Read our Child Friendly Privacy Notice for Pupils (PDF 261KB)
Your information is being collected by Ashley Hill School which is a data controller for the purposes of current Data Protection Legislation as applied in the Isle of Man.
Our websites contain links to other websites which you may find useful; when you follow these links, the websites should have their own privacy policy. Ashley Hill School cannot accept any responsibility or liability for the content of any personal data provided to them. We advise you to check these policies before you submit any personal data to these websites.
The Headteacher in the name of Ashley Hill School as Data controller
If you have any questions or comments on this Privacy Notice please contact the Data Controller, namely the Head Teacher at Onchan, Isle of Man IM3 3LA.
In addition to the information set out in the Department of Education, Sport and Culture’s (DESC) Privacy Notice, we may also collect the following information about your child as required by the Education Act 2001 and the Registration of Pupils Regulations 2016:
Should you have any enquiries or comments regarding this information, please contact the Data Protection Officer (DPO) for the Department of Education, Sport and Culture. By email DPO-DESC@gov.im or by post to Data Protection Officer, Thie Slieau Whallian, Foxdale Road, St John's, Isle of Man, IM4 3AS or by telephone on (01624) 685828.
Ashley Hill School may use your information to:
Ashley Hill School has a statutory obligation to check and verify the data you provide to us on registration documents and on consent forms. This may include checks of publicly available information but in some cases, where it is necessary and relevant, the information you provide may be disclosed or shared with other organisations.
App or Service | Details | Consent Required |
---|---|---|
Arbor |
Data Shared: Pupil record Sharing Basis: Public interest + official authority of the DC Security Protocols: Server/Data Location: EEA Retention Period: DOB + 25 years |
No |
Arbor |
Teacher Access: Legal Basis - Education Act 2001 and Registration of Pupils Regulations 2016 Server/Data Location: EEA Retention Period: DOB + 25 years |
No |
Book creator |
Data Shared: name, email address, a password and the school name Security Protocols: Access Conditions: Supervised Teacher Access: Yes Server/Data Location: US |
Yes |
Chess competition (Rob Sellors) |
Data Shared: name, school, age Security Protocols: Email on secure government system Server/Data Location: EEA Retention Period: Until competition completed |
Yes |
Cross country competition (Rob Sellors) |
Data Shared: Names, sex, school Teacher Access: Public Server/Data Location: EEA Retention Period: Public information |
Yes |
DESC Attendance |
Data Shared: Name, School, Attendance data if less than 80% Sharing Basis: Public interest + official authority of the DC Security Protocols: Secure access or information sent by email password protected Server/Data Location: EEA Retention Period: As needed while resolving issues |
No |
DHSC Dental Survey |
Data Shared: Child’s name, date of birth Security Protocols: Information sent password protected with the password sent via an alternative means of communication Server/Data Location: EEA Retention Period: Current year |
Yes |
DHSC School / Community Nurses |
Data Shared: Child's name, date of birth, current address, previous address, current school and previous school Security Protocols: Information sent password protected with the password sent via an alternative means of communication Server/Data Location: EEA Retention Period: Current year |
Yes |
Dolphin Gala |
Data Shared: Names, DOB, school Security Protocols: Password protected email / paper copy handed to organisers Server/Data Location: EEA Retention Period: Deleted after competition |
Yes |
Empowering Education International Limited (EEIL) |
Data Shared: Sharing Basis: Public interest + official authority of the DC Security Protocols: Access Conditions: No Teacher Access: No Server/Data Location: UK Retention Period: Any personal data provided to EEIL will only be retained for the duration of the EEIL engagement with DESC. |
No |
Evolve |
Data Shared: Name, contact details, trip information and risk assessments Sharing Basis: Public interest + official authority of the DC Security Protocols: Server/Data Location: UK Retention Period: Current year + 6 years |
No |
|
Data Shared: No personal information should be stored on Google servers by staff apart from a name, class grouping, email address and information regarding work completed or to be completed Sharing Basis: Public interest + official authority of the DC Security Protocols: Google adheres to several self regulatory frameworks, including the EU-US Privacy Shield arrangement. Access Conditions: No Teacher Access: Limited to areas set up by staff such as Google Classrooms and shared areas Server/Data Location: Worldwide including the US Retention Period: DOB + 21 years or 3 years since the last log on |
Yes |
Guild |
Data Shared: Name, DOB. School information Retention Period: Public information |
Yes |
ItsLearning |
Data Shared: Name, class, school work Sharing Basis: Public interest + official authority of the DC Security Protocols: Username and password Access Conditions: No Teacher Access: Yes Server/Data Location: EEA Retention Period: End of Use + 12 months |
No |
Junior Achievement |
Data Shared: Name. class, year group Security Protocols: Retention Period: Until after event |
Yes |
Juniorlibrarian |
Data Shared: Name and class Access Conditions: Supervised Teacher Access: Yes Server/Data Location: EEA Retention Period: Upon leaving school |
Yes |
Kahoot |
Data Shared: Name, Email address, user name, google analytics identifiers Security Protocols: Reasonable organizational, technical and administrative measures Access Conditions: Supervised Teacher Access: Yes Server/Data Location: Worldwide Retention Period: End of use + 12 months |
Yes |
Language link / Speech |
Data Shared: Name, DOB. email & telephone number of school Security Protocols: Encryption, access restriction and physical security Teacher Access: Yes Server/Data Location: EEA Retention Period: 3 years |
No |
Microsoft Teams |
Data Shared: Sharing Basis: Public interest to assist with remote education during period of school closures. Security Protocols: Teams enforces team-wide and organization-wide two-factor authentication, single sign-on through Active Directory, and encryption of data in transit and at rest. Files are stored in SharePoint and are backed by SharePoint encryption. Access Conditions: Supervised and unsupervised. Teacher Access: Yes Server/Data Location: EEA Retention Period: August after pupil leaves school |
No |
Nessy |
Security Protocols: Password protected Admin & Reports portal. Physical, electronic, and managerial procedures to safeguard data and prevent unauthorised access or use of the information collected online. Access Conditions: Supervised |
Yes |
ParentPay |
Data Shared: Sharing Basis: Schools have signed up for the service and their legal basis is: 'processing is necessary for the performance of a task carried out in the public interest' Security Protocols: Server/Data Location: UK Retention Period: |
Yes |
Quesmedia Sites |
Data Shared: Website activity, website form submissions and user content. Sharing Basis: To provide public website services for our school Security Protocols: Access Conditions: None Teacher Access: Limited to data provided within the CMS Server/Data Location: United Kingdom (EEA) Retention Period: Please view the more information link for data retention policies. |
No |
RIDDOR |
Data Shared: Name, age,gender, school, address, phone number, injury Server/Data Location: IOM Retention Period: DOB +25 years |
No |
Rock Star Times Tables |
Data Shared: Name and class, times table performance data Access Conditions: Supervised Server/Data Location: EU Retention Period: Upon leaving school |
Yes |
Socrative |
Data Shared: First name and Class Security Protocols: We protect your login information and the transmission of data using Secure Socket Layer (SSL) technology. Access Conditions: Supervised Teacher Access: Yes Server/Data Location: USA Retention Period: Until Childs Leaves school |
Yes |
SpellingShed |
Data Shared: Name and class, Spelling performance data Access Conditions: Supervised Teacher Access: Yes Server/Data Location: EEA (UK) Retention Period: Upon leaving school |
Yes |
Superheroes |
Data Shared: Name, Gender, Date of Birth, Class, Teacher. pupil attainment and progress of their fundamental movement skills Security Protocols: Information held on its information systems is held securely and in compliance with industry security standards and legislation Access Conditions: Supervised and unsupervised Teacher Access: Yes Server/Data Location: EEA Retention Period: Upon leaving school |
Yes |
Superheroes |
Data Shared: Date of Birth, Gender, School, Class, Coach and Attainment Scores. Sharing Basis: To enable children to improve their basic movements which will support children when developing a love of sport and minimise potential future injury. Access Conditions: Children will be supervised by a member of staff when inputting any data. Children will be able to log-on at home to check their results and improve their scores. Teacher Access: The teacher can view First Name and Initial, Date of Birth, Gender, School, Class, Coach and Attainment Scores. These are accessible to allow the teacher to suggest improvements to the child's movements. Retention Period: Upon child leaving school. |
Yes |
Tapestry System |
Data Shared: Child’s full name, child’s date of birth, basic assessment data, photographs in school settings and/or in supervised school led trip setting Sharing Basis: Consent; Parents can withdraw consent at any time Security Protocols: Amazon Web Services, has been independently certified as ISO 874 27001 compliant. Any information will be collected and uploaded on a work provided device. Staff training will be provided. Access restrictions are in place. Strong password usage. Access Conditions: No Teacher Access: Yes, authorised personnel only Server/Data Location: EU and the UK Amazon Web Services (AWS) Retention Period: One full year after the child leaves Primary School |
Yes |
Transition between primary and secondary school |
Data Shared: Transition activities / work done in transition lessons / pupil record Sharing Basis: In the public interest and official authority of the data controller. Security Protocols: Emails on secure servers; for ‘online.sch.im’ a google service self regulatory frameworks, including the EU-US Privacy Shield arrangement. Access Conditions: Supervised and unsupervised Teacher Access: Yes Server/Data Location: United Kingdom (EEA) Retention Period: DOB + 21 years or 3 years since the last log on |
No |
|
Data Shared: Photos, names, achievements, event details, location, IP address Server/Data Location: Worldwide Retention Period: Public |
Yes |
Zoom |
Data Shared: Sharing Basis: Consent Security Protocols: Access Conditions: Supervised and unsupervised Teacher Access: Yes Server/Data Location: Data routed through servers in China. USA Retention Period: Individual accounts when deleted |
Yes |
For more specific details about retention periods see the Department’s retention schedule
Information obtained or disclosed by third parties will not be used for any other purpose other than supporting the delivery of teaching and learning.
Failure to provide information may impact on support in school, the quality of teaching and learning and in achievement in examinations.
Ashley Hill School will:
Apps and services that are used in school may require data to be stored on servers outside of the EEA. Information sent to these will be limited and are as detailed above.
You can find out more information including:
Requests for Information, submitted in accordance with Freedom of Information Act 2015. |
The following information is collected for the purpose of meeting a request you have made for information.
|
You may have the following rights in relation to your personal information:
It is worth noting that the benefits afforded by these rights are limited in some circumstances, and may depend on the legal reason why we collected your personal data. If this is the case, we'll explain why.
To exercise any of the rights mentioned, or if you have any questions relating to your rights, please contact the Data Protection Officer. To do this, by email DPO-DESC@gov.im by post to Data Protection Officer, DESC, Thie Slieau Whallian, Foxdale Road, St John's, Isle of Man, IM4 3AS, or by telephone on (01624) 685828.
We take any complaints we receive about the way we process your information very seriously and we would like to hear from you if you have any concerns that our collection or use of your personal data is unfair, misleading or inappropriate. Please bring your concern to our attention by contact the Data Protection Officer, who will work with you to resolve any issues.
If you are unhappy with the way we are using your personal data you have the right to make a complaint to the Information Commissioners Office as the Supervisory Authority for the Isle of Man. Further details can be found at www.inforights.im
From time to time we may amend this privacy notice to reflect changes in legislation, changes in our processing or experience of operating these services, and for other reasons or feedback we receive.
Any significant changes will be advised by a prominent notice on our website so that you can review the change. We will not reduce your rights under this Privacy notice without your consent. This Privacy notice was last updated July 2022.