Data Protection Policy

Kip McGrath South Lakes Academy is committed to managing confidential information in accordance with the requirements of the Data Protection Act 1998. Children and young people have a right to confidentiality, unless Kip McGrath South Lakes Academy or a staff member considers that they could be at risk of abuse and/or harm.

1. Introduction

Kip McGrath South Lakes Academy needs to collect and use certain types of information about the students who come in to contact with Kip McGrath South Lakes Academy in order to carry out our work. This personal information must be collected and dealt with appropriately regardless of how it is collated, be it written on paper, stored on an electronic database or any other form of data collection. The Data Protection Act 1998, sets out the standards for the safeguarding of this information.

This policy applies to all members of staff at Kip McGrath South Lakes Academy. Kip McGrath South Lakes Academy also expects that any other organisations or individuals who may have access to personal information will have read and comply with this policy. Any breach of the Data Protection Act 1998, or the Kip McGrath South Lakes Academy Data Protection Policy, will be considered to be an offence and disciplinary procedures will then commence.

2. Data Controller

As a matter of good practice, Kip McGrath South Lakes Academy recognises that Tunde Christie and Michelle Christie as the nominated Data Controllers under the Data Protection Act 1998, This means that it is the responsibility of the Data Controller to determine what purpose personal information held, will be used for. This person is also responsible for notifying the Information Commissioner of the data it holds or is likely to hold and the general reasons that this information is used for in an ethical and lawful manner.

3. Disclosure
The law allows for Kip McGrath South Lakes Academy to share data (including sensitive information) without a persons consent in certain circumstances as set out below.
These are:
• As a legal duty authorised by the Secretary of State
• Protecting the interests of a young person or vulnerable adult
• Where the young person or vulnerable adult has already publically disclosed information
• In response to any legal proceedings, getting legal advice or defending legal rights
• Monitoring for equal opportunities purposes, for example, race, disability or religion
• Providing a confidential service where the young persons or vulnerable adults consent cannot be obtained, or where it is deemed reasonable to proceed without the consent, for example, to avoid forcing an already stressed or ill person to providing consent signatures.

4. Principles
Kip McGrath South Lakes Academy regards the correct and lawful treatment of personal information as a very important aspect to their successful working with, and maintaining the confidence of those who come in to contact with the Kip McGrath South Lakes Academy. Therefore, Kip McGrath South Lakes Academy will adhere to the principles of data protection as outlined in the Data Protection Act 1998.

1. Personal information is fairly and lawfully processed – Kip McGrath South Lakes Academy will always put our logo on all paperwork, stating our intentions on processing the data and state if, and to whom, we intend to give the personal data. Also provide an indication of the duration the data will be kept

2. Purpose – Kip McGrath South Lakes Academy will not use the data for any other purpose other than those agreed by the person of whom the data is held. If the data is requested by any external organisations for any reason, then data will only be passed with the permission of the data subject (unless it is deemed inappropriate to gain permission – as outlined in section 3 ‘Disclosure’). External organisations are required to state the purpose of the request and agree to abide by the Data Protection Act 1998, and Kip McGrath South Lakes Academy’s Data Protection Policy.

3. Adequate – Kip McGrath South Lakes Academy shall ensure that the data collected will be adequate, relevant and not excessive, nor too little, in respect of the individuals about whom the data is held. If the data collected is deemed excessive for any reason, then it will be immediately deleted or destroyed.

4. Accurate and up-to-date – All data collected by Kip McGrath South Lakes Academy will be kept up-to-date, with annual checks made on the data, which will then be either updated or irrelevant data, longer required, being destroyed. It is the responsibility of individuals to ensure that the the data held by Kip McGrath South Lakes Academy is accurate and up-to-date. Completion of any data forms provided by Kip McGrath South Lakes Academy will be considered accurate. Individuals should notify Kip McGrath South Lakes Academy of any changes, to enable personal records to be updated as and when necessary. It is the responsibility of Kip McGrath South Lakes Academy to act upon any changes to date and amending records where appropriate.

5. Retention – Kip McGrath South Lakes Academy will not keep any data for longer than it is necessary. All personal data will be destroyed by Kip McGrath South Lakes Academy 7 years after a child, young person, or vulnerable adult had ceased to attend Kip McGrath South Lakes Academy.

6. Rights – Kip McGrath South Lakes Academy will process all data in accordance with the rights of the individuals concerned under the Act. These are:

• A person has the right to be informed upon request of all the information held about them within a period of 40 days.
• An individual may prevent the passing of their data for the purpose of direct marketing.
• Can request compensation if they can show that they have been caused damage or harm by any contravention of the Act.
• Can request that any data collected about them that is inaccurate be removed and/or corrected.

7. Security – Kip McGrath South Lakes Academy shall take all measures to ensure that data collected and stored is secure, taking measures to prevent unauthorised or unlawful processing of, or accidental loss or destruction of, or damage to personal information. All personal and financial data is stored in a personal folder in a locked cupboard accessible only to, or with the permission of the Data Controllers. Within this locked cupboard is a secure safe for valuables and extra sensitive information held (again this is only accessible to the Data Controllers).

8. International Conditions for Processing – Kip McGrath South Lakes Academy will not transfer data to a country or territory outside of the European Economic Area unless that country or territory ensures adequate level of protection for the rights of the individuals in relation to the processing of person information, without explicit consent of the individual. Particular care will be taken by Kip McGrath South Lakes Academy when publishing any information, in any form – picture or text, on the Internet, this is because information on the Internet can be accessed in areas outside of the European Economic Area.

Kip McGrath South Lakes Academy will, through appropriate management and strict application of criteria and rules will:
• Observe fully conditions regarding the fair collection and use of information
• Meet its legal obligations to specify the purposed for which information is used
• Collect and process appropriate information, and only to the extent that it is needed to fulfil its operational needs or to comply with any legal requirements
• Ensure the quality of information used
• Ensure that the rights of people about whim information is held, can be fully exercised under the Act. These include:

o The right to be informed that processing is being undertaken,
o The right of access to one’s personal information,
o The right to prevent processing in certain circumstances, and
o The right to correct, rectify, block or erase information which is regarded as wrong information.

• Take appropriate technical and organisational security measures to safeguard personal information
• Ensure that personal information is not transferred abroad without suitable safeguards
• Treat people justly and fairly, whatever their age, religion, disability, gender, sexual orientation or ethnicity when dealing with requests for information
• Set out clear procedures for responding to requests for information
In addition, Kip McGrath South Lakes Academy will ensure that:
• Everyone processing personal information understands that they are contractually responsible for following good data protection practice
• Everyone processing personal information is appropriately trained to do so
• Everyone processing personal information is appropriately supervised
• Anybody wanting to make enquiries about handling personal information knows what to do
• It deals promptly and courteously with any enquiries about handling personal information
• It describes clearly how it handles personal information
• It will regularly review and audit the ways it holds, manages and uses personal information
• It will regularly assess and evaluate its methods and performance in relation to handling personal information
• All staff are aware that a breach of the rules and procedures identified in this policy may lead to disciplinary action being taken against them

This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the Data Protection Act 1998

In case of any queries or questions in relation to this policy please contact the Kip McGrath South Lakes Academy Data Controller