 9UQ

Telephone: 01902 556460

How Government uses your data

The Department has robust processes in place to ensure that the confidentiality of personal data is maintained and there are stringent controls in place regarding access to it and its use. Decisions on whether DfE releases personal data to third parties are subject to a strict approval process and based on a detailed assessment of:

• who is requesting the data • the purpose for which it is required • the level and sensitivity of data requested; and • the arrangements in place to securely store and handle the data

To be granted access to your information, organisations must comply with its strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.

To contact the department: https://www.gov.uk/contact-dfe