Data Protection & GDPR Policy

Introduction

The Brick Lane Jamme Masjid Madrasah is committed to ensuring the privacy and security of all personal data collected and processed in accordance with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018. This policy outlines how the Brick Lane Jamme Masjid Madrasah collects, processes, stores, and protects personal data to uphold the rights and privacy of individuals.

Policy aim and objectives

The purpose of this data protection and GDPR policy is to:

• Ensure compliance with the UK GDPR and Data Protection Act 2018.
• Safeguard personal data collected from students, parents, staff, and other stakeholders.
• Provide clarity on how data is collected, stored, processed, and shared.
• Promote accountability and transparency in handling personal information.

Scope

This policy applies to all personal data collected and processed by the Brick Lane Jamme Masjid Madrasah, including data related to:

• Students and their families.
• Staff members, volunteers, and contractors.
• Other stakeholders.
• It applies to both electronic and physical data storage systems.

Principles of data processing

To provide a high-quality educational environment and comply with legal requirements, we will need to request information from parents about their children and families. This may include personal data as well as special category data. We are committed to safeguarding the privacy of our families, and in accordance with the General Data Protection Regulation (GDPR), we process all personal data based on the following seven principles:

• Lawfulness, fairness, and transparency: We will collect personal data only for lawful reasons and in a fair and transparent manner. Parents will be informed clearly about the data we are collecting and the reasons for doing so.
• Purpose limitation: Data will only be used for the purposes for which it was initially collected. It will not be used for unrelated purposes, such as marketing, unless required by law or explicitly agreed upon by the individual.
• Data minimisation: We will collect only the data necessary to provide appropriate Islamic education, safeguard pupils, and understand their needs. No excessive or irrelevant data will be gathered.
• Accuracy: We will ensure that all data remains accurate and up-to-date. Parents will be asked to review and confirm their information regularly.
• Storage limitation: Data will only be retained for as long as necessary to fulfil the purposes for which it was collected, in compliance with relevant laws. Once no longer needed, it will be securely deleted or anonymised.
• Integrity and confidentiality: We will take all necessary measures to protect personal data from unauthorised access, loss, or misuse. Data will be processed and stored securely by authorised individuals only.
• Accountability: We will demonstrate compliance with data protection laws by maintaining clear records and processes, ensuring transparency and accountability in all aspects of data handling.

Types of data collected

The Brick Lane Jamme Masjid Madrasah collects and processes the following types of personal data:

• Personal details (e.g., name, date of birth, address, contact details).
• Educational records (e.g., attendance, progress, behaviour reports).
• Medical information (e.g., allergies, conditions, emergency contact details).
• Safeguarding information (such as court orders and professional involvement)
• Staff employment records (e.g., qualifications, payroll information).

Lawful basis for processing

Personal data is processed under the following lawful bases:

• Consent: Where explicit consent has been obtained from individuals (e.g., for using photographs).
• Contract: To fulfil contractual obligations (e.g., staff employment).
• Legal Obligation: To comply with statutory requirements (e.g., safeguarding).
• Legitimate Interests: Where processing is necessary for the Brick Lane Jamme Masjid Madrasah's operational needs.

Why we collect and use pupil information

We collect and use pupil information, for the following purposes:

• To support pupil learning.
• To monitor and report on pupil attainment progress.
• To assess the quality of our teaching.
• To keep children safe (food allergies, or emergency contact details).
• To comply with the law regarding data sharing.
• To safeguard children.

Subject access

Parents, carers, and those with parental responsibility have the right to access records relating to their child at any time. Requests will be processed promptly, and information will be provided without delay, within one month of receipt of the request.

Requests should be submitted in writing, and we will ensure the necessary information is provided. If a request is made through an unfamiliar method, such as an unknown email address, we may need to verify the identity of the requester to protect the confidentiality of the data.

We also encourage parents to regularly review the information we hold about their child to ensure it is accurate and to update it as needed.

Sharing of information without parent consent

In certain circumstances, we may be required to share information without parental consent. This could include situations involving child protection concerns, criminal investigations, tax inquiries, health and safety matters, or other instances where disclosure is mandated by law.

Data storage

• Personal data is stored securely in physical files (e.g., locked cabinets) and digital systems (e.g., password protected databases).
• Access to personal data is limited to authorised personnel only.

Data security

To secure the data we hold, the Brick Lane Jamme Masjid Madrasah will:

• Regularly updates and maintain IT systems to protect against data breaches.
• Use encryption for sensitive data transfers.
• Secure disposal of data no longer required, such as shredding physical documents and permanently deleting digital records.

Data sharing

Internal sharing. Personal data is shared internally only with staff members who require it for legitimate purposes (e.g., teaching, administration).

External sharing. Data may be shared with external parties, including:

• Regulatory authorities (e.g., local councils).
• Emergency services (e.g., in cases of medical emergencies).
• Third-party service providers (e.g., IT support), subject to strict confidentiality agreements.
• The Brick Lane Jamme Masjid Madrasah does not sell or share personal data for marketing purposes.

Data subject rights

Under the UK GDPR, individuals have the following rights regarding their personal data:

• Right to access: To request access to their data and obtain a copy.
• Right to rectification: To request corrections to inaccurate or incomplete data.
• Right to erasure: To request deletion of their data, subject to legal or contractual requirements.
• Right to restrict processing: To limit the processing of their data under certain conditions.
• Right to data portability: To request the transfer of their data to another organisation.
• Right to object: To object to the processing of their data in specific situations.

Requests related to these rights should be made in writing to the Data Protection Officer (DPO).

Data breach management

In the event of a data breach:

• The breach will be reported immediately to the Data Protection Officer.
• Steps will be taken to contain and assess the breach.
• Affected individuals and the Information Commissioner's Office (ICO) will be informed within 72 hours if required by law.

Roles and responsibilities

The Data Protection Officer (DPO) is responsible for:

• Ensuring compliance with data protection laws.
• Acting as the point of contact for data protection queries and concerns.
• Conducting regular audits of data protection practices.

Staff and volunteers are responsible for:

• Handling personal data in accordance with this policy.
• Reporting any data breaches or concerns to the DPO.
• Attending training sessions on data protection when required.