Home Page

Data Protection - GDPR

Data Protection / Diogelu Data


Privacy Notice – Whitchurch Primary School

What the School or Early Years Provider, Cardiff Council Local Authority and Welsh Government does with the Educational Information they hold on Children and Young People

To meet the requirements of the Data Protection Act 2018 and General Data Protection Regulation (GDPR), schools are required to issue a Privacy Notice to children and young people and/or parents and guardians summarising the information held on record about children and young people, why it is held, and the third parties to whom it may be passed.

This Privacy Notice provides information about the collection and processing of children’s or young people’s personal and performance information by the School, Cardiff Council (LA) and Welsh Government.

The collection of personal information

The school collects information about children and young people and their parents or legal guardians when children and young people enrol at the school. The school also collects information at other key times during the school year and may receive information from other schools when children and young people transfer.

The School processes the information it collects to administer the education it provides to children and young people. For example:

· the provision of educational services to individuals;

· monitoring and reporting on pupils’/children’s educational


· the provision of welfare, pastoral care and health services;

· the giving of support and guidance to children and young

people, their parents and legal guardians;

· the organisation of educational events and trips;

· the planning and management of the school.

Welsh Government and Local Authority (LA)

The Welsh Government receives information on pupils directly from schools normally as part of statutory data collection which consists of the following:


  • Post-16 data collection

  • Pupil Level Annual School Census (PLASC)

  • Educated other than at school (EOTAS) pupil level collection

  • National data collection (NDC)

  • Attendance collection

  • Welsh National Tests (WNT) data collection


In addition to the data collected as part of PLASC, the Welsh Government and Local Authorities also receives information regarding National Curriculum assessments, public examination results, and attendance data at individual pupil level which comes from Schools and /or Awarding Bodies (e.g. WJEC).

Welsh Government uses this personal information for research (carried out in a way that ensures individual children and young people cannot be identified) and for statistical purposes, to inform, influence and improve education policy and to monitor the performance of the education service as a whole. Examples of the sort of statistics produced can be viewed at Further information is on the Welsh Governments’ use of personal data is set out within the Welsh Governments’ Privacy Policy which is available here.

LA also uses the personal information collected to do research. It uses the results of this research to make decisions on policy and the funding of schools, to calculate the performance of schools and help them to set targets. Research is carried out in a way that ensures individual children and young people cannot be identified.

Personal information held

The sort of personal information that will be held includes:


  • personal details such as name, address, date of birth, child/young person identifiers and contact details for parents and guardians;

  • information on any special educational needs;

  • information on performance in internal and national assessments and examinations;

  • information on the ethnic origin and national identity of children and young people (this is used only to prepare summary statistical analyses);

  • details about children’s and young people’s immigration status (this is used only to prepare summary statistical analyses);

  • medical information needed to keep children and young people safe while in the care of the school/Early Years provider;

  • information on attendance and any disciplinary action taken;

  • information about the involvement of social services with individual children and young people where this is needed for the care of the child/young person.

Organisations which may share personal information

Information held by the school, Early Years providers, LA and the Welsh Government on children and young people, their parents or legal guardians may also be shared with other organisations when the law allows and providing all appropriate steps are taken to keep the information secure, for example:


  • other education and training bodies, including schools, when children and young people are applying for courses or training, transferring schools or seeking guidance on opportunities;

  • bodies contracted to conduct research for the Welsh Government, LA and schools/Early Years providers with appropriate steps taken to ensure that the information secure;

  • central and local government for the planning and provision of educational services;

  • social services and other health and welfare organisations where there is a need to share information to protect and support individual children and young people;

  • management Information System (MIS) providers in order to ensure that system functionality and accuracy is maintained;

  • the Council’s and or Schools approved suppliers of the schools ‘cashless’ system to ensure all pupils, parents & guardians with parental responsibility and school staff are able to use it as appropriate;

  • the Central South Consortium Joint Education System (CSCJES) to support regional statistical analysis as required by Welsh Government;

  • various regulatory bodies, such as ombudsmen and inspection authorities, where the law requires that information be passed on so that they can do their work;

  • the Office of National Statistics (ONS) in order to improve the quality of migration and population statistics


Children and young people have certain rights under the Data Protection Act and General Data Protection Regulation, including a general right to be given access to personal data held about them by any “data controller.”


The law allows that, by the age of 13, children and young people have sufficient maturity to understand their rights and to make an individual right request themselves if they wish. A parent would be expected to make a request on a child’s behalf if the child is younger. If you wish to access your personal data, or that of your child, then please contact the relevant organisation in writing.


Other information

The LA, school and Welsh Government place a high value on the importance of information security and have a number of procedures in place to minimise the possibility of a compromise in data security. The LA, school and Welsh Government will endeavour to ensure that information is kept accurate at all times and processed in accordance with our legal requirements.

Your rights under the Data Protection Act 2018 and General Data Protection Regulation (GDPR)

The Data Protection laws give individuals certain rights in respect of personal information held on them by any organisation. These rights include:

  • the right to ask for and receive copies of the personal information held on yourself, although some information can sometimes be legitimately withheld;

  • the right, in some circumstances, to prevent the processing of personal information if doing so will cause damage or distress;

  • the right to ask for incorrect information to be put right;

  • the right to request that information is not processed


You also have the right to ask the Information Commissioner, who enforces and oversees the Data Protection Act, to assess whether or not the processing of personal information is likely to comply with the provisions of our legislative responsibilities.

Seeking further information

For further information about the personal information collected and its use, if you have concerns about the accuracy of personal information, or wish to exercise your rights under the Data Protection Act 2018 and General Data Protection Regulation, you should contact:



Hysbysiad Preifatrwydd – Ysgol Gynradd Whitchurch


Beth mae’r Ysgol neu’r Darparwr Blynyddoedd Cynnar, Awdurdod Lleol Cyngor Caerdydd a Llywodraeth Cymru yn ei wneud â Gwybodaeth Addysgol a gedwir ganddynt am Blant a Phobl Ifanc

I fodloni gofynion Deddf Diogelu Data 2018 a’r Rheoliad Diogelu Data Cyffredinol (GDPR), mae’n rhaid i ysgolion gyhoeddi Hysbysiad Preifatrwydd i blant a phobl ifanc a/neu rieni a gwarcheidwaid yn crynhoi’r wybodaeth a gedwir am blant a phobl ifanc, pam y caiff ei chadw, a’r trydydd partïon y gallai gael ei rhoi iddynt.

Mae’r Hysbysiad Preifatrwydd hwn yn rhoi gwybodaeth am gasglu a phrosesu gwybodaeth bersonol a pherfformiad plant neu bobl ifanc gan yr Ysgol, Cyngor Caerdydd (ALl) a Llywodraeth Cymru.

Casglu gwybodaeth bersonol

Mae’r ysgol yn casglu gwybodaeth am blant a phobl ifanc a’u rhieni neu warcheidwaid cyfreithiol pan fo plant a phobl ifanc yn cofrestru’n yr ysgol. Mae’r ysgol hefyd yn casglu gwybodaeth ar adegau allweddol eraill yn ystod y flwyddyn ysgol a gall gadw gwybodaeth gan ysgolion gwahanol pan fo plant a phobl ifanc yn symud.

Mae’r Ysgol yn prosesu’r wybodaeth mae’n ei chasglu i weinyddu’r addysg a rydd i blant a phobl ifanc. Er enghraifft:

  • rhoi gwasanaethau addysgol i unigolion;

  • monitro ac adrodd ar gynnydd addysgol disgyblion/plant;

  • rhoi gwasanaethau lles, gofal bugeiliol ac iechyd;

  • rhoi cymorth a chanllawiau i blant a phobl ifanc, eu rhieni a gwarcheidwaid cyfreithiol;

  • trefnu digwyddiadau a thripiau addysgol;

  • cynllunio a rheoli’r ysgol.

Llywodraeth Cymru a’r Awdurdod Lleol (ALl)

Caiff Llywodraeth Cymru wybodaeth am ddisgyblion yn uniongyrchol gan ysgolion fel arfer fel rhan o brosesau casglu data statudol yn cynnwys y canlynol:


  • Casglu data ôl-16

  • Cyfrifiad Ysgolion Blynyddol ar Lefel Disgyblion (CYBLD)

  • Casglu lefel disgyblion a addysgwyd heblaw yn yr ysgol (AHYYY)

  • Casglu data cenedlaethol (CDC)

  • Casglu data presenoldeb

  • Casglu data Profion Cenedlaethol Cymru (PCC)


Yn ogystal â’r data a gesglir fel rhan o CYBLD, caiff Llywodraeth Cymru ac Awdurdodau Lleol hefyd wybodaeth am asesiadau'r Cwricwlwm Cenedlaethol, canlyniadau arholiadau cyhoeddus, a data presenoldeb ar lefel disgybl unigol a ddaw gan Ysgolion a/neu Gyrff Dyfarnu (e.e. CBAC).


Defnyddia Llywodraeth Cymru’r wybodaeth bersonol hon at ddibenion ymchwil (a gynhelir mewn ffordd sy’n sicrhau nad oes modd adnabod plant a phobl ifanc unigol) ac at ddibenion ystadegol, i lywio, dylanwadu a gwella polisi addysg ac i fonitro perfformiad addysgol y gwasanaeth yn ei gyfanrwydd. Gallwch weld enghreifftiau o ystadegau a grëir yn Mae gwybodaeth bellach am ddefnydd Llywodraeth Cymru o ddata personol ym Mholisi Preifatrwydd Llywodraeth Cymru sydd ar gael yma.

Mae’r ALl hefyd yn defnyddio’r wybodaeth bersonol a gesglir i gynnal ymchwil. Mae’n defnyddio canlyniadau’r ymchwil hon i wneud penderfyniadau ar bolisi ac ariannu ysgolion, i gyfrifo perfformiad ysgolion a’u helpu i bennu targedau. Cynhelir yr ymchwil mewn ffordd sy’n sicrhau nad oes modd adnabod plant a phobl ifanc unigol.


Gwybodaeth bersonol a gedwir

Mae’r math o wybodaeth bersonol a gaiff ei gadw’n cynnwys:


  • manylion personol fel enw, cyfeiriad, dyddiad geni, nodweddion y plentyn/person ifanc a manylion cyswllt rhieni a gwarcheidwaid;

  • gwybodaeth am unrhyw anghenion addysgol arbennig;

  • gwybodaeth am berfformiad mewn asesiadau ac arholiadau mewnol a chenedlaethol;

  • gwybodaeth am darddiad ethnig a hunaniaeth genedlaethol plant a phobl ifanc (a ddefnyddir i baratoi dadansoddiadau ystadegol cryno);

  • manylion am statws mewnfudo plant a phobl ifanc (a ddefnyddir i baratoi dadansoddiadau ystadegol cryno);

  • gwybodaeth feddygol sydd ei hangen i gadw plant a phobl ifanc yn ddiogel tra eu bod yng ngofal yr ysgol/darparwr Blynyddoedd Cynnar;

  • gwybodaeth am bresenoldeb ac unrhyw gamau disgyblu a gymerwyd;

  • gwybodaeth am gyfraniad gan y gwasanaethau cymdeithasol o ran plant a phobl ifanc unigol pan fo angen hyn at ddibenion gofal y plentyn/person ifanc.

Sefydliadau a allai rannu gwybodaeth bersonol

Gallai gwybodaeth a gedwir gan yr ysgol, darparwyr Blynyddoedd Cynnar, yr ALl a Llywodraeth Cymru am blant a phobl ifanc, eu rhieni neu warcheidwaid cyfreithiol hefyd gael ei rhannu â sefydliadau pan fo’r gyfraith yn caniatáu hynny ac ar yr amod y gweithredir yn briodol i gadw’r wybodaeth yn ddiogel, er enghraifft;


  • cyrff addysgol a hyfforddiant eraill, gan gynnwys ysgolion, pan fo plant a phobl ifanc yn gwneud cais am gyrsiau neu hyfforddiant, symud ysgol neu geisio arweiniad ar gyfleoedd;

  • cyrff dan gontract i gynnal ymchwil i Lywodraeth Cymru, yr ALl ac ysgolion/darparwyr Blynyddoedd Cynnar gan weithredu’n briodol i sicrhau bod y wybodaeth yn ddefnyddiol;

  • lywodraeth ganolog a lleol i gynllunio a darparu gwasanaethau addysgol;

  • gwasanaethau cymdeithasol a sefydliadau iechyd a lles eraill pa fo angen rhannu gwybodaeth i ddiogelu a chefnogi plant a phobl ifanc unigol;

  • darparwyr y System Rheoli Gwybodaeth (MIS) er mwyn sicrhau bod y system yn gweithio a’i bod yn gywir;

  • cyflenwyr cymeradwy system ‘dim arian parod’ y Cyngor neu Ysgolion i sicrhau bod yr holl ddisgyblion, rhieni a gwarcheidwaid â chyfrifoldeb rhiant a staff yr ysgol yn gallu ei defnyddio'n briodol;

  • System Addysg ar y Cyd Consortiwm Canolbarth Y De i ategu dadansoddiad ystadegol rhanbarthol, fel sy’n ofynnol gan Lywodraeth Cymru;

  • amrywiaeth o gyrff rheoleiddiol, fel ombwdsmyn ac awdurdodau arolygu, pan fo'n ofynnol dan y gyfraith i wybodaeth gael ei hanfon ymlaen fel y gallant wneud eu gwaith;

  • y Swyddfa Ystadegau Gwladol er mwyn gwella ansawdd ystadegau mudo a phoblogaeth


Mae gan blant a phobl ifanc hawliau penodol dan y Ddeddf Diogelu Data a’r Rheoliad Diogelu Data Cyffredinol gan gynnwys hawl gyffredinol i gael mynediad i ddata personol a gedwir amdanynt gan unrhyw “reolwr data”. Yn ôl y gyfraith, yn 13 oed mae plant a phobl ifanc yn ddigon aeddfed i ddeall eu hawliau a gwneud cais hawl unigol eu hunain os dymunant. Disgwylir i riant wneud cais ar ran plentyn os yw’n iau na hynny. Os hoffech weld eich data personol chi neu’ch plentyn, ysgrifennwch at y sefydliad perthnasol.


Gwybodaeth arall


Mae diogelwch gwybodaeth yn bwysig iawn i’r ALl, ysgolion a Llywodraeth Cymru ac mae nifer o weithdrefnau ar waith i leihau’r posibiliad o gyfaddawdu diogelwch data. Bydd yr ALl, yr ysgol a Llywodraeth Cymru yn ymdrechu i sicrhau bod gwybodaeth yn cael ei chadw’n gywir bob amser a’i phrosesu’n unol â’n gofynion cyfreithiol.

Eich hawliau dan Ddeddf Diogelu Data 2018 a’r Rheoliad Diogelu Data Cyffredinol (GDPR)

Mae’r cyfreithiau Diogelu Data’n rhoi hawliau penodol i unigolion o ran y wybodaeth bersonol a gedwir amdanynt gan unrhyw sefydliad. Yn eu plith mae:

  • yr hawl i ofyn am a chael copïau o wybodaeth bersonol a gedwir amdanoch, er y gall rhywfaint o wybodaeth gael ei dal yn ôl yn gyfreithiol;

  • yr hawl, mewn rhai amgylchiadau, i atal gwybodaeth bersonol rhag cael ei phrosesu os bydd gwneud hynny’n achosi niwed neu ofid;

  • yr hawl i ofyn i wybodaeth gael ei chywiro;

  • yr hawl i ofyn i wybodaeth beidio â chael ei phrosesu


Mae gennych hefyd yr hawl i ofyn i’r Comisiynydd Gwybodaeth, sy’n gorfodi ac yn goruchwylio’r Ddeddf Diogelu Data, asesu p’un ai a yw’r gwaith o ddiogelu data personol yn debygol o gydymffurfio â darpariaethau ein cyfrifoldebau deddfwriaethol.

Ceisio rhagor o wybodaeth

I gael rhagor o wybodaeth am wybodaeth bersonol a gesglir a’r defnydd a wneir ohoni, os oes gennych bryderon am gywirdeb gwybodaeth bersonol, neu’ch bod am arfer eich hawliau dan Ddeddf Diogelu Data 2018 a’r Rheoliad Diogelu Data Cyffredinol, dylech gysylltu â: