Privacy notice for Ofsted's Inspection Data Summary report
This privacy notice explains how we will collect and use your personal information for the inspection data summary report (IDSR). You can see: https://www.gov.uk/government/publications/ofsted-privacy-notices/contacting-or-working-with-ofsted-privacy-notice
Who we are
The IDSR is operated by Ofsted (‘we’ or ‘us’). For the purpose of data protection legislation, Ofsted is the data controller for the personal data processed as part of the IDSR.
What data we collect
We collect certain information or data about you when you use the IDSR website. This includes personal information such as:
- your email address
- your internet protocol address (IP address), and details of which version of web browser you used
- information on how you use the site, using cookies and page tagging techniques
We use Google Analytics software to collect information about how you use GOV.UK and how the website performs during your visit. This includes IP addresses. The data is anonymised before being used for analytics and web performance processing.
Google Analytics processes anonymised information about:
- the pages you visit on GOV.UK
- how long you spend on each GOV.UK page
- how you got to the site
- what you click on while you’re visiting the site
This helps us to improve the site by monitoring how you use it and respond to any feedback you send us, if you request it.
We do not store your personal information through Google Analytics (for example your name or address).
We will not identify you through analytics information, and we will not combine analytics information with other data sets in a way that would identify who you are.
Why we need your data
We collect information through Google Analytics to see how you use the IDSR website. We do this to help:
- make sure the IDSR is meeting the needs of its users
- make improvements, for example improving site search
We also collect data in order to:
- gather feedback to improve our service
- respond to any feedback you send us, if you’ve asked us to
- monitor use of the site to identify security threats
Our legal basis for processing your data
The legal basis for processing personal data in relation to site security is our legitimate interests, and the legitimate interests of our users, in ensuring the security and integrity of the IDSR website.
The legal basis for processing anonymised data for Google Analytics is your consent.
What we do with your data
The data we collect may be shared with other government departments, agencies and public bodies. It may also be shared with our technology suppliers, for example our hosting provider.
We will not:
- sell or rent your data to third parties
- share your data with third parties for marketing purposes
- use your data in analytics
We will share your data if we are required to do so by law - for example, by court order, or to prevent fraud or other crime.
How long we keep your data
We will only retain your personal data for as long as:
- it is needed for the purposes set out in this document
- the law requires us to
Where your data is processed and stored
We design, build and run our systems to make sure that your data is as safe as possible at all stages, both while it’s processed and when it’s stored.
All personal data is stored in the European Economic Area (EEA). Data collected by Google Analytics may be transferred outside the EEA for processing.
How we protect your data and keep it secure
We are committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data - for example, we protect your data using varying levels of encryption.
We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure.
You have the right to request:
- information about how your personal data is processed
- a copy of that personal data
- that anything inaccurate in your personal data is corrected immediately
You can also:
- raise an objection about how your personal data is processed
- request that your personal data is erased if there is no longer a justification for it
- ask that the processing of your personal data is restricted in certain circumstances
Further information about your data protection rights appears on the Information Commissioner's website.
If you are not satisfied
If you feel Ofsted has not kept its promises about the way we handle your personal information, we ask you write to, or email, our Data Protection Officer, Neil Greenwood.
or post to:
Information management team
The Information Commissioner
If you believe that we are not following the law when processing your personal data, you can complain to the Information Commissioner’s Office (ICO).
Comments and questions
We may pass your enquiries to another government department so they can fulfil your information request.
Links to other websites
The IDSR website contains links to other websites, such as schools’ websites.
This privacy notice only applies to the IDSR website, and does not cover other websites that we link to.
Following a link to another website
Following a link to the IDSR website from another website
We may need to update this privacy notice periodically so we recommend that you revisit this information from time to time. This version was last updated on 17 December 2021.