Published using Google Docs
Parents and Carers - Smoothwall specific
Updated automatically every 5 minutes

Privacy Notice for Parents and Carers - Smoothwall specific BILLESLEY-HEADER-01.jpg

(Use of your child’s personal data )

Under the General Data Protection Regulation (GDPR) individuals have a right to be informed about how we use any personal data that we hold about them. As an academy within The Elliot Foundation Academy Trust we comply with this right by providing a Privacy Notice to individuals where we are processing their personal data.

For the purposes of data protection law The Elliot Foundation Academy Trust is the ‘data controller’. The Data Protection Officer for the trust, who oversees how we collect, use, share and protect your information, is Jem Shuttleworth (jem.shuttleworth@elliotfoundation.co.uk).

For the purposes of data protection law we, Billesley Primary School, are the ‘data processor’.

Our Local Compliance Officer, who works with staff in the school to process and protect your data, is Kevin Smyth.

This Privacy Notice explains how we collect, store and use personal data about pupils and is specific to the use by pupils of their school provided email address and resulting online activity.

The purpose for processing:

To monitor user’s activity in the digital environment, through the email provided by their school, in order to detect and alert markers of risk to safety, welfare and well being.  

The lawful basis for processing:

Schools are legally required to comply with statutory obligations regarding safeguarding and child protection. As such, schools and The Elliot Foundation Academies Trust is able to rely on -

  1. Article 6 (1) (c) of the GDPR - processing is necessary for compliance with a legal obligation to which the controller is subject. Specifically statutory duties as outlined in Keeping Children Safe In Education and the Prevent Duty
  2. Schedule 1, Part 2, Paragraph 18 of the Data Protection Act 2018 - processing special category data for the purpose of safeguarding children and individuals at risk

Personal data is only processed when necessary to provide the agreed service as laid out in the formal Monitoring Services Agreement between Smoothwall and The Elliot Foundation Academies Trust. The agreed service is designed to detect the early warning signs of safeguarding risk as defined by the Department for Education through Keeping Children Safe in Education.

The categories of personal data obtained:

  1. User login ID
  2. Date and time stamp of when an incident occurs
  3. ID of the device that the user was logged into at the point the incident occured
  4. Screenshot of the user’s screen at the moment the incident occurred, this may include details of attempts to access potentially illegal content
  5. Information about a user’s health including mental health such as self harm / suicide risk
  6. Information about a user’s political opinions where there is a suspicion that those opinions may be extreme or concerning

Smoothwall will only capture user activity where a marker of suspected inappropriate activity or behaviour, which may impact the welfare and wellbeing of an individual or is illegal, is detected. Smoothwall does not record all user activity nor capture details of apparently benign activity.

Smoothwall does not record the name of the user. User login IDs are assigned by the school and it is the responsibility of the school to ensure that all documentation that links user login IDs to individuals is held securely and treated confidentially.

Smoothwall monitoring of user activity is mandatory for all those with a school provided email address.

How Smoothwall store this personal data:

  1. All recorded data is held on dedicated servers located in an ISO 27001 accredited data centre
  2. Recorded data is primarily held in the UK, and may be accessed by Smoothwall Inc in the USA. Any transfer of data to the USA is adequately protected by ensuring that there is an appropriate contract in place or that the party to which the data is being sent meets a specified privacy standard
  3. All Smoothwall Behaviour Analysts operate from a UK based, physically secure, ISO 27001 accredited laboratory

The retention periods for this personal data:

  1. Smoothwall will retain screenshots and reports for up to 15 months from the date of an incident
  2. The Elliot Foundation Academies Trust will retain screenshots / reports for 6 months from the date of an incident
  3. The Elliot Foundation Academies Trust will retain reports from subsequent investigation for no longer than is necessary to support any ongoing process including, but not limited to, criminal proceedings
  4. The Elliot Foundation Academies Trust retains data about pupils in line with statutory timeframes and no longer than is necessary

Who we share this data with:

We do not share information about your child with any third party unless the law and our policies allow us to do so.

Where it is legally required or necessary in response to a cause for concern (and it complies with data protection law) we may share this personal information about your child with:

  1. Police forces, courts and tribunals
  2. National Health Service
  3. Local Authority identified departments

Requesting access to your child’s personal information:

Individuals have a right to make a ‘subject access request’ (SAR) to gain access to personal information that the school holds about them.

Parents/carers can make a request with respect to your child’s data where the child is not considered mature enough to understand their rights over their own data (usually under the age of 12).

If you make a SAR, and if we do hold information about your child, we will:

  1. Give you a description of it
  2. Tell you why we are holding and processing it, and how long we will keep it for
  3. Explain where we got it from, if not from you or your child
  4. Tell you who it has been, or will be, shared with
  5. Let you know whether any automated decision-making (by a computer or machine, rather than by a person) is being applied to the data, and any consequences of this
  6. Give you a copy of the information in an intelligible form

To make a request for this personal information please contact the Data Protection Officer for the Trust, Jem Shuttleworth. SARs for this data must be made in writing. If you cannot make a request in writing, please contact Jem for support with making a request.

We will not charge for carrying out a SAR unless the request is ‘excessive’ or a copy of information that has already been given.  SARs may take up to one month to action.

Other rights:

Under GDPR individuals have certain rights regarding how their personal data is used and kept safe, including the right to:

  1. Object to the use of personal data if likely to cause, or is causing, damage or distress
  2. Prevent processing for the purpose of direct marketing
  3. Object to decisions being taken by automated means
  4. In certain circumstances, have inaccurate personal information rectified, blocked, erased or destroyed
  5. Claim compensation for damages caused by a breach of the General Data Protection Regulations

To exercise any of these rights please contact the Data Protection Officer for the trust -

jem.shuttleworth@elliotfoundation.co.uk

Complaints:

As a school, and as part of The Elliot Foundation Academies Trust, we take any complaints about our collection and use of personal information very seriously.

If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with the Local Compliance Officer in the first instance.

To make a formal complaint please contact the Data Protection Officer for the trust.

Contact us:

If you have any questions, concerns or would like more information about anything mentioned in this Privacy Notice, please Kevin Smyth the Local Compliance Officer on k.smyth@billelseyschool.co.uk   or 0121 6752800