Privacy policy
Privacy Notice: Use of Electronic Information
Introduction
This privacy notice explains how we, Northstar New School, collect, store, and use electronic information relating to pupils, parents/carers, staff, and other individuals connected to our school. We are committed to ensuring that your privacy is protected and that personal data is handled responsibly and in compliance with data protection legislation.
Data Controller
Northstar New School is the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Contact details: Northstar New School, c/o Gascoigne Primary Annex, The Shaftesburys, Barking IG117JA
Tel: 02087248862
Email: info@northstarnewschool.org
Data Protection Officer: Mickie Foley
1. What Information Do We Collect Electronically?
We may collect and process the following types of electronic data:
· Personal details (e.g., name, date of birth, contact details)
· Attendance data
· Behavioural and safeguarding records
· Assessment and academic progress data
· Health and medical information (where necessary)
· Images and video recordings (e.g. CCTV, school events)
· Communication records (e.g. emails, messages through school systems)
· Device and usage data (e.g. logins to school systems, browsing activity on school networks)
· Biometric data (if used and with appropriate consent)
2. How Do We Collect Electronic Information?
We collect information in the following ways:
· Through online forms and school systems (e.g. management information systems, learning platforms)
· Emails and electronic communications
· CCTV and other visual/audio recording systems
· Attendance and access systems (e.g. biometric or ID card)
· Online learning and assessment tools
· Device management software used on school-issued devices
3. Why Do We Collect and Use This Information?
We collect and use this information to:
· Support teaching and learning
· Monitor and report on progress
· Provide pastoral care and ensure safeguarding
· Communicate with pupils and parents/carers
· Manage school operations (e.g. timetable, attendance)
· Ensure the safety and security of the school premises
· Comply with legal and regulatory obligations
· Facilitate remote and digital learning
· Support staff development and training
4. Legal Bases for Processing
Under UK GDPR, we rely on the following legal bases:
· Public task: Processing necessary for the school’s official functions
· Legal obligation: Complying with the law
· Consent: Where we ask for permission (e.g. use of photographs, biometric data)
· Vital interests: To protect someone’s life in an emergency
· Legitimate interests: In limited cases, where appropriate
5. How Do We Store and Protect Your Data?
Electronic data is stored securely using encrypted systems, password protection, and access control. We limit access to data to authorised individuals. Cloud-based services used are compliant with UK data protection standards.
Retention periods are defined in our Data Retention Policy. Once data is no longer needed, it is securely deleted or anonymised.
6. Sharing Information
We may share electronic data with:
· Local authorities
· The Department for Education (DfE)
· Exam boards and awarding bodies
· NHS and healthcare providers
· School software providers (data processors)
· Law enforcement agencies (when legally required)
All data sharing is done in compliance with data protection law and, where applicable, under data processing agreements.
7. International Data Transfers
If data is transferred outside the UK (e.g., to a cloud provider with overseas servers), we ensure appropriate safeguards are in place, such as UK-approved Standard Contractual Clauses.
