Our Privacy Notice for the handling of personal data is found following the link below:
Warmsworth Primary School Privacy Notice
Workforce Privacy Notice
This privacy notice has been written to inform prospective, current, and former employees, including supply and agency staff, of Warmsworth Primary School about how and why we process your personal data, including during the recruitment process.
Employees of voluntary controlled and community schools are employees of the local authority and therefore both the school and Doncaster Council are considered to be joint data controllers in relation to employee data.
This notice should be read alongside the relevant privacy notices available on the local authority website.
Who are we?
Warmsworth Primary School is a data controller as defined by the UK GDPR. This means that we determine the purposes for which your personal data is processed and the manner of the processing. We will only collect and use your personal data in ways that are compliant with data protection legislation.
The school has appointed Veritau Ltd as its Data Protection Officer (DPO). The role of the DPO is to monitor our compliance with the UK GDPR and the Data Protection Act 2018 and advise on data protection issues. If you would like to discuss this privacy notice or our use of your data, please contact Veritau or Mrs Jane Hilling (School Business Manager.
Veritau’s contact details are:
Schools Data Protection Officer
schoolsDPO@veritau.co.uk // 01904 554025
Please ensure you include the name of your school in all correspondence
What personal information do we collect?
The personal data we collect about you includes:
- Personal identifiers, including your name, contact details, date of birth, employee or teacher number and national insurance number.
- Contract information, such as start dates, hours worked, post, roles and salary information.
- Qualifications, including subjects taught.
- Information about your workplace attendance and reasons for any absences.
- Information about professional development and performance, including reviews and any disciplinary information.
- Photographs or video images of you.
- Medical information which is relevant to your employment, including any disability you disclose.
- Records of communications and interactions we have with you, including telephone call recordings.
- Equality monitoring information, such as your ethnicity, and gender.
- Medical information relevant to pandemic management, such as your vaccination status and positive test results.
- E-monitoring information in relation to your use of the school’s network and IT systems.
Please note that only limited details are held by the school in relation to supply and agency staff. In this case, the agency or similar company will be the data controller for the majority of your personal data. We therefore recommend reviewing their privacy information in addition to ours.
Why do we collect your personal information?
We process your information for the purposes outlined below:
- To facilitate oversight of the workforce and how it is deployed.
- To meet our safeguarding obligation to pupils and the school workforce.
- To monitor and manage staff absence.
- To meet our health and safety obligations.
- To monitor and manage professional development, training and performance.
- To make any reasonable adjustments you may need in relation to a health condition or disability.
- To promote the school, including in newsletters, on the school website and social media platforms.
- To monitor and inform our policies on equality and diversity.
- During a pandemic, to prevent the spread of infection and maintain adequate and safe staffing levels.
What is our lawful basis for processing your information?
Under the UK GDPR, it is essential to have a lawful basis when processing personal information. For workforce data processing, we normally rely on the following lawful bases:
- Article 6(1)(b) - contractual obligation
- Article 6(1)(c) - legal obligation
- Article 6(1)(e) - public task
There may be occasions where our processing is not covered by one of the legal bases above. In that case, we may rely on Article 6(1)(f) - legitimate interests. We only rely on legitimate interests when we are using your data in ways you would reasonably expect.
For the processing of personal data relating to criminal convictions and offences, processing meets Schedule 1, Part 2 of the Data Protection Act 2018 as below:
- (10) Preventing or detecting unlawful acts
Some of the information we collect about you is classed as special category data under the UK GDPR. The additional conditions that allow for processing this data are:
- Article 9(2)(b) - employment and social security and social protection law
- Article 9(2)(g) - reasons of substantial public interest
The applicable substantial public interest conditions in Schedule 1 of the Data Protection Act 2018 are:
- Condition 6 - statutory and government purposes
- Condition 8 – equality of opportunity or treatment
- Condition 10 - preventing or detecting unlawful acts
- Condition 18 - safeguarding of children and vulnerable people
Who do we obtain your information from?
We normally receive this information directly from you, for example via documents and other records and information supplied by you in the course of your job application or employment period. However, we may also receive some information from the following third parties:
- Local Authority.
- Relevant recruitment or supply agencies.
Who do we share your personal data with?
We may share your information with the following organisations:
- Local Authority.
- Department for Education (DfE).
- Our suppliers and advisors, including insurers, lawyers, consultants, and accountant or payroll provider.
- Our IT application providers.
- Prospective future employers, landlords, letting agents, or mortgage brokers where you have asked them to contact us for a reference.
- Relevant recruitment or supply agencies.
We may also share information with other third parties where there is a lawful basis to do so. For example, we sometimes share information with the police for the purposes of crime detection or prevention.
How long do we keep your personal data for?
We will retain your information in accordance with our Records Management Policy and Retention Schedule. The retention period for most of the information we process about you is determined by statutory obligations. Any personal information which we are not required by law to retain will only be kept for as long as is reasonably necessary to fulfil its purpose.
We may also retain some information for historical and archiving purposes in accordance with our Records Management policy.
International transfers of data
Although we are based in the UK, some of the digital information we hold may be stored on computer servers located outside the UK. Some of the IT applications we use may also transfer data outside the UK.
Normally your information will not be transferred outside the European Economic Area, which is deemed to have adequate data protection standards by the UK government. In the event that your information is transferred outside the EEA, we will take reasonable steps to ensure your data is protected and appropriate safeguards are in place.
What rights do you have over your data?
Under the UK GDPR, individuals have the following rights in relation to the processing of their personal data:
- to be informed about how we process your personal data. This notice fulfils this obligation.
- to request a copy of the personal data we hold about you.
- to request that your personal data is amended if inaccurate or incomplete.
- to request that your personal data is erased where there is no compelling reason for its continued processing.
- to request that the processing of your personal data is restricted.
- to object to your personal data being processed.
If you have any concerns about the way we have handled your personal data or would like any further information, then please contact our DPO using the details provided above.
If we cannot resolve your concerns then you may also complain to the Information Commissioner’s Office, which is the UK’s data protection regulator. Their contact details are below:
First Contact Team
Information Commissioner’s Office
Telephone: 03031 231113
Changes to this notice
We reserve the right to change this privacy notice at any time. We will normally notify you of changes that affect you. However, please check regularly to ensure you have the latest version.
This privacy notice was last reviewed: 15.03.23