Privacy Policy

Our full list of GDPR policies can be found here.
Our Full list of School Policies can be found here.

Our E-Safety Policy

Last updated by D Thompson in May 2018

The statutory curriculum requires pupils to learn how to locate, retrieve and exchange information using ICT.  In delivering the curriculum, teachers need to plan to integrate the use of communications technology such as web-based resources and e‑mail.  Computer skills are vital to access life-long learning and employment; indeed ICT is now seen as an essential life-skill.

Most technologies present risks as well as benefits.  Internet use for work, home, social and leisure activities is expanding in all sectors of society.  This brings young people into contact with a wide variety of influences, some of which – as in life generally – may be unsuitable.  It is important that schools, libraries and youth clubs, as well as parents adopt strategies for the safe and responsible use of the Internet.

Our Internet Policy has been written by the ICT Coordinator using Barnsley Learning Network and government guidance.  It has been agreed by senior management and governors.  It will be reviewed annually.  

  1. Why is Internet use important?

The Internet is an essential element in 21st century life for education, business and social interaction.  The school has a duty to provide students with quality Internet access as part of their learning experience.

  • How will Internet use enhance learning?

The school Internet access will be designed expressly for pupil use and will include filtering appropriate to the age of pupils.

Pupils will learn appropriate Internet use, what is and what is not appropriate use, and given clear objectives for Internet use.

Staff should guide pupils in on-line activities that will support the learning outcomes planned for the pupils’ age and maturity.

Pupils will be educated in the effective use of the Internet. They will be taught a range of skills including researching, for example knowledge location, retrieval and evaluation as well as skills such as uploading work and images to share with other learners.

Benefits of using the Internet in education include:

  • access to world-wide educational resources including museums and art galleries;
  • educational and cultural exchanges between pupils world-wide;
  • cultural, vocational, social and leisure use in libraries, clubs and at home;
  • access to experts in many fields for pupils and staff;
  • staff professional development through access to national developments, educational materials and good curriculum practice;
  • communication with support services, professional associations and colleagues;
  • improved access to technical support including remote management of networks;
  • exchange of curriculum and administration data with the LA and DSCF.

  • How will pupils learn to evaluate Internet content?

The quality of information received via the range of media is variable and everyone needs to develop skills in selection and evaluation.  The spreading of malicious rumour has occurred for thousands of years and lies sometimes win over truth.  Information received via the web, e-mail or text message also requires good information handling skills.  In particular it may be difficult to determine origin and accuracy, as the contextual clues present with books or TV may be missing or difficult to read. 

It is a sad fact that pupils may occasionally be confronted with inappropriate material, despite all attempts at filtering.  Pupils should be taught what to do if they experience material that they find distasteful, uncomfortable or threatening.  For example: to close the page and report the URL to the teacher or ICT manager for inclusion in the list of blocked sites.  Children should also be taught what to do if they experience this sort of material outside the safety of school, as e-safety is a skill children will require for the future. Children should be shown how and where to report unreasonable actions and materials, for example at the websites, or

More often, pupils will be judging reasonable material but need to select that which is relevant to their needs, for instance to answer a particular question.  Pupils should be taught research techniques and encouraged to question the validity, currency and origins of information.  Effective guided use should also reduce the opportunity pupils have for exploring undesirable areas.

Using Internet derived materials in pupils’ own work requires at least an understanding that straight copying is worth little without a commentary that demonstrates the selectivity used and evaluates significance. Pupils should be taught to be critically aware of the materials they read and shown how to validate information before accepting its accuracy.

  • How will e-mail be managed?

The government encourages the use of e-mail as an essential means of communication for both staff and pupils.  Directed e-mail use can bring significant educational benefits and interesting projects between schools.

However, the use of e-mail requires that the implications for the school and for the pupils have been thought out and that appropriate safety measures have been put in place.  Un-regulated e-mail can provide a means of access to a pupil that bypasses the traditional school boundaries. 

The central question is the degree of responsibility for self-regulation that may be delegated to an individual pupil.  Once e‑mail is available it is difficult to control its content. 

They will only email independently through our schools VLE which can be monitored by staff and only allows children to email other children within school.

Pupils will be taught to:

  • tell a teacher if they receive offensive e-mail.
  • not reveal details of themselves or others in e‑mail communication, such as address or telephone number, or arrange to meet anyone.
  • Protect their password created by consistently updating it.

  • How should website content be managed?

Many schools have created excellent web sites that inspire pupils to publish work of a high standard.  Web sites can celebrate pupils’ work, promote the school and publish resources for projects or homework.  Editorial guidance will ensure that the Web site reflects the school’s ethos that information is accurate and well-presented and that personal security is not compromised. 

Although there are many ways to obtain information about schools and pupils, for instance a school newsletter, a school’s web site can be accessed by anyone on the Internet.  Publication of information should be considered from a security viewpoint. 

Photographs that include pupils add a liveliness and interest to a web site that is difficult to achieve in any other way.  Nevertheless the security of staff and pupils must come first.  Sadly, although common in newspapers, the publishing of pupils’ names with photographs of pupils is not acceptable.  Web images could be misused and individual pupils identified unless broad descriptions are used. The following point should be adhered to:

  1. A check should be made that pupils in photographs are appropriately clothed.
  2. The point of contact on the web site should be the school address, school e-mail and telephone number.  Staff or pupils’ home information will not be published.
  3. Web site photographs that include pupils will be selected carefully and pupils’ full names will not be used anywhere on the web site, particularly in association with photographs.
  4. Written permission from parents or carers will be obtained before photographs of pupils are published on the school web site. A parent consent form is signed at enrolment at school.
  5. The class teacher will have the responsibility of checking that all children seen on photographs uploaded to the web have a valid consent form and Headteacher will take overall editorial responsibility and ensure that content is accurate and appropriate.

  • Can Social Media/Text Messaging be made safe?

Messenger is a popular conferencing application offering instantaneous exchange of text and images between groups of users via the Internet.  In principle, messenger has great potential for education; for instance pupils could exchange live text, speech or video with pupils in South Africa or Italy, at low cost.  Such chat facilities should be moderated by the parents/guardians and access should only be at times permitted by the parent/guardian.

Although chat sites are not allowed in Keresforth Primary School and are not legally allowed to be accessed until age 13, there use by pupils outside school is becoming more common.  The approach therefore that parents and teachers need to take is one of keeping aware of developments and advising their children of the dangers.  They need to ensure that they protect their social media account with a password (which needs to be constantly updated) and report any incidents concerning inappropriate or graphic messages or images. They also need to be made aware that sharing inappropriate messages or images is very serious and would be dealt with accordingly.

  • How will Internet access be authorised?

Internet access for pupils should be seen as an entitlement on the basis of educational need and an essential resource for staff.  It should be clear who has Internet access and who has not.  Authorisation is generally on an individual basis in a secondary school.  In a primary school, parental permission will be required for children to have access to the internet.

The school will keep a record of all staff and pupils who are granted Internet access.  The record will be kept up-to-date, for instance a member of staff may leave or a pupil’s access be withdrawn. 

Parents will be asked to sign and return a consent form when they enrol their child at school.

  • Log-On to the Computer and Internet

To encourage independence and personal responsibility Children must be taught to log-on independently, it is a valuable life skill.  To avoid or reduce any potential problems all IT users should abide by the following

  1. All of Key Stage 2 should allow time for the children to develop these skills they should be incorporated into the teachers planning during the first term of each new academic year.
  2. Under no circumstances should the teacher use their own personal log-in (even as well meaning as it might be) to log the child onto the computer/system.
  3. If a child has forgotten or “lost” their log-in the teacher is to advise data-admin via the office and request a new log-in and password.  The child does not go onto the computer until this information has been received back.  This normally takes only a couple of days.
  4. A child will have to share a computer with a friend until this matter has been resolved.
  5. KS1 provision to be made to assist the child to log-on, but again not to use the teachers/assistants profile.

  • How will the risks be assessed?

In common with other media such as magazines, books and video, some material available via the Internet is unsuitable for pupils.  The school will take all reasonable precautions to ensure that users access only appropriate material.  However, due to the international scale and linked nature of Internet content, it is not possible to guarantee that unsuitable material will never appear on a school computer.  Children will be taught how to best deal with this situation.

  1. How will complaints regarding Internet use be handled?

Parents and teachers must know how and where to report incidents.  Prompt action will be required if a complaint is made.  The facts of the case will need to be established, for instance whether the internet use was within or outside school.  A minor transgression of the rules may be dealt with by the teacher as part of normal class discipline.  Other situations could potentially be serious and a range of sanctions will be required, linked to the school’s behaviour policy.  Complaints of a child protection nature must be dealt with in accordance with the LA child protection procedures.

  1. Children using messaging and email facilities inappropriately will have their user name and password withdrawn, for a period of time to be decided by the class teacher, depending on the severity of the misuse. Responsibility for handling incidents regarding child protection will be delegated to the Headteacher .
  2. Any complaint about staff misuse must be referred to the ICT Coordinator and Headteacher.
  3. Parents and pupils will need to work in partnership with staff to resolve issues.
  4. There may be occasions when the police must be contacted.  Early contact could be made to establish the legal position and discuss strategies.

  1. Shawlands Primary School Responsible Internet Use Rules

These rules help us to be fair to others and keep everyone safe.

  • I will ask permission before using the Internet. 
  • I will use only my class network login and password, which is secret.
  • I will only open or delete my own files.
  • I understand that I must not bring into school and use software or files without permission.
  • I will only e-mail people I know, or my teacher has approved.
  • The messages I send will be polite and sensible.
  • I understand that I must never give my home address or phone number, or arrange to meet someone.
  • I will ask for permission before opening an e-mail or an e-mail attachment sent by someone I do not know.
  • I will not use Internet chat.
  • If I see anything I am unhappy with or I receive messages I do not like, I will tell a teacher immediately.
  • I understand that the school may check my computer files, emails I send and the Internet sites I visit.
  • I understand that if I deliberately break these rules, I may not be allowed to use the Internet or computers.

Our Information Sharing Policy

Last updated by D Thompson in May 2018

Information sharing falls into two distinct groups:

Case by case

This is for the sharing of information between front line services, where the professional judgement of those concerned will be deployed to ensure the wellbeing of the child.

Bulk information

This is the sharing of information with: 

  • Local Authority data via the secure email system.
  • The DfES S2S website for the transfer of pupil data.
  • Payroll through secure portal.
  • Human Resources through secure portal.

Guidelines on confidentiality

1.      All information about individual children is private and must only be shared with staff that have a need to know.

2.      All social services, medical and personal information about a child is held in a safe and secure place which is not accessed by individuals other than school staff.

3.      The school prides itself on good communication with parents/carers and staff are available to talk to both children and parents/carers about issues that are causing concern.

4.      All children have a right to the same level of confidentiality irrespective of gender, race, religion, medical concerns and special educational needs. A lot of data is generated in schools by these categories but individual children should not be able to be identified.

5.      Confidentiality is a whole school issue. Clear ground rules are set for any classroom work such as circle time and other PHSCE session dealing with sensitive issues such as sex and relationships and drugs.

6.       All children, parents, staff members and governors must enjoy privacy from gossip.  Matters are dealt with        according to the school’s procedures and out of the eye of the wider community.  It is important that:-

  • Staff do not discuss details of individual cases arising in staff meetings to any person without direct professional connection to and interest in the welfare and education of the individual concerned.

  • No member of staff discusses an individual child’s behaviour in the presence of another child in school.

  • Staff do not enter into detailed discussion about a child’s behaviour with other children or their parents.

  • Governors do not divulge information about individuals (be they staff, families or individual children) to any person outside of the meeting.  Confidential papers should be collected and destroyed.  Governors must observe complete confidentiality when asked to do so by the governing body, especially in relation to matters concerning individual staff, pupils or parents.  Although decisions reached at governors’ meetings are normally made public through the minutes or otherwise, the discussions on which decisions are based should be regarded as confidential.  Governors should exercise the highest degree of prudence when discussion of potentially contentious issues arises outside the governing body.

  • Parents in school, working as volunteers do not report cases of poor behaviour or pupil discipline to other parents in the school.  This allows teachers to deal with such matters in line with school policy.

  • Staff appraisals will be carried out privately.  Targets for individuals, named lesson observation sheets and other performance data are stored securely by the Headteacher.

  • Safeguarding and Child Protection matters are made known to staff on a need to know basis.

  • It is important that class teachers and support staff are aware of some confidential matters in order to support individuals.  These staff will respect the sensitivity of such cases and not divulge information to people unconnected professionally with the individual concerned.

7.      Staff should be aware of children with medical needs.  This information should be accessible to staff who need it but not on general view to other parents/carers and children.

8.      Photographs of children should not be used without parents/carers permission. At no time should the child’s name be used with a photograph so that they can be identified. The school gives clear guidance to parents about the use of cameras and videos during public school events.

9.      Information about children will be shared with parents but only about their child.  However parents should be aware that information about their child will be shared with the receiving school when they change school.

10.    All personal information about children including social services records should be regarded as confidential. It should be clearly understood by those who have access to it, and whether those concerned have access to all, or only some of the information.

  • Information regarding health reports such as speech therapy, medical reports, SEN reports, SEN minutes of meetings and social services minutes of meetings and reports will be circulated and, once read, will be filed securely.

  • Logs of administration of medication to children should be kept secure and individual logs kept as appropriate.

  • In all other notes, briefing sheets etc, a child should not be able to be identified.

  • Individual’s details will only be passed to outside bodies when essential and appropriate.

Other Professionals

Health professionals are bound by their professional codes of conduct to maintain confidentiality when working in a one to one situation.  When working in a classroom, they are bound by relevant school policies.  In line with best practice guidance, like other school staff, they will seek to protect privacy and prevent inappropriate personal disclosures in a classroom setting, by negotiating ground rules and using distancing techniques.


  1. You should explain to children, young people and families at the outset, openly and honestly, what and how information will, or could be shared and why, and seek their agreement.  The exception to this is where to do so would put that child, young person or others at increased risk of significant harm or an adult at risk of serious harm, or if it would undermine the prevention, detection or prosecution of a serious crime (see glossary for definition) including where seeking consent might lead to interference with any potential investigation.

  • You must always consider the safety and welfare of a child or young person when making decisions on whether to share information about them.  Where there is concern that the child may be suffering or is at risk of suffering significant harm, the child’s safety and welfare must be the overriding consideration.

  • You should, where possible, respect the wishes of children, young people or families who do not consent to share confidential information.  You may still share information, if in your judgement on the facts of the case; there is sufficient need to override that lack of consent.

  • You should seek advice where you are in doubt, especially where your doubt relates to a concern about possible significant harm to a child or serious harm to others.

  • You should ensure that the information you share is accurate and up-to-date, necessary for the purpose for which you are sharing it, shared only with those people who need to see it and shared securely.

  • You should always record the reasons for your decision – whether it is to share information or not.

  • The Headteacher should be kept informed of the information being shared.


Shawlands School has a duty of care and responsibility towards pupils, parents/carers and staff. It also needs to work with a range of outside agencies and share information on a professional basis. The care and safety of the individual is the key issue behind this document.

Our Data Breach Policy

Last updated by D Thompson in May 2018

This procedure is based on guidance on personal data breaches produced by the ICO.

  • On finding or causing a breach, or potential breach, the staff member or data processor must immediately notify the DPO

  • The DPO will investigate the report, and determine whether a breach has occurred. To decide, the DPO will consider whether personal data has been accidentally or unlawfully:
    • Lost
    • Stolen
    • Destroyed
    • Altered
    • Disclosed or made available where it should not have been
    • Made available to unauthorised people
  • The DPO will alert the Headteacher and the Chair of Governors
  • The DPO will make all reasonable efforts to contain and minimise the impact of the breach, assisted by relevant staff members or data processors where necessary. (Actions relevant to specific data types are set out at the end of this procedure)
  • The DPO will assess the potential consequences, based on how serious they are, and how likely they are to happen
  • The DPO will work out whether the breach must be reported to the ICO. This must be judged on a case-by-case basis. To decide, the DPO will consider whether the breach is likely to negatively affect people’s rights and freedoms, and cause them any physical, material or non-material damage (e.g. emotional distress), including through:
    • Loss of control over their data
    • Discrimination
    • Identify theft or fraud
    • Financial loss
    • Unauthorised reversal of pseudonymisation (for example, key-coding)
    • Damage to reputation
    • Loss of confidentiality
    • Any other significant economic or social disadvantage to the individual(s) concerned

If it’s likely that there will be a risk to people’s rights and freedoms, the DPO must notify the ICO.

  • The DPO will document the decision (either way), in case it is challenged at a later date by the ICO or an individual affected by the breach. Documented decisions are stored in a secure filing cabinet in the school office, electronic copies may be stored with the DPO and Business Manager.
  • Where the ICO must be notified, the DPO will do this via the ‘report a breach’ page of the ICO website within 72 hours. As required, the DPO will set out:
    • A description of the nature of the personal data breach including, where possible:
      • The categories and approximate number of individuals concerned
      • The categories and approximate number of personal data records concerned
    • The name and contact details of the DPO
    • A description of the likely consequences of the personal data breach
    • A description of the measures that have been, or will be taken, to deal with the breach and  mitigate any possible adverse effects on the individual(s) concerned
  • If all the above details are not yet known, the DPO will report as much as they can within 72 hours. The report will explain that there is a delay, the reasons why, and when the DPO expects to have further information. The DPO will submit the remaining information as soon as possible
  • The DPO will also assess the risk to individuals, again based on the severity and likelihood of potential or actual impact. If the risk is high, the DPO will promptly inform, in writing, all individuals whose personal data has been breached. This notification will set out:
    • The name and contact details of the DPO
    • A description of the likely consequences of the personal data breach
    • A description of the measures that have been, or will be, taken to deal with the data breach and mitigate any possible adverse effects on the individual(s) concerned
  • The DPO will notify any relevant third parties who can help mitigate the loss to individuals – for example, the police, insurers, banks or credit card companies
  • The DPO will document each breach, irrespective of whether it is reported to the ICO. For each breach, this record will include the:
    • Facts and cause
    • Effects
    • Action taken to contain it and ensure it does not happen again (such as establishing more robust processes or providing further training for individuals)
  • Records of all breaches will be stored in a secure filing cabinet in the school office, electronic copies may be stored with the DPO and Business Manager.

The DPO and Headteacher will meet to review what happened and how it can be stopped from happening again. This meeting will happen as soon as reasonably possible

Actions to minimise the impact of data breaches

We will take the actions set out below to mitigate the impact of different types of data breach, focusing especially on breaches involving particularly risky or sensitive information. We will review the effectiveness of these actions and amend them as necessary after any data breach.

Sensitive information being disclosed via email (including safeguarding records)

  • If special category data (sensitive information) is accidentally made available via email to unauthorised individuals, the sender must attempt to recall the email as soon as they become aware of the error
  • Members of staff who receive personal data sent in error must alert the sender and the DPO as soon as they become aware of the error
  • If the sender is unavailable or cannot recall the email for any reason, the DPO will ask the ICT department to recall it
  • In any cases where the recall is unsuccessful, the DPO will contact the relevant unauthorised individuals who received the email, explain that the information was sent in error, and request that those individuals delete the information and do not share, publish, save or replicate it in any way
  • The DPO will ensure we receive a written response from all the individuals who received the data, confirming that they have complied with this request
  • The DPO will carry out an internet search to check that the information has not been made public; if it has, we will contact the publisher/website owner or administrator to request that the information is removed from their website and deleted

If you have any questions about our School and GDPR Policies, please contact us and speak to a member of the Shawlands Primary School team via email or phone.

We use cookies on our website to help improve your experience during your visit. Please read our Privacy Policy for more information about the cookies we use.