GDPR Privacy Notice

Abercarn Primary School

 GDPR Privacy Notice


As school we collect and use data in a various ways.

New General Data Protection Regulations (GDPR) are to be released on 25th May 2018, and they will have implications for all schools and businesses that use data.  As a school we need to comply with these guidelines and make individuals aware of how their data is used and stored within our organisation.

How we use pupil information

Why do we collect and use pupil information and Legal Basis for Using Information

We collect and use pupil information under section 537A of the Education Act 1996, and section 83 of the Children Act 1989. We also comply with Article 6(1)(c) and Article 9(2)(b) of the General Data Protection Regulation (GDPR).

We use the pupil data:


·         As part of our admissions process

·         To support teaching and learning

·         To monitor and report on pupil progress to provide appropriate pastoral care

·         To assess the quality of our services

·         To comply with the law regarding data sharing

·         To access our school meals, payments and school communication system   

·         To support you (pupils) to decide what to do after they leave school


Categories of pupil information that we collect, hold and share include:

·         Personal information (such as name, unique pupil number and contact details)

·         Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility)

·         Attendance information (such as sessions attended, number of absences and absence reasons)

·         National curriculum assessment results, special educational needs information, relevant medical information


Collecting pupil information

Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain pupil information to us, or if you have a choice in this.


Storing pupil information

Abercarn Primary School keeps information about you on computer systems and also sometimes on paper.


We hold your education records securely (computerised and paper) in accordance with guidance issued by the Local Authority regarding document retention i.e. to comply with legal requirements.


Prime documents linked to Safeguarding, SEN, Educational Psychology, are transferred to Secondary School.


Access to the school’s IT and Data Systems is restricted to authorised individuals only and is underpinned and protected by our Digital Safety and Acceptable Usage Policies. Access is logged and routinely monitored to protect users and the integrity and security of systems and data.


Abercarn Primary School adheres to the following retention periods for computer held personal data:


·         Pupil Google mailboxes/Drive are retained for a period of 2 calendar year.

·         Staff local home drives and mailboxes/Drive are retained for a period of 5 calendar years.

·         System and Web Filter logs are retained for a period of 1 calendar year with the exception of print logs which are held for a period of 1 calendar year and 1 month. (LA)

·         CCTV Footage is retained for a period of 30 days.

·         Pupil information is retained on our SIMS system (School Management Information System) and retained for a period of 25 years.


Access to data on all laptop computers is secured through encryption pens or other means, to provide confidentiality of a data in the event of loss or theft of equipment. NO DATA will be stored on laptop/computer hard drive.



After the following retention periods the data is deleted securely from our systems

Where data resides on third party systems e.g. Google Apps, contracts exist to ensure data security, integrity and retention periods match legislation with Abercarn Primary School in house systems.


All system backups are encrypted and are held in multiple, physically secure locations as part of the school’s disaster recovery plan. (LA)


There are strict controls on who can see your information. We will not share your data if you have advised us that you do not want it shared unless it is the only way we can make sure you stay safe and healthy, we are legally required to do so or the data is required for operational purposes.


Paper records are held in lockable cabinets. All visitors to site have a photograph taken and are logged into an electronic visitors access system. Control to areas where records are stored is restricted – pupils and visitors are not permitted to access any such area unless required and under the supervision of a staff member.  


Who do we share pupil information with?

We routinely share pupil information with:

·         Our local authority (Caerphilly CB Council) and the Education Achievement Service (EAS)

·         Welsh Assembly Government


Why we share pupil information

We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.

We share pupils’ data with the Welsh Assembly Government on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.

To find out more about the data collection requirements placed on us by the Welsh Assembly Government (for example; PLASC) go to

The school will, on an annual basis, share individual Data Collection Sheets with you in order to ensure that our records are accurate and up to date.


Requests for Information

All recorded information held by the School may be subject to requests under the Freedom of Information Act 2000, and the General Data Protection Regulations. If you would like to submit a Freedom of Information / Subject Access Request, you can e-mail us here.


Subject Access Requests will be dealt with within one month (including weekends) of the date of receipt by the school. Please note that no charge is made for this information.


Requests should be marked for the attention of  Gareth Roden and e-mailed to:


Your Rights

The Data Protection Act/GDPR gives you a number of rights.  Please note that not all of your rights are absolute and we will need to consider your request upon receipt.


You have the right to request;


·         to have your data rectified if it is inaccurate or incomplete.

·         to have your data erased.

·         to restrict the processing of your data.

·         to exercise your right to data portability.

·         to object to the processing for the purposes of direct marketing, profiling and automated decision making.


If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance by contacting one of the two School contacts detailed below or directly to the Information Commissioner’s Office at:-



If you would like to get a copy of the information about you that Caerphilly CB Council provides to other providers please contact: Joanne Jones on telephone no: (01443) 864322 or Email:


If you would like to discuss anything in this privacy notice, please contact: Head Teacher – Gareth Roden or Digital Media Manager – Luke Greenslade who will be pleased to assist.

Last modified: Sunday, 27 May 2018, 9:01 PM