GDPR

Main Privacy Notice

We are the South Hams Federation. The schools that form part of our Federation are Kingsbridge Community Primary, Loddiswell Primary, Modbury Primary, Malborough with South Huish Primary and Stokenham Area Primary Schools. We are the data controller for the personal data we process under this privacy notice. Our Data Protection Registration Number is Z3426260.

Your privacy is important to us. This privacy notice explains the personal data we process, how we process it and for what purpose.

How we get information
Most of the personal data we process is provided to us directly by you for one of the following reasons:

You are a pupil
You are a parent/carer registering your child at one of our schools
You are a visitor attending one of our schools
You are a volunteer or hold a governance role
You have applied for a job or secondment with us
You have made an information request, complaint or enquiry to us
You are a visitor to our website

The collection of personal data is essential for the Federation’s operational use. Whilst the majority of the information provided to us is mandatory, some of it is requested on a voluntary basis.

To comply with the General Data Protection Regulation (the UK GDPR), we will inform you at the point of data collection, whether you are required to provide certain information to us or if you have a choice in this and we will tell you what you need to do if you do not want to share this with us.

We may also receive personal information about you indirectly, for example:

If you are a pupil, your previous school will send us your education file when you join one of our schools.
A parent/carer may give us your name and contact details in case we cannot contact them directly, or to make us aware that you are authorised to collect their child from school.
An employee may give us your name and contact details as their ‘emergency contact’ or next of kin.
Your name and contact details may be given to us by job applicants, volunteers or governors, as a referee to support their application.
Public authorities, regulators or law enforcement bodies may give us information to assist them in their enquiries or to help safeguard children.

Personal information we collect and why
We collect personal information about a range of people as part of the day-to-day running of our Federation.

Pupils

Description	Examples
Personal identifiers	Name, date of birth, contact details, unique pupil number, candidate or examination numbers
Characteristics	Ethnicity, language, religious beliefs and free school meal eligibility.
Safeguarding information	Court orders, professional involvement, observations and outcome.
Travel	School travel arrangements.
Health information	Medical such as doctor’s information, child health, dental health, allergies, medication, disability, dietary and other relevant health information (such as COVID19) and special educational needs.
Education	Educational performance, attainments, achievements, exam grades.
Attendance	Sessions attended, number of absences, absence reasons and any previous schools attended.
Behavioural information	Exclusions and any relevant alternative provision put in place.
Faith and beliefs	Religious or other beliefs.
Images	CCTV, photographs or video recordings of you or your work (such as official school photographs, classwork activities, performances or events, school trips and sports days), visitor management system.
Consent	Your consent preferences
Biometric data	Your fingerprints for our cashless catering or library services

We need this information for a variety of reasons, for example to process your admission request to join one of our schools and to help us build a picture of your educational, social and health needs, so we can support you and comply with our legal responsibilities for data collection and sharing with the Department for Education (DfE).

For more details see our Pupil Privacy Notice available via our websites:
GDPR | Kingsbridge Community Primary School

GDPR – Loddiswell Primary School (incl. Preschool)

GDPR – Malborough with South Huish Church of England Primary School

GDPR – Modbury Primary School

GDPR – Stokenham Primary School

Parents and carers
We collect the following information about you:

Your name and contact details
Relationship to your child/our pupil and your parental responsibility status
Information about guardianship or family circumstances (eg court orders, parental separation/divorce, professional involvement or other matters which may affect the pupil’s home or school life)
Bank account details
Your consent preferences
Whether or not you are a serving member of the armed forces
Your image captured on our CCTV system or on our electronic visitor management system

We need this information for a variety of reasons, for example to:

Register your child at one of our schools
Keep you informed of your child’s attainment, achievements and attendance levels
Contact you in an emergency
Enable you to pay for school trips, resources or catering services online
Safeguard and promote the welfare of your child or others and where relevant enable us to assist in crime prevention, detection and public safety
Keep you informed about school news, events and celebrations

Emergency contacts for pupils
We collect the following information about you:

Your name and contact details
Your relationship to the pupil
Special notes about collecting the pupil (e.g. password, regular days you are authorised to collect the child)
Your image captured on our CCTV system or on our electronic visitor management system

We need this information to contact you following an incident or emergency involving one of our pupils, where we have been unable to contact their parents or to enable us to release the child into your care.

Emergency contacts for employees
We collect the following information about you:

Your name and contact details
Relationship to the employee

We need this information to contact you following an incident or emergency involving one of our employees, where they are unable to contact you themselves (e.g. due to illness or injury).

Referees for job applicants, volunteers or governors
We collect the following information about you:

Your name and contact details
Relationship to the job applicant (eg current or previous employer), volunteer or governor
Reference you provide about the applicant

We need this information to contact you to seek a reference about the applicant and to assess their suitability for the role.

Volunteers
We collect the following information about you:

Your name and contact details
Outcome of your Disclosure and Barring Service (DBS) check and certificate number
Relevant training or qualifications
Dates when you have volunteered
Health, disability or dietary requirements you have chosen to share with us
Your image captured on our CCTV system or on our electronic visitor management system
Photographs of you which may be captured during official school photos; class work; sports or other activities or performances

We need this information to keep in touch with you; to keep a record of any school events, trips and activities you are involved in and to safeguard the health and welfare of our volunteers, employees and pupils.

Visitors to our schools
We collect the following information about you:

Your name and contact details
Company you work for (where relevant)
Your car registration number (if parked on our premises)
Disclosure and Barring Service (DBS) Certificate number (where relevant)
Your image captured on our CCTV system or on our electronic visitor management system

We need this information keep a register of who is on our premises, for use in case of a fire or other incident; to meet our statutory duties for safeguarding children and to create an identification badge for security purposes.

People who make a complaint, information request or enquiry
We collect the following information about you:

Your name and contact details
Details about your complaint, request or enquiry and the outcome

We need this information to address your complaint, request or enquiry and to keep a record of the outcome for our administration purposes, and to use in any further complaints, appeals or tribunals which you are involved in.

Job applicants
We collect the following information about you:

Your name and contact details
The position you are applying for
Characteristics information (such as your gender, age and ethnic group)
Your education, experience and qualifications
Personal statement to support your application
Your health, disability or dietary requirements you have chosen to share with us

We need this information to assess your suitability for the role; contact you if you are successful in your application; keep a record of our decision making and monitor and comply with our responsibilities under the Equality Act 2010.

Temporary workers and agency staff
We collect the following information about you:

Description	Examples
Personal identifiers	Name, contact details, car registration number.
Characteristics	Gender, age and ethnic group.
Recruitment	Qualifications, training, education, evidence of your right to work, references, Disclosure and Barring Service (DBS) certificate number and result.
Contract information	Start date, hours worked, post, roles, salary, bank/ payment details, pension and tax information.
Health information	Occupational health, disability, dietary and other relevant health information such as COVID19 questionnaires.
Images	CCTV, photographs, video recordings, visitor management system.
Biometric data	Your fingerprints for our cashless catering or library services

We need this information to:

Assess and recruit staff
Maintain staff records
Ensure staff and student security
Provide cashless catering and payment services
Provide library, ICT, learning and information services
Safeguard and monitor the health and welfare of workers
Meet statutory duties placed upon us for safeguarding children
Monitor and comply with our responsibilities under the Equality Act 2010
Complete the Department for Education (DfE) school workforce census
Pay our workers and make the appropriate tax deductions and contributions

Employees
We collect the following information about you:

Description	Examples
Personal Identifiers	Name, date of birth, employee or teacher number, national insurance number, car registration number
Characteristics	Gender, age and ethnic group.
Recruitment	Job application, qualifications, training, education, evidence of your right to work, references, Disclosure and Barring Service (DBS) certificate number and result.
Contract Information	Start date, hours worked, post, roles, salary, bank/ payment details, pension and tax information.
Personnel Information	Appraisal, performance, disciplinary, complaints.
Health Information	Occupational health, disability, dietary and other relevant health information such as COVID19 questionnaires.
Work absence	Number of absences, reason for absence, fitness to work.
Contacts	Next of kin and emergency contacts.
Faith and beliefs	Religious or other beliefs.
Images	CCTV, photographs, video recordings, visitor management system.
Consent	Consent preferences.
Biometric data	Your fingerprints for our cashless catering or library services

We need this information for a variety of reasons such as recruitment; to enable individuals to be paid; monitor and comply with our responsibilities under the Equality Act 2010; complete the Department for Education (DfE) school workforce census; and undertake our responsibilities for safeguarding children.

For more details see our Employee Privacy Notice available via our websites:
GDPR | Kingsbridge Community Primary School
GDPR – Loddiswell Primary School (incl. Preschool)
GDPR – Malborough with South Huish Church of England Primary School
GDPR – Modbury Primary School
GDPR – Stokenham Primary School

Governance roles
We collect the following information about you:

Description	Examples
Personal identifiers	Name, date of birth, contact details, governor ID.
Characteristics	Gender, age and ethnic group.
Governance details	Role, start and end dates, Disclosure and Barring Service (DBS) certificate number and result, personal statement when applying for the role, training or qualifications, attendance, complaints.
Health information	Disability, dietary and other relevant health information such as COVID19.
Material interests	Relationships between governors or relationships between governors and school staff (including spouses, partners and close relatives).
Images	CCTV, photographs, video recordings, visitor management system.
Consent	Consent preferences.

We need this information to comply with our legal obligations and governance standards and build a comprehensive picture of our school governance and how it is deployed.

For more details see our Governance Roles Privacy Notice available via our website:
GDPR | Kingsbridge Community Primary School
GDPR – Loddiswell Primary School (incl. Preschool)
GDPR – Malborough with South Huish Church of England Primary School
GDPR – Modbury Primary School
GDPR – Stokenham Primary School

Visitors to our website
When you visit our website, we collect standard internet log information and details about visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of our website.

We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting this website and will not associate any data gathered, with any personally identifying information from any source.

For details about the Cookies we use, see our Cookie Policy | South Hams Federation

Who we share information with
We share information with a range of organisations, companies and agencies, where it is necessary for us to carry out our legal responsibilities and duties as a Federation of schools. We only share information about you where it is strictly necessary for us to do so, and the law and our policies allow us to do this.

The following are examples of who we share information with:

Department for Education	We have a legal requirement to share certain information about our pupils, employees and governors to the DfE (see individual privacy notices).
Local authority School Admission & Safeguarding Teams	We have a legal requirement to share certain information about our pupils, parents, employees and governors with our local authority (see individual privacy notices).
Health Partners Educational psychologists, school nurses and health visitors	We sometimes share information about our pupils with health professionals, to help the pupil receive the necessary educational and pastoral support they need. This is usually shared with the parent’s consent (and if appropriate pupil’s consent) unless it is necessary for us to carry out our official duties or safeguard the welfare of the child (see Pupil Privacy Notice available via our websites).
Other schools	We are required to transfer our pupils’ educational file to their next school when they leave us (see Pupil Privacy Notice available via our websites).
Standards and Testing Agency	We are required to share information about pupils in year 2 and in year 6 to the Standards and Testing Agency, so they can facilitate and report on our key stage 1 and key stage 2 national curriculum tests (commonly referred to as SATs) (see Pupil Privacy Notice available via our websites).
Examination boards and moderators	We are required to share information about our pupils with examination boards and moderators, so they can enter those pupils into exams, mark their work and issue their grades (see Pupil Privacy Notice available via our websites).
Youth support services and careers advisors	We are required to share certain information about our pupils aged 13-19 with our local authority and / or a provider of youth support services, so they can provide further education, advice and training to the pupil (see Pupil Privacy Notice available via our websites).
Ofsted	We may be required to support an Ofsted inspection, where an inspector asks to see a sample of the school’s records. These records could identify data subjects. Any identifiable personal information the inspector may see, will not be taken away or used in their reports.
Law enforcement	We may be required to share information about any person we hold information about, to the police or other law enforcement agencies, to assist them in an investigation or to prevent or detect a crime or safeguard individuals at risk.
Research projects	We may be invited from time to time to take part in important local or national research projects or initiatives, which are endorsed by the Department for Education. We will let you know if we need to share identifiable pupil data as part of these projects and you will be given the opportunity to opt out from your data or your child’s data being used in this way.
Federation	We may sometimes be required to share information about data subjects within our Federation, so we can monitor and assess the quality and consistency of our services; share resources or to provide particular support to individuals. We will only share identifiable information, where this is strictly necessary to enable us to carry out our official duties.
Service providers	We use companies that provide us with a service to help us run effectively as a Federation of schools. The services we often receive are IT support, professional advice (eg Human Resources), legal advice, online learning or teaching resources, communication services with parents, students, employees or governors, catering and transport. To receive these services, we sometimes need to share personal information or use their products to store school data. We also work alongside other organisations or individuals that provide services directly to our parents or pupils, such as the school photographer, organisers of extra-curricular clubs or activities or companies that run school trips or provide accommodation or transport. The companies/individuals we use may change on a regular basis. If you would like information about any specific companies or individuals we work alongside or receive services from, please contact us at gdpr@southhamsfederation.org.uk

Our legal basis for collecting, using and sharing information

The main legal bases we rely on when we process personal information are as follows:

It is necessary for us to perform a task which is in the public interest or to exercise our official duties

This broad legal basis is applicable to almost all the processing we do involving personal data.

It is necessary for compliance with a legal obligation

This is applicable where a specific law requires us to collect or share personal data (this usually involves pupil, employee or governor data). This will include sharing data with the Department for Education (DfE), Her Majesty’s Revenue and Customs (HMRC) or HM Courts and Tribunal Service (e.g. following a court order).

It is necessary for the performance of a contract

This will mainly be applicable when we enter into a contract with our employees, parents (for paid services) or with our service providers.

The data subject has given their consent

Consent is not required for most of the processing we do, however, there are occasions when we ask for consent. For example, if we want to publish photographs or videos of pupils; collect pupil or employee fingerprints to provide them with access to our cashless catering or library systems; share data with other organisations or individuals where we are not legally required to share that data; send parents/carers electronic direct marketing or fundraising communications.

Where we are processing your data with your consent, you have the right to withdraw that consent. If you change your mind, or if you are unhappy with our use of your personal data, please let us know by contacting the relevant school office.

The processing is necessary to protect the vital interests of the data subject or someone else

This is applicable where a person’s life could be at risk and we need to share or make available information to help them. This could involve sharing serious allergy information with staff, paramedics or other medical professionals, or other information requested by the police or social services to assist them in their enquiries to protect that person.

The processing is necessary for our legitimate interests or the legitimate interests of a third party

This is applicable where the processing is not required by law but is of clear benefit to the school/Federation or the data subject; there is limited privacy impact on individuals and the individual reasonably expects us to use their data in this way. This legal basis is not relied upon where the school is processing the data to perform its official tasks.

When we process ‘special category’ data, we must have another legal basis. Special category data is personal data which reveals a person’s racial or ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, genetic data, biometric data (such as fingerprints), health, sex life or sexual orientation.

The main legal bases we rely on when we process this type of data is as follows:

The data subject has given explicit consent

This is usually applicable where we ask for health, dietary information or biometric data such as fingerprints.

The processing is necessary for performing any right or obligation which is imposed on the school/Federation in relation to employment, social security and social protection law (e.g. safeguarding individuals at risk; protection against unlawful acts; prevention against fraud)

This is usually applicable where we are performing our duties under employment related laws e.g. health and safety, equality or tax or where we have taken action to safeguard individuals at risk.

It is necessary to protect the vital interests of any person where the data subject is physically or legally incapable of giving consent

This could be relied upon in situations where someone has become seriously ill on our premises and we are asked by medical practitioners (such as paramedics), to share information we know about that person’s health or allergies.

The processing is necessary for the establishment, exercise or defence of legal claims

We may share or use special category data where legal action is being considered or underway.

The processing is necessary in the substantial public interest

This may be relied upon in circumstances where our processing is necessary to safeguard children or others at risk or where we respond to requests from the Police or law enforcement bodies, to assist in an investigation to prevent or detect an unlawful act.

The processing is necessary for the assessment of the working capacity of the employee

This will be applicable where an employee has been absent from work due to illness or injury, and we need to assess whether they are fit to return to work.

This list is not exhaustive.

How we protect your information

We take our security responsibilities seriously to protect your personal data from accidental or unlawful access, disclosure, loss, damage or destruction. For example:

Access to our data is on a strict need to know basis
Our electronic records are held on encrypted servers
We have strict visitor management security procedures in place
Our sensitive paper files are locked away with restricted access to the keys
Our employees, volunteers and governors are subject to Disclosure and Barring Service (DBS) checks and employee contracts contain confidentiality clauses
We have policies, procedures and training around data protection, security, record disposal and confidentiality. Our Data Protection Policy is available via our websites.
We use encrypted email or secure file sharing platforms to share personal data with external organisations
We carry out due diligence checks on our service providers and Data Protection Impact Assessments, where required.
We use up to date virus and malware protection software; security patches are applied promptly, and we back up our data regularly.

Storing personal data
The personal information we collect and store is essential for our Federation’s operational use. We only keep personal information for as long as we need to, and where it is necessary to comply with any legal, contractual, accounting or reporting obligations. After this period, we delete or securely destroy personally identifiable data.

For more information about how long we keep personal data for see our Record Retention Schedule available via our websites:
GDPR | Kingsbridge Community Primary School
GDPR – Loddiswell Primary School (incl. Preschool)
GDPR – Malborough with South Huish Church of England Primary School
GDPR – Modbury Primary School
GDPR – Stokenham Primary School

Overseas transfers
We mainly store our data in the UK or the European Economic Area (EEA), however some of our service providers may store personal data outside these areas (usually in the USA). Where this is the case, we have a contract with these service providers which ensures they process our data securely and in line with our data protection laws.

Your data protection rights
You have the following rights under the data protection laws:
The right to:

Be told how your personal data is being processed (see our privacy notices).
Request access to your personal data.
Rectify personal data held about you which is inaccurate or incomplete.
Have your data erased in certain circumstances.
Restrict the processing of your information in certain circumstances.
Object to your information being used for public interest or direct marketing purposes.
Ask that your personal data is transferred from one organisation to another or given to you, in certain circumstances.
Not be subject to decisions based purely on automated processing where it produces a legal or similarly significant effect on you.
Complain if you are not happy with the way your data has been handled, and to escalate this to the Information Commissioner if you remain dissatisfied.

To exercise these rights, please contact us by emailing gdpr@southhamsfederation.org.uk . You are not usually required to pay a fee and can expect to receive a response within one calendar month. Further information about your data protection rights can be found on the Information Commissioner’s Office website at www.ico.org.uk .

Feedback and complaints
We work to high standards when it comes to processing your personal information. We hope you will always be happy with the way we handle your information, however if we have not met your expectations, please let us know so we can put things right.
To do this, please email the relevant school at:
Kingsbridge : admin@kingsbridge-pri.devon.sch.uk
Loddiswell : loddiswell@southhamsfederation.org.uk
Loddiswell Preschool : loddiswellpreschool@southhamsfederation.org.uk
Malborough : malborough@southhamsfederation.org.uk
Modbury : modbury@southhamsfederation.org.uk
Stokenham : stokenham@southhamsfederation.org.uk

If you would like to make a formal complaint, our complaints procedure is available via our websites:
Kingsbridge : https://www.kingsbridgeprimary.co.uk/policies/
Loddiswell Primary & Preschool: https://www.loddiswellprimaryschool.co.uk/policies/
Malborough : https://www.malboroughprimaryschool.co.uk/policies/
Modbury : https://www.modburyprimaryschool.co.uk/policies/
Stokenham : https://stokenhamprimaryschool.co.uk/policies/

Data Protection Officer
Our Data Protection Officer (DPO) is Amber Badley, an external consultant appointed under a service contract. If you have any queries about this privacy notice or any matter relating to the handling of your personal data, you can contact our DPO directly at DPO@firebirdltd.co.uk or by writing to the relevant school at:
Kingsbridge : admin@kingsbridge-pri.devon.sch.uk
Loddiswell : loddiswell@southhamsfederation.org.uk
Loddiswell Preschool : loddiswellpreschool@southhamsfederation.org.uk
Malborough : malborough@southhamsfederation.org.uk
Modbury : modbury@southhamsfederation.org.uk
Stokenham : stokenham@southhamsfederation.org.uk

Contact Us

Kingsbridge Community Primary School

Belle Cross Road

Kingsbridge

Devon TQ7 1NL

Tel : 01548 852009

Email : admin@kingsbridge-pri.devon.sch.uk

Stokenham Area Primary School

Stokenham

Kingsbridge

Devon

TQ7 2SJ

Tel: 01548 580551

Email: stokenham@southhamsfederation.org.uk

Loddiswell Primary & PreSchool

Beechwood Park

Loddiswell

Kingsbridge

Devon

TQ7 4BY

Tel: 01548 550295
Email: loddiswell@southhamsfederation.org.uk
loddiswellpreschool@southhamsfederation.org.uk

Malborough with South Huish Primary School

Higher Town

Malborough

Nr Kingsbridge

Devon

TQ7 3RN

Tel: 01548 561444

Email: malborough@southhamsfederation.org.uk

Modbury Primary School

Barracks Road

Modbury

Ivybridge

Devon

PL21 0RB

Tel: 01548 830312

Email: modbury@southhamsfederation.org.uk

Changes to this privacy notice
We may need to update this privacy notice periodically, so we recommend that you revisit this information from time to time. This version was last updated on 1st September 2021.

Cookies

Cookies

Website CMS

Matomo

reCaptcha

Cookie notice