Occasionally, the School will need to share personal information relating to its community with third parties, such as professional advisers (lawyers and accountants) or relevant authorities (HMRC, police or the local authority).
For the most part, personal data collected by the School will remain within the School, and will be processed by appropriate individuals only in accordance with access protocols (i.e. on a ‘need to know’ basis). Particularly strict rules of access apply in the context of:
- medical records (held and accessed only by the School doctor and appropriate medical staff under his/her supervision, or otherwise in accordance with express consent); and
- pastoral or safeguarding files.
However, a certain amount of any Special Educational Needs (SEN) pupil’s relevant information will need to be provided to staff more widely in the context of providing the necessary care and education that the pupil requires. Staff, pupils and parents are reminded that the School is under duties imposed by law and statutory guidance to record or report incidents and concerns that arise or are reported to it, in some cases regardless of whether they are proven, if they meet a certain threshold of seriousness in their nature or regularity. This may include file notes on personnel or safeguarding files, and in some cases referrals to relevant authorities such as the Local Authority Designated Officer (LADO) or police. For further information about this, please view the School’s Safeguarding Policy.
Finally, in accordance with Data Protection Law, some of the School’s processing activity is carried out on its behalf by third parties, such as IT systems, web developers or cloud storage providers. This is always subject to contractual assurances that personal data will be kept securely and only in accordance with the School’s specific directions.