Roles Within School
Data Protection Officer (DPO) - Ms. L. Almond
Senior Information Risk Owner (SIRO) - Mr. S. Proctor
Information Champion (IC) - Mrs. J. Pitcher
Information Governance Governor - Mrs. S. Stronach
West Thurrock Academy fully complies with information legislation. For the full details on how we use your personal information, please click on the Privacy Notices below. If you are unable to access the internet or would like to request a paper copy of the privacy notices, please call the school on 01708 866743.
Data Protection Policy Statement
This policy sets out how we will protect personal data, special category data and criminal convictions personal data.
It meets the requirement at paragraph 1 of Schedule 1 to the Data Protection Act 2018 that an appropriate policy document be in place where the processing of special category personal data is necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on the controller or the data subject in connection with employment, social security or social protection.
It also meets the requirement at paragraph 5 of Schedule 1 to the Data Protection Act 2018 that an appropriate policy document be in place where the processing of special category personal data is necessary for reasons of substantial public interest. The specific conditions under which data may be processed for reasons of substantial public interest are set out at paragraphs 6 to 28 of Schedule 1 to the Data Protection Act 2018.
Principle 1 – Personal data shall be processed lawfully, fairly and in a transparent manner in relation to individuals.
We ensure that processing is fair by providing detailed privacy notices to individuals whose personal data is being processed. All individuals are advised of their right to contact the Data Protection Officer with any queries regarding the processing of their personal data. We will only process personal data fairly, and will not mislead individuals about how their data may be used.
Principle 2 - Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
We meet this obligation by explaining through our privacy notices which legal basis we are relying on when processing personal data. We will only use the data for the purposes for which it was collected unless we advise individuals, prior to any additional use, of our intentions and the rights they have in relation to any further use.
Principle 3 – Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
We meet this obligation by only collecting what is required for a particular purpose, and ensuring that we have sufficient relevant information for that purpose.
Principle 4 – Personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
We meet this obligation by ensure that personal data is accurate, and kept up to date where necessary. We will take particular care to do this where our use of the personal data has a significant impact on individuals.
Principle 5 – Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals.
We meet this obligation by ensuring that personal data is managed in line with our retention schedule, and either deleted or completely anonymised when it is no longer necessary for us to use it. The period for which we retain personal data is explained in each privacy notice relevant to that service.
Principle 6 – Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
We meet this obligation by ensuring that our technical and organisational controls. Our organisational controls include:
- Appropriate roles and responsibilities including a Data Protection Officer and Senior Information Risk Owner
- Robust policies and procedures which are regularly reviewed
- Regularly training our staff in their data protection responsibilities
- Ensuring our processing activities are transparent and secure, including
- Records of Processing Activities
- Data Protection Impact Assessments
- Contractual Controls to govern the use of personal data by our suppliers
- Physical security controls including
- Restricted access to physical storage of sensitive personal data
- Visitor management
- Security breach management
Our Technical Controls include:
- Firewalls, anti-malware and patching
- Disaster Recovery and Business Continuity arrangements
- Role based access controls to personal data
- Password management
- Sending email securely
Principle 7 - The controller shall be responsible for, and be able to demonstrate, compliance with the principles.
We meet this obligation by maintaining Records of Processing Activities which are available on demand to the Information Commissioner. We routinely carry out Data Protection Impact Assessments for any processing of special categories of data or where there is a high risk to individuals’ privacy. We have appointed a Data Protection Officer and have defined policy and process to manage the exercising of data subjects’ rights.
For further information about how we process personal data please see our online privacy notices on our website or contact our Data Protection Officer.
If you would like to discuss anything relating to GDPR, please do not hesitate to contact the school.
Paper copies of information on the school's website can be provided free of charge. Please inform Miss Olusesan of any requirements.
Phone: 01708 866743
Forms and Additional Information
What is a Publication Scheme?
The Freedom of Information Act (2000) (FOI) requires all Public Authorities (including schools) to produce a register of the types of information it will routinely make available to the public. This publication scheme follows a template approved by the Information Commissioner.
The scheme commits our school to:
- Proactively/ routinely publish information which is held by us falling within the “Classes” below (see section 2) in line with this scheme.
- Specify the information
- Explain how it will be made available
- Review and update information on a regular basis
- Explain any fees to be charged for the information
- Make this scheme publicly available
- Publish information held by the school that has been requested (unless not appropriate to do so)
- Publish information in a digital form that is capable of being re-used (under FOI Section 19 and the Re-use of Public Sector Information Regulations (2015))
- Make clear if any information is a relevant copyright work (under FOI Section 19(8)) and the school is the only owner
2. Classes of information
There are 7 classes of information we hold (see section 6 for details):
- Who we are and what we do.
- What we spend and how we spend it.
- What our priorities are and how we are doing.
- How we make decisions.
- Our policies and procedures.
- Lists and registers.
- The services we offer.
The classes of information will not generally include:
Information the disclosure of which is prevented by law, or exempt under the Freedom of Information Act, or is otherwise properly considered to be protected from disclosure.
Information in draft form.
Information that is no longer readily available as it is contained in files that have been placed in archive storage, or is difficult to access for similar reasons.
3. Making Information Available:
Information will be provided on a website. Where it is impracticable to make information available on a website or when an individual does not wish to access the information by the website, the school will indicate how information can be obtained by other means and provide it by those means (see Section 6).
In exceptional circumstances some information may be available only by viewing in person. Where this manner is specified, contact details will be provided. An appointment to view the information will be arranged within a reasonable timescale.
Information will be provided in the language in which it is held or in such other language that is legally required. Where an authority is legally required to translate any information, it will do so.
Obligations under disability and discrimination legislation and any other legislation to provide information in other forms and formats will be adhered to when providing information in accordance with this scheme.
Charges may be made for information published under this scheme. The purpose of this scheme is to make the greatest amount of information readily available at minimum inconvenience and cost to the public. Charges made by the school for routinely published material will be justified and transparent and kept to a minimum.
Material which is published and accessed on a website will be provided free of charge.
Charges may be made for information subject to a charging regime specified by law.
Charges may be made to cover our costs such as:
- postage and packaging
- the costs directly incurred as a result of viewing information
Charges may also be made for information provided under this scheme where they are legally authorised, they are in all circumstances (including the general principles of the right of access to information held) justified and are in accordance with a published schedule or schedules of fees which is readily available to you.
Charges may also be made for making datasets (or parts of datasets) that are relevant copyright works available for re-use. These charges will be in accordance with the terms of the Re-use of Public Sector Information Regulations (2015), where they apply, or with regulations made under FOI Section 11B, or with other statutory powers of the school.
If a charge is to be made, confirmation of the payment due will be given before the information is provided. Payment will be requested prior to provision of the information.
5. Written requests
Information held by the school that is not published under this scheme can be requested in writing, when its provision will be considered in accordance with the provisions of the Freedom of Information Act.
6. The Scheme