Privacy Notices

Privacy Notice

We are Ventrus Multi-Academy Trust. We are a Multi-Academy Trust of 21 schools, for mixed pupils aged 2-16 years old. The schools within our Trust are listed here. Our registered address is Woodwater Academy, Woodwater Lane, Exeter, EX2 5AW and our company number is 7821367.

We understand our moral and legal responsibility to respect your privacy and take care of any personal data we hold about you, in compliance with the data protection legislation. This privacy notice explains what personal data we process, why, who we share it with, how we keep it secure and your rights.

We are the data controller for the personal data set out in this privacy notice. Our Data Protection Registration Number is Z2879577.

This privacy notice should be read alongside our Appropriate Policy Document, which provides further information about our processing of special category data and criminal offence data.

How we get information

Most of the personal data we process is provided to us directly by you for one of the following reasons:

  • You are a pupil attending one of our schools
  • You are a parent/carer registering your child at one of our schools
  • You are a visitor or external professional attending one of our schools
  • You are a volunteer, governors or Trustee
  • You have applied for a job or secondment with us
  • You have made an information request, complaint or enquiry to us
  • You are a visitor to our website

The collection of personal data is essential for the Trust’s operational use. Whilst the majority of the information provided to us is mandatory, some of it is requested on a voluntary basis.

To comply with the General Data Protection Regulation (the UK GDPR), we will inform you at the point of data collection, whether you are required to provide certain information to us or if you have a choice in this and we will tell you what you need to do if you do not want to share this information with us.

We may also receive personal information about you indirectly, for example:

  • If you are a pupil, your previous education setting may send us your education file when you join one of our schools.
  • External professionals and agencies working with you may send us your education and health care plans when you join one of our schools so we can support you.
  • A parent/carer may give us your name and contact details in case we cannot contact them directly, or to make us aware that you are authorised to collect their child or young person from school.
  • An employee may give us your name and contact details as their emergency contact or next of kin.
  • Your name and contact details may be given to us by job applicants, volunteers or governors, as a referee to support their application.
  • Public authorities, regulators or law enforcement bodies may give us information to assist them in their enquiries or to help safeguard children or support you.

Personal information we collect and why

We collect personal information about a range of people as part of the day-to-day running of our Trust.


Description Examples
Personal identifiers Name, date of birth, contact details, unique pupil number, candidate or examination numbers.
Characteristics Ethnicity, language, religious beliefs and free school meal eligibility.
Safeguarding information Court orders, professional involvement, observations and outcome.
Travel Trust travel arrangements.
Special educational needs Needs, ranking and support plans
Medical and administration Doctor’s information, child health, dental health, allergies, medication, disability, dietary and other relevant health information (such as COVID19 data).
Education Educational performance, assessments and attainments such as key stage 1 and phonics results, post 16 courses enrolled and relevant results.
Attendance Sessions attended, number of absences, absence reasons and any previous schools attended.
Behavioural information Exclusions and any relevant alternative provision put in place.
Faith and beliefs Religious or other beliefs.
Images CCTV, photographs or video recordings of you or your work (such as official school photographs, classwork activities, performances or events, school trips and sports days), visitor management system and student record system.
Consent Your consent preferences
Biometric data Your fingerprints for our cashless catering or library services
Trips and activities Consent forms, relevant health conditions, medication, dietary requirements, support plans

We need this information for a variety of reasons, for example:

  • to process your admission request to join one of our schools
  • to support pupil and student learning
  • to provide you with catering, library, ICT and learning resources
  • to monitor and report on pupil and student attainment
  • to provide appropriate pastoral care
  • to assess the quality of our services and your eligibility for funding, bursaries and grants
  • to help crime prevention, detection, public safety and to keep children safe
  • to comply with our legal responsibilities for data collection and data sharing with the Department for Education (DfE) and other legal bodies


We process the following information about you:

  • Your name and contact details
  • Relationship to your child/our pupil or student and your parental responsibility status
  • Information about guardianship or family circumstances (eg court orders, parental separation/divorce, professional involvement or other matters which may affect the pupil’s or student’s home or school life)
  • Bank account details
  • Your consent preferences
  • Whether or not you are a serving member of the armed forces
  • Your image captured on our CCTV system or on our electronic visitor management system

We need this information for a variety of reasons, for example to:

  • Register your child or young person at one of our schools
  • Keep you informed of your child or young person’s attainment, achievements and attendance levels
  • Contact you in an emergency
  • Enable you to pay for school trips, resources or catering services
  • Safeguard and promote the welfare of your child or young person or others and where relevant enable us to assist in crime prevention, detection and public safety
  • Keep you informed about school news, events and celebrations


We process the following information about you:

  • Your name and contact details
  • Your relationship to the pupil or student
  • Special notes about collecting the pupil or student (e.g. password, regular days you are authorised to collect the child or young person)
  • Your image captured on our CCTV system or on our electronic visitor management system

We need this information to contact you following an incident or emergency involving one of our pupils or students, where we have been unable to contact their parents or carers or to enable us to release the child or young person into your care.


We process the following information about you:

  • Your name and contact details
  • Relationship to the employee

We need this information to contact you following an incident or emergency involving one of our employees, where they are unable to contact you themselves (e.g. due to illness or injury).


We process the following information about you:

  • Your name and contact details
  • Relationship to the job applicant (eg current or previous employer), volunteer or governor
  • Reference you provide about the applicant

We need this information to contact you to seek a reference about the applicant and to assess their suitability for the role.


We process the following information about you:

  • Your name and contact details
  • Outcome of your Disclosure and Barring Service (DBS) check and certificate number
  • Relevant training or qualifications
  • Dates when you have volunteered
  • Health, disability or dietary requirements you have chosen to share with us
  • Your image captured on our CCTV system or on our electronic visitor management system
  • Photographs of you which may be captured during official school photos; class work; sports or other activities or performances

We need this information to keep in touch with you; to keep a record of any school events, trips and activities you are involved in and to safeguard the health and welfare of our volunteers, employees and pupils/students.

:

We process the following information about you:

  • Your name and contact details
  • Name of the company you work for (where relevant)
  • Your car registration number (if parked on our premises)
  • Disclosure and Barring Service (DBS) Certificate number (where relevant)
  • Your image captured on our CCTV system or on our electronic visitor management system

We need this information keep a register of who is on our premises, for use in case of a fire or other incident; to meet our statutory duties for safeguarding children and young people and to create an identification badge for security purposes.


We process the following information about you:

  • Your name and contact details
  • Details about your complaint, request or enquiry and the outcome

We need this information to address your complaint, request or enquiry and to keep a record of the outcome for our administration purposes, and to use in any further complaints, appeals or tribunals which you are involved in.


We collect the following information about you:

  • Your name and contact details
  • The position you are applying for
  • Characteristics information (such as your gender, age and ethnic group)
  • Your education, experience and qualifications
  • Personal statement to support your application
  • Your health, disability or dietary requirements you have chosen to share with us

We need this information to assess your suitability for the role; contact you if you are successful in your application; keep a record of our decision making and monitor and comply with our responsibilities under the Equality Act 2010.

We process the following information about you:

Description Examples
Personal identifiers Name, contact details, car registration number.
Characteristics Gender, age and ethnic group.
Recruitment Qualifications, training, education, evidence of your right to work, references, Disclosure and Barring Service (DBS) certificate number and result.
Contract information Start date, hours worked, post, roles, salary, bank/ payment details, pension and tax information.
Health information Occupational health, disability, dietary and other relevant health information such as COVID19 data.
Images CCTV, photographs, video recordings, visitor management system.
Biometric data Your fingerprints for our cashless catering or library services

We need this information to:

  • Assess and recruit staff.
  • Maintain staff records.
  • Ensure staff and student security.
  • Provide cashless catering and payment services.
  • Provide library, ICT, learning and information services.
  • Safeguard and monitor the health and welfare of workers.
  • Meet statutory duties placed upon us for safeguarding children.
  • Monitor and comply with our responsibilities under the Equality Act 2010.
  • Complete the Department for Education (DfE) Trust workforce census.
  • Pay our workers and make the appropriate tax deductions and contributions.

We process the following information about you:

Description Examples
Personal identifiers Name, date of birth, employee or teacher number, national insurance number, car registration number
Characteristics Gender, age and ethnic group.
Recruitment Job application, qualifications, training, education, evidence of your right to work, references, Disclosure and Barring Service (DBS) certificate number and result.
Contract information Start date, hours worked, post, roles, salary, bank/ payment details, pension and tax information.
Personnel information Appraisal, performance, disciplinary, complaints.
Health information Occupational health, disability, dietary and other relevant health information such as COVID19 data.
Work absence Number of absences, reason for absence, fitness to work.
Contacts Next of kin and emergency contacts.
Faith, beliefs, trade union Religious or other beliefs and trade union membership.
Images CCTV, photographs, video recordings, visitor management system.
Consent Consent preferences.
Biometric data Your fingerprints for our cashless catering or library services

We need this information to:

  • Perform our duties as an employer.
  • Maintain staff records.
  • Assess the quality of our services.
  • Administer school trips and activities.
  • Complete the DfE Trust workforce census.
  • Assist in crime prevention, detection and public safety.
  • Undertake our responsibilities for safeguarding children.
  • Deal with complaints, grievances and disciplinary action.
  • Communicate with employees regarding work related matters.
  • Safeguard and monitor the health and welfare of our employees.
  • Carry out audits (e.g. to ensure compliance with our legal obligations).
  • Enable monitoring of selected protected characteristics.
  • Provide catering, payment, library, ICT, learning and information services.
  • Develop a comprehensive picture of the workforce and how it is deployed.
  • Comply with the law regarding data collection, sharing and safeguarding.
  • Recruit, retain, train, appraise, manage the welfare of and performance of staff.
  • Enable individuals to be paid, pension contributions made, tax and NI deducted.
  • Provide employee services and benefits (such as childcare vouchers and pensions).
  • Liaise with your trade union representative.
  • Defend the Trust in respect of investigations or court proceedings and respond to any court orders.

We process the following information about you:

Description Examples
Personal identifiers Name, date of birth, contact details, governor ID.
Characteristics Gender, age and ethnic group.
Governance details Role, start and end dates, Disclosure and Barring Service (DBS) certificate number and result, personal statement when applying for the role, training or qualifications, attendance, complaints.
Health information Disability, dietary and other relevant health information such as COVID19 data.
Material interests Relationships between governors or relationships between governors and Trust staff (including spouses, partners and close relatives).
Images CCTV, photographs, video recordings, visitor management system.
Consent Consent preferences.

We need this information to:

  • Determine the suitability of a prospective governors & Trustees and make appointments.
  • Meet statutory duties placed upon us by the Department for Education.
  • Comply with our legal obligations and standards in relation to governance roles.
  • Build a comprehensive picture of our governance and how it is deployed.
  • Inform relevant authorities, organisations and other relevant persons of our appointments.
  • Comply with the law regarding data collection, sharing and safeguarding.
  • Assess the quality of our services.
  • Deal with complaints and grievances.
  • Assist in crime prevention, detection and public safety.
  • Enable individuals to be kept informed of the governance training available to them, book them on the training and keep them informed about other relevant information regarding their appointment duties.

When you visit our website, we collect standard internet log information and details about visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of our website.

We process this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting this website and will not associate any data gathered, with any personally identifying information from any source. 

We share information with a range of organisations, companies and agencies, where it is necessary for us to carry out our legal responsibilities and duties. We only share information about you where it is strictly necessary for us to do so, and the law and our policies allow us to do this. The following are examples of who we share information with:

Department for Education (DfE)

 

We have a legal requirement to share certain information about our pupils, students, employees and governors to the DfE:

 

Pupils and students

We are required to share information about our pupils with the DfE (this is known as the ‘school census’), either directly or via our local authority, so the DfE can carry out their statutory duties regarding data collections. Our duty to share this information comes under regulation 5 of The Education (Information About Individual Pupils) (England) Regulations 2013.

 Find out more

·  For Trust census and our data collection requirements visit the DfE website here

·  Much of the data about pupils in England goes on to be held in the National Pupil Database (NPD). To find out more about the NPD, visit their privacy notice here

·  The law allows the DfE to share pupils’ data with certain third parties. For more information about the DfE’s data sharing process, visit their website here

·  To find out how the DfE collects and shares pupil data visit their website here

 Employees

Governors

We have a legal obligation under section 538 of the Education Act 1996, to share information about governors and governance arrangements with the Secretary of State for Education, so they may publish this on their Get Information About Trusts (GIAS) register.

Local authorityTrust Admission & Safeguarding Teams We have a legal requirement to share certain information about our pupils, students, parents, employees and governors with our local authority:

Pupils and students

We have a legal requirement to share certain information about our pupils, students and parents with our local authority, to ensure that they can carry out their statutory duties under the School Admission Code, including conducting Fair Access Panels.

We may also be required to share child protection or safeguarding information with them, so we can carry out our statutory duties under section 11 of the Children’s Act 2004 (duty to safeguard and promote the welfare of children) and to enable the local authority to carry out their duties under section 47 of the Children’s Act 1989 (duty to investigate and take action to safeguard children).

Employees

We are required to share information about our employees with our local authority under regulation 6 of the Education (Supply of Information about the School Workforce) (England) Regulations 2007 and amendments.

Governors

We are required to share appointment and resignation information about governors with our local authority.

Health Partners

Educational psychologists, Trust nurses and health visitors

 

We sometimes share information about our pupils and students with health professionals, to help them receive the necessary educational and pastoral support they need. This is usually shared with the parent’s consent (and if appropriate the pupil or student’s consent) unless it is necessary for us to carry out our official duties or safeguard the welfare of the child.
Other Schools We are required to share a pupil’s Common Transfer File and educational record with their next school when they leave us. We are also required to share a pupil’s ‘curricular record’ with the pupil’s intended school, upon request. We are required to share this data under The Education (Pupil Information) (England) Regulations 2005.

If a school has a concern about the safety of one of its pupils or students, it has a duty to share relevant information with the next school to safeguard that pupil or others.

Our Trust and its schools comply with the Department for Education: Keeping Children Safe in Education 2023, whenever it shares personal data. Further information about our information sharing practices can be found on our Safeguarding policy here 

Standards and Testing Agency

 

We are required to share information about pupils in year 2 and in year 6 to the Standards and Testing Agency, so they can facilitate and report on our key stage 1 and key stage 2 national curriculum tests (commonly referred to as SATs). More information about SATs is available on the government’s website here
Examination boards and moderators

 

We are required to share information about our pupils with examination boards and moderators, so they can enter those pupils into exams, make accessibility arrangements for them where required, mark their work and issue their grades.
Youth support services and careers advisors

 

When our pupils reach the age of 13, we must share pupil information with our local authority and / or provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds, under section 507B of the Education Act 1996. This enables them to provide youth support services and careers advisors.

A parent or guardian can object to any information in addition to their child’s name, address and date of birth being passed to their local authority or provider of youth support services by informing us. This right is transferred to the pupil once they reach the age 16.

We must also share certain information about pupils aged 16+ with our local authority and / or provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996. This enables them to provide post-16 education and training providers; youth support services and careers advisers.

When a student reaches the age of 16, they can object to only their name, address and date of birth being passed to their local authority or provider of youth support services, by informing us. For more information about services for young people, please visit our local authority website at [insert website address].

Ofsted

 

We may be required to support an Ofsted inspection, where an inspector asks to see a sample of the Trust’s records. These records could identify data subjects. Any identifiable personal information the inspector may see, will not be taken away or used in their reports.
Law enforcement

 

We may be required to share information about any person we hold information about, to the police or other law enforcement agencies, to assist them in an investigation or to prevent or detect a crime or safeguard individuals at risk.
Research programmes

 

We may be invited from time to time to take part in important local or national research programmes or initiatives, which are endorsed by the Department for Education. We will let you know if we need to share identifiable pupil data as part of these projects and you will be given the opportunity to opt out from your data or your child’s data being used in this way.
Service providers

 

We use companies that provide us with a service to help us run effectively. The services we often receive from a multitude of companies include IT support, online document storage and collaboration platforms, payroll provision, professional advisors (eg human resources, legal advisors, insurers and auditors), online learning platforms, training providers, parent communication providers, catering, transport and school transition. These are known as our ‘data processors’.

To receive these services, we sometimes need to share personal information or use their products to store Trust and school data. We have contracts in place with these data processors to ensure that any personal data shared is protected and handled in line with the UK GDPR.

We also work alongside other organisations or individuals that provide services directly to our parents or pupils, such as school photographers, independent music teachers, organisers of extra-curricular clubs or activities or companies that run school trips or provide accommodation or transport. If we need to share personal data with these individuals or companies, we will usually seek your consent beforehand.

The companies and individuals we work with may change on a regular basis. If you would like information about any specific companies or individuals we work alongside or receive services from, please contact us at info@ventrust.org.uk 

The main legal bases we rely on when we process personal information are as follows:

It is necessary for us to perform a task which is in the public interest or to exercise our official duties as a Trust
This broad legal basis is applicable to most of the processing we do involving personal data, particularly involving pupil and student data.
It is necessary for compliance with a legal obligation
This is applicable where a specific law requires us to collect or share personal data (this usually involves pupil, employee or governor data). This will include sharing data with the Department for Education (DfE), Her Majesty’s Revenue and Customs (HMRC) or HM Courts and Tribunal Service (e.g. following a court order).
It is necessary for the performance of a contract
This is applicable when we enter into a contract with our employees, parents (for paid services) or with our service providers.
The data subject has given their consent
Consent is not required for most of the processing we do, however, there are occasions when we do ask for consent. For example,

·     To collect and use biometric information (eg fingerprints and facial images) to be used for identification purposes.

·     To send direct marketing or fundraising information by email or text, where you would not have a reasonable expectation that your data would be used in this way or have previously objected to this.

·     To take and use photographs, digital or video images and displaying, publishing or sharing these in a public arena (such as on social media, on the Trust or school’s website; in the Press; in the prospectus; newsletter etc), where you would not have a reasonable expectation that your images would be used in this way, or your rights override the legitimate interests of the Trust.

·     To share personal data with third parties (e.g. professionals, agencies or organisations) where you have a genuine choice as to whether your data will be shared, for example when offering services which you do not have to accept or agree to receive. 

Where we are processing your data with your consent, you have the right to withdraw that consent. To do this, please contact the Trust at [insert email address]. We will let you know if there are any non-obvious consequences of you withdrawing consent.

The processing is necessary to protect the vital interests of the data subject or someone else
This is applicable where a person’s life could be at risk and we need to share or make available information to help them. This could involve sharing serious allergy information with staff, paramedics or other medical professionals, or other information requested by the police or social services to assist them in their enquiries to protect that person.
The processing is necessary for our legitimate interests as a Trust or the legitimate interests of a third party
This is applicable where the processing is not required by law but is of clear benefit to the Trust or the data subject; there is limited privacy impact on individuals and the individual reasonably expects us to use their data in this way. This legal basis is not relied upon where the Trust is processing the data to perform its official tasks.

When we process ‘special category’ data, we must have another legal basis. Special category data is personal data which reveals:

a person’s racial or ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, genetic data, biometric data (such as fingerprints), health, sex life or sexual orientation.

The main legal bases we rely on when we process this type of data are as follows:

The data subject has given explicit consent
This is applicable where we ask for biometric data such as fingerprints or use facial recognition technology to identify students or employees.
The processing is necessary for performing any right or obligation which is imposed on the Trust in relation to employment, social security and social protection law (e.g. safeguarding individuals at risk; protection against unlawful acts; prevention against fraud)
This is applicable where we are performing our duties under employment related laws e.g. health and safety, equality or tax or where we have taken action to safeguard individuals at risk.
It is necessary to protect the vital interests of any person where the data subject is physically or legally incapable of giving consent
This could be relied upon in situations where someone has become seriously ill on our premises and we are asked by medical practitioners (such as paramedics), to share information we know about that person’s health or allergies.
The processing is necessary for the establishment, exercise or defence of legal claims
We may share or use special category data where legal action is being considered or underway.
The processing is necessary in the substantial public interest
This may be relied upon in circumstances where our processing is necessary to safeguard children or others at risk or where we respond to requests from the Police or law enforcement bodies, to assist in an investigation to prevent or detect an unlawful act.
The processing is necessary for the assessment of the working capacity of the employee
This will be applicable where an employee has been absent from work due to illness or injury, and we need to assess whether they are fit to return to work.

This list is not exhaustive.

We take our security responsibilities seriously to protect your personal data from accidental or unlawful access, disclosure, loss, damage or destruction. For example:

 

  • Access to our data is on a strict need to know basis
  • Our electronic records are held on encrypted servers
  • We have strict visitor management security procedures in place
  • Our sensitive paper files are locked away with restricted access to the keys
  • Our employees, volunteers and governors are subject to Disclosure and Barring Service (DBS) checks and employee contracts contain confidentiality clauses
  • We have policies, procedures and training around data protection, security, record disposal and confidentiality. Our Data Protection Policy is available here
  • We use encrypted email or secure file sharing platforms to share personal data with external organisations
  • We carry out due diligence checks on our service providers and Data Protection Impact Assessments, where required.
  • We use up to date virus and malware protection software; security patches are applied promptly, and we back up our data regularly.

The personal information we collect and store is essential for our Trust’s operational use. We only keep personal information for as long as we need to, and where it is necessary to comply with any legal, contractual, accounting or reporting obligations. After this period, we delete or securely destroy personally identifiable data.

For more information about how long we keep personal data for see our Record Retention Schedule.  

Overseas transfers

We mainly store our data in the UK or the European Economic Area (EEA), however some of our service providers may store personal data outside these areas (usually in the USA). Where this is the case, we have UK International Data Transfer Agreements with these service providers which ensures they process our data securely and in line with our data protection laws.

You have the following rights under the data protection laws:

The right to:

  • Be told how your personal data is being processed.
  • Request access to your personal data.
  • Rectify personal data held about you which is inaccurate or incomplete.
  • Have your data erased in certain circumstances.
  • Restrict the processing of your information in certain circumstances.
  • Object to your information being used for public interest or direct marketing purposes.
  • Ask that your personal data is transferred from one organisation to another or given to you, in certain circumstances.
  • Object to your personal data being used for public interest or direct marketing purposes.
  • Prevent important decisions being made about you by solely automated means (including profiling).
  • Complain to the Trust about the handling of your personal data. If you remain dissatisfied with Trust’s response, you have the right to escalate this to the Information Commissioner’s Office.

To exercise these rights, please contact us by emailing info@ventrus.org.uk. You are not usually required to pay a fee and can expect to receive a response within one calendar month. Further information about your data protection rights can be found on the Information Commissioner’s Office website at www.ico.org.uk

Feedback and complaints

We work to high standards when it comes to processing your personal information. We hope you will always be happy with the way we handle your information, however if we have not met your expectations, please let us know so we can put things right.

To do this, please email the Trust at info@ventrus.org.uk. If you would like to make a formal complaint, our complaints procedure is available here.

The Trust’s Data Protection Officer is Firebird Data Protection Consultancy Limited, an external company who performs the role under a service contract. Our Data Protection Officer can be contacted through the Trust at dpo@ventrus.org.uk or directly at DPO@firebirdltd.co.uk

Changes to this privacy notice

We may need to update this privacy notice periodically, so we recommend that you revisit this information from time to time. This version was last updated on 17th June 2024.

Our contact details are as follows:

Ventrus Multi Academy Trust
Woodwater Academy
Woodwater Lane
Exeter
EX2 5AW

Email:                  Info@ventrus.org.uk