The school workforce: those employed to teach, or otherwise engaged to work at, a school or a local authority
This privacy notice explains how we collect, store and use personal data about staff members.
We, The Reach School, 9 Kings Heath High Street, Kings Heath, B14 7BB, are the ‘data controller’ for the purposes of data protection law.
Our data protection officer is Nik Narewal.
The personal data we collect and hold
We hold personal data about staff to support their employment and professional development, and to assess how the school is performing. We may also receive data about staff from previous employers, HR and occupational health workers.
Personal data that we may collect, use, store and share (when appropriate) about staff includes, but is not restricted to:
- Contact details, contact preferences, date of birth, identification documents.
- Personal information (such as name, employee or teacher number, national insurance number).
- Special categories of data including characteristics information such as gender, age, ethnic group.
- Contract information (such as start dates, hours worked, post, roles and salary information) .
- Professional development records.
- Work absence information (such as number of absences and reasons).
- Qualifications (and, where relevant, subjects taught).
- Bank details.
- Maternity/paternity pay information.
- Health information.
- Performance management documentation.
- Characteristics, such as ethnic background, disability etc.
- Sickness absence records.
- Details of any professional support received.
Why collect and use this data
We use this data to:
- Enable the development of a comprehensive picture of the workforce and how it is deployed.
- Inform the development of recruitment and retention policies.
- Enable individuals to be paid.
- Support individuals in their professional roles.
- Monitor and report on school improvement and self-evaluation.
- Provide appropriate pastoral care.
- Protect pupil welfare.
Our legal basis for using this data
We collect and use personal data on the basis of performing a public task under Article 6 (processing is necessary for compliance with a legal obligation to which the controller is subject) and under Article 9 of the GDPR.
On some occasions we may ask for consent to process data when its use is optional. On those occasions consent can be withdrawn at any time. We will make this clear when we ask for consent, and explain how consent can be withdrawn.
Collecting this information
Whilst the majority of information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with data protection legislation, we will inform you whether you are required to provide certain school workforce information to us or if you have a choice in this.
Storing this information
We keep personal information about staff while they are working at our school. We may also keep it beyond their time at our school when this is necessary in order to comply with our legal obligations.
We will only retain the data we collect for as long as is necessary. This would be to satisfy the purpose for which it has been collected in accordance with our data retention policy.
The security of data and information is important to us. This is why we follow a range of security policies and procedures to control and safeguard access to and use of your personal information.
Examples of our security include:
- Physical barriers preventing unauthorised access to paper recods.
- Encryption, meaning that information is hidden so that it cannot be read without access knowledge (such as a password). This is done with a secret code or what’s called a ‘cypher’. The hidden information is said to then be ‘encrypted’.
- Controlling access to systems and networks allowing us to stop people who are not allowed to view your personal information from getting access to it.
- Training for our staff allowing us to make them aware of how to handle information and how and when to report when something goes wrong.
- Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).
How long we keep your data for
This ranges from months for some records to decades for more sensitive records.
- applications for recruitment will be kept for 1 year,
- your personnel record may be maintained for 25 years after you leave employment
We may share your personal information where we have a statutory obligation to do so, such as for the purposes of the prevention or detection of crime, for legal proceedings, or where you have requested us to share information, such as childcare vouchers, pensions, mortgage applications etc.
Some examples of who we share information with include:-
- HMRC (Her Majesty’s Revenue & Customs).
- DBS (Disclosure & Barring Service).
- Payroll Services.
- The Department for Education (DfE).
- Pensions schemes.
The DfE collects and processes personal data relating to those employed by schools (including Multi Academy Trusts) and local authorities that work in state funded schools (including all maintained schools, all academies and free schools and all special schools including Pupil Referral Units and Alternative Provision). All state funded schools are required to make a census submission because it is a statutory return under sections 113 and 114 of the Education Act 2005
If you would like confirmation of who we do share information with please contact the DPO.
We do not process your personal information outside the EEC.
At no time will your information be passed to organisations external to us, or our partners for marketing or sales purposes, or for any other commercial use without your prior express consent.
Requesting access to your personal data
Under data protection legislation, you have the right to request access to the information about you that we hold. To make a request for your personal information, contact
Your information rights
Your Information Rights are set out in the law. Subject to some legal exceptions, you have the right to:
- Object to processing of personal data that is likely to cause, or is causing, damage or distress.
- Prevent processing for the purpose of direct marketing.
- Object to decisions being taken by automated means.
- In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed andclaim compensation for damages caused by a breach of the Data Protection regulations.
To learn more about these rights please see the ICO website.
We take any complaints about our collection and use of personal information very seriously.
If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance.
The Data Protection Officer is
9 High Street