keeping our data secure and relevant
At The White Hills Park Trust we take data protection and your rights as an individual very seriously. We have worked hard to ensure the appropriate policies and procedures are in place across our academies so we are compliant; that we collect and process data responsibly; and that we store and dispose of information in accordance with the law.
The General Data Protection Regulation (GDPR) came into effect on 25th May 2018.
The GDPR forms part of the data protection regime in the UK, together with the Data Protection Act 2018 (DPA 2018). More information on data protection can be found by visiting the Information Commissioners Office at www.ico.co.uk.
We collect and use personal information about staff, students, parents and other individuals who come into contact with the Trust. This information is gathered in order to enable us to provide education and other associated functions. In addition, there may be a legal requirement to collect and use information to ensure that the Trust complies with our statutory obligations.
Each Trust school has their own Management and Retention of Records Policy and Privacy Notices which can be found on their respective websites.
Subject Access Requests
Individuals have a right to make a Subject Access Request to gain access to the personal information that the Trust holds about them. As an organisation we collect and process data about individuals. We explain what information we collect, and why in our Data Protection Policy (see above).
All data subjects have the right to know:
- What information is held?
- Who holds it?
- Why is it held?
- What are the retention periods?
- That each data subject has rights. Consent can be withdrawn at any time (to some things).
- A right to request rectification, erasure or to limit or stop processing.
- A right to complain.
Many of these will be answered within our Data Protection Policy.
When dealing with Subject Access Requests, the Trust and Trust academies will always follow current data protection and other legislative guidance. The latest information from the ICO regarding access to pupils' information can be found here.
Any individual, or person with parental responsibility, or young person with sufficient capacity to make a request is entitled to ask what information is held. However, as a Multi Academy Trust, a student or parent/carer (person with parental responsibility/legal guardian) does not have a legal right to access a child’s educational record. It will be up to the Trust to decide whether to grant such access.
Please refer to the Information Commissioner's Office Subject Access Request Guidance for further information.
How do I request information?
If you wish to request information we hold, please make a Subject Access Request to the Trust in writing. Any written request from the individual (Data Subject) or person with parental responsibility will be considered as a valid request, as long as it contains the relevant information to enable us to deal with your request:
o Your name
o Correspondance address
o Contact number
o Email address
o Clear details of the information or data you would like to access
To make this as simple as possible, we have provided a template you can fill in and return by email, downloadable here.
To ensure that requests are dealt with in an effective and timely manner we may seek to clarify the terms of a request.
Exemptions to a SAR exist and may include:
- Education, Health, Social Work records
- Examination marks and scripts
- Safeguarding records
- Special educational needs
- Parental records and reports
- Legal advice and proceedings
- Adoption and Court records and/or reports
- Regulatory activity and official requests e.g. DfE statistical information
- National security, Crime and taxation
- Journalism, literature and art
- Research history, and statistics
- Confidential references
Evidence of identity, on the basis of the information set out and the signature on the identity must be cross-checked to that on the application form. Discretion about employees and persons known to the school may be applicable but if ID evidence is not required an explanation must be provided by school staff and signed and dated accordingly
If you are requesting information on behalf of someone else you must also provide written evidence that you have the Data Subject’s authority to ask for the information on their behalf, for example a signature on the Subject Access Request, a letter written by them, evidence of Power of Attorney, etc.
In either case, the request should be sent to:
Trust Operations Director
Bramcote College, Moor Lane, Bramcote, Nottinghamshire, NG9 3GA
If your Subject Access Request is valid and approved, you will be provided with either a printout or a photocopy of paper records. Where information is requested to be provided digitally (such as by email), we will only agree to this if it can be sent via an approved secure method in line with GDPR.
The information will be usually be provided within one calendar month of the request. However in some circumstances, for example the school is closed for holidays, this may be extended by up to another calendar month.
We will contact you to advise if we are unable to approve your request.
Do I need proof of identity?
If you are not known to the Trust or Trust academies, we may ask to see proof of your identity. The following forms of identity will be accepted as proof of identity:
- A copy of your passport
- A copy of your driving licence
- A copy of your Bank, Building Society or Credit Card statement in the Data Subject's name for the last quarter
- A copy of your Council Tax bill
Will I be charged for information provided?
We will follow guidance within current Data Protection legislation in relation to charges for information. See the ICO website for further information.
What do I do if the data is incorrect?
Please contact the Trust to tell us what is incorrect and ask for it to be corrected. You can also appeal to the Information Commissioner if we do not correct the information.