Sheffield Catholic Schools Partnership
Privacy Notice for SCITT Trainees at the Sheffield SCITT
Hallmark: We honour the dignity and sacredness of each person.
This statement should be read in conjunction with the Data Protection Policy.
This statement is intended to provide information as to how we will collect, use or process personal data relating to SCITT Trainees.
Responsibility for Data Protection
Notre Dame High School is registered with the Information Commissioner’s Office. The registration number is Z8538235.
The Data Protection Officer (DPO) for the school is John Coats. The DPO can be contacted on email@example.com or 0114 2302536.
The school workforce has a responsibility to abide by school policies and the law relating to data protection.
The Data Protection Act 1998: Why do we collect and use SCITT Trainee information?
By SCITT Trainees we mean anyone who has applied to the Sheffield SCITT, who may be considering applying to the Sheffield SCITT, is currently studying at the Sheffield SCITT, or has studied at the Sheffield SCITT. For the purposes of clarity, this excludes trainees who apply to School Direct Lead schools for whom we are the Accredited Provider. We collect and use SCITT Trainee information under the following Articles of the General Data Protection Regulations (GDPR)
Processing shall be lawful only if and to the extent that at least one of the following applies:
6 (1) a. The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
6 (1) e. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
With regards to the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited except:
9 (2) a. Where we have explicit consent of the data subject.
For the avoidance of doubt, throughout this document we are using and applying the GDPR definition of consent, namely “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative actions, signifies agreement to the processing of personal data relating to him or her.”
We use SCITT Trainee data:
- To communicate with potential applicants to the SCITT;
- To run an appropriate training programme for SCITT Trainees;
- To monitor and report on the progress of SCITT Trainees;
- To provide further support SCITT Trainees during their early career;
- To satisfy the requirements of pre-employment checks / Single Central Record recording;
- To enable management of bursaries, grants and funding as required;
- To assist with supervision and safety of pupils;
- To assess the quality of our services;
- To comply with the law regarding data sharing.
The categories of SCITT Trainee information that we collect, hold and share include:
- Personal information (such as name, employee or teacher number, national insurance number, address and a copy of a document confirming proof of address, telephone number);
- Emergency contact information (such as name, address, telephone number);
- Characteristics (such as ethnicity, language, religion, nationality, country of birth, gender, age);
- Bank/building society information to enable payment of bursaries;
- Medical information that is provided by a trainee;
- Qualifications and employment history;
- Result of a DBS check;
- Result of an employer access teaching barred list check;
- School workforce images including photographic identification document;
- Computer use history, including web browsing history and email records;
- CCTV footage;
- Course information (such as dates of training, placement schools, assessment and monitoring information;
- Attendance information (such as sessions attended, number of absences and absence reasons, completed self-certificates, completed return to work forms, doctors notes and other medical evidence);
- Destination schools and employment.
Collecting SCITT Trainee information
Whilst the majority of SCITT Trainee information provided to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you at the point of data collection whether you are required to provide certain information to us or if you have a choice in this.
Storing SCITT Trainee information
- Unless stated below we hold SCITT Trainee personnel files for 6 years after the termination date of their training;
- We will store personal data relating to potential SCITT Trainee applications until the end of the academic year in which the application was made.
- We will erase any personal information relating to an unsuccessful SCITT Trainee application until the end of the academic year in which the application was made.
- Where an allegation of a child protection nature has been made against a SCITT Trainee, including where the allegation is unfounded, we hold personal files until the person’s normal retirement age or 10 years from the date of the allegation, whichever is the longer, and then review on a case by case basis as per “Keeping Children Safe in Education Statutory Guidance for Schools and Colleges September 2016” and “Working together to Safeguard Children. A Guide to Inter-Agency Working to Safeguard and Promote the Welfare of Children March 2015.”
- Where former SCITT Trainees have given consent, we store personal information (name and contact details) to enable alumni to remain involved with the school community until such point as they withdraw that consent;
- CCTV footage is stored in line with the policies of the schools where the SCITT Trainees are placed and/or receive their training. Any CCTV footage collected at Notre Dame school is stored for a maximum period of 4 school weeks unless there are specific circumstances that fall under Article 6 (1)e of the GDPR that would allow us to retain footage for a longer period.
Who do we share SCITT Trainee information with?
We routinely share SCITT Trainee information with:
- The Department for Education (DfE);
- The school’s appointed accountants for statutory financial auditing, currently UHY Hacker Young;
Where the data sharing is not undertaken on a statutory basis, we will ensure that we have either:
- A contractual agreement for the sharing of data with the company concerned demonstrating compliance to GDPR; or
- A copy of an up-to-date privacy statement from the company that satisfactorily demonstrates their compliance to GDPR for the purposes of the data sharing concerned. This will include those companies where school workforce is directed by the school to register online using their school email address.
A register of companies and organisations with whom we share data on a non-statutory basis is maintained by the Data Protection Officer and currently includes:
- Companies taking school photographs – currently Gillman & Soames – in order that we can provide pupils and staff with an opportunity to purchase school photographs;
- Other schools in involved in the delivery of our SCITT programme – in order to run an appropriate training programme for SCITT Trainees, to monitor and report on the progress of SCITT Trainees and to assess the quality of our provision.
- COPE Occupational Health Scheme – to allow school workforce to access occupational health support;
- Universities and potential employers where a reference is asked for – in order to support job applications.
Why we share SCITT Trainee information
We will not share information about you with third parties without your consent unless the law and our policies allow us to do so. We are required, by law, to pass on some of this personal data:
We share personal data with the Department for Education (DfE) on a statutory basis. This data sharing underpins workforce policy monitoring, evaluation, and links to school funding / expenditure and the assessment of educational attainment.
We share personal data with our appointed accountants to fulfil our statutory auditing requirements as a limited liability company and to fulfil our internal auditing procedures.
Requesting access to your personal information
Under data protection legislation, the school workforce has the right to request access to information about them that we hold. This is referred to as a Subject Access Request (SAR). The GDPR clarifies that the reason for allowing individuals to access their personal data is so that they are aware of and can verify the lawfulness of the data processing. To make a request for your personal information, contact the Data Protection Officer.
You also have the right to:
- Object to processing of personal data that is likely to cause, or is causing, damage or distress;
- Prevent processing for the purpose of direct marketing;
- Object to decisions being taken by automated means;
- In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- Claim compensation for damages caused by a breach of the Data Protection regulations.
To make a SAR, or to exercise any of your rights under data protection regulation, you should contact the Data Protection Officer at the school.
On receipt of a request to exercise any of your rights under data protection regulation, the school will:
- Respond to acknowledge receipt of your request;
- Request proof of identify of the person making the request;
- Inform you as to whether there are any statutory reasons why we may be unable to respond to your request;
- Act in accordance with the GDPR in terms of our actions in response to your request, and with due regard to the timescales set out in the GDPR.
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/
If you want to see a copy of information about you that we hold, please contact the Data Protection Officer.