Includes “Google Meet” & “Google Classroom” online privacy and security

Contents
1. Introduction
2. Responsibilities
3. Scope of policy
4. Policy & Procedure

  • Online teaching
  • Use of email
  • Visiting online sites and downloading
  • Storage of Images
  • Use of personal mobile devices (including phones)
  • New technological devices
  • Reporting incidents, abuse and inappropriate material

5.Curriculum
6.Staff Training
7.Working in Partnership with Parents/Carers
8.Records, monitoring and review
9.Appendices of the Online Safety Policy
10. Appendices

Appendix A Online Safety Acceptable Use Agreement – Staff and Governors
Appendix B Requirements for visitors, volunteers and parent/carer helpers
Appendix C Online Safety Acceptable Use Agreement – Pupils
Appendix D Online safety policy guide – Summary of key parent/carer responsibilities
Appendix E Guidance on the process for responding to cyberbullying incidents
Appendix F Guidance for staff on preventing and responding to negative comments on social media
Appendix G Online safety incident record
Appendix H Online safety incident log
Appendix I Google G Suite for Education Privacy Notice

1. Introduction

MTO Persian School recognises that internet, mobile and digital technologies provide a good opportunity for children and young people to learn, socialise and play, provided they are safe. The digital world is an amazing place, but with few rules. It is vast and fast moving and young people’s future economic success may be partly dependent on their online skills and reputation. We are, therefore, committed to ensuring that all pupils,staff and governors will be able to use internet, mobile and digital technologies safely. This is part of our safeguarding responsibility. Staff are aware that some pupils may require additional support or teaching, including reminders, prompts and further explanation to reinforce their knowledge and understanding of online safety issues. We are also committed to ensuring that all those who work with children and young people, including their parents/carers, are informed about the ever-changing risks so that they can take an active part in the safeguarding of children.

2. Responsibilities

The Headteacher and Governing Body have ultimate responsibility to ensure that appropriate online safety policy and practice is embedded and monitored. The named online safety co-ordinator in this school is Amir Hosseini All breaches of this policy must be reported to Amir Hosseini and Leila Mobayen (Deputy Head/Data Protection Manager)

3. Scope of policy

The policy applies to:

● pupils
● parents/carers
● teaching and support staff
● school governors
● peripatetic teachers/coaches, supply teachers, trainee teachers (PGCE, School Direct)
● visitors
● volunteers
● voluntary, statutory or community organisations using the school’s facilities

The school also works with partners and other providers to ensure that pupils who receive part of their education off site or who are on a school trip or residential are safe online. The school provides online safety information for parents/carers, through the website, in newsletters and at events. It is important that parents/carers understand their key role in supporting their child/ren to behave appropriately and keep themselves safe online.

This policy, supported by its acceptable use agreements, is intended to protect the interests and safety of the whole school community. It is linked to the following other school policies and documents: safeguarding, GDPR, health and safety, home–school agreement, behaviour, anti-bullying and SRE policies.

4. Policy and procedure

The school seeks to ensure that internet, mobile and digital technologies are used effectively, for their intended educational purpose, in ways that will not infringe legal requirements or create unnecessary risk. The school expects everyone to use internet, mobile and digital technologies responsibly and strictly according to the conditions set out in this policy. This policy also includes expectations on appropriate online behaviour and use of technology outside of school for pupils, parents/carers, staff and governors and all other visitors to the school.

Online teaching

With MTO Persian School teaching going completely and solely online from September 2020, the school has implemented the “Google G Suite for Education” as its chosen platform.

The G Suite system ensures a safe and secure learning environment for our staff as well as students.
This system has a number of Google products that are used for distance learning. These products are:
– Google Classroom
– Google Drive
– Gmail
– Google Calendar
– Google Meet
When our students register with the school, a new G Suite account is created for them in the form of
student.name@mtopersianschool.com . This account will give our students access to the above
products.

Online safety of Google G Suite

Much research was done to ultimately select the “Google G Suite for Education” as our distance learning platform since Google has industry-leading safeguards and privacy policies which puts our school in control of our data. To make this happen, they have built and operate their own secure servers and platform services, making it easy for the school administrators to monitor and manage our data security. As there are no ads in G Suite for Education core services, our students’ personal information will not be used to create ad profiles for targeting. Independent organisations have audited Google G Suite for Education services to ensure their data protection practises meet our demanding
standards.

The G Suite for Education Privacy Notice and G Suite Agreement explains their contractual obligations to protect our data. https://edu.google.com/why-google/privacy-security/?modal_active=none

Use of email

Staff and governors will use a school email account for all official communication to ensure everyone is protected through the traceability of communication. Under no circumstances should staff contact pupils, parents or conduct any school business using a personal email address. Pupils may only use school approved accounts on the school system and only for educational purposes. Where required parent/carer permission will be obtained for the account to exist. For advice on emailing, sharing personal or confidential information or the need to gain parent permission refer to the policy for GDPR. Emails created or received as part of any school role may be subject to disclosure in response to a request for information under the Freedom of Information Act 2000.

Staff, governors and pupils should not open emails or attachments from suspect sources and should report and forward their receipt to Amir Hosseini amir@mtopersianschool.com

Users must not send emails which are offensive, embarrassing or upsetting to anyone (i.e. cyberbullying).

Visiting online sites and downloading

● Staff must preview sites, software and apps before their use in school or before recommending them to pupils. Before using any online service that requires user accounts to be created or the sharing of any personal data, staff must consult with the Data Protection Manager (Leila Mobayen) with details of the site/service. If internet research is set for homework, specific sites will be suggested that have previously been checked by the teacher.
All users must observe copyright of materials from electronic sources.
● Staff must only use pre-approved systems if creating blogs, wikis or other online areas in order to communicate with pupils/ families.
● When working with pupils searching for images should be done through Google Safe Search (standard through the HICS service), Google Advanced Search or a similar application that provides greater safety than a standard search engine.

Users must not:

Visit internet sites, make, post, download, upload or pass on, material, remarks, proposals or comments that contain or relate to:
● Indecent images of children actually or apparently under the age of 18 or images of child abuse (i.e. images of children, digital or cartoons, involved in sexual activity or posed to be sexually provocative)
● Indecent images of vulnerable people over the age of 18 (i.e. images of vulnerable people, digital or cartoons involved in sexual activity or posed to be sexually provocative)

● Adult material that breaches the Obscene Publications Act in the UK
● Promoting discrimination of any kind in relation to the protected characteristics: gender identity and reassignment, gender/sex, pregnancy and maternity, race, religion, sexual orientation, age and marital status
● Promoting hatred against any individual or group from the protected characteristics above
● Promoting illegal acts including physical or sexual abuse of children or adults, violence, bomb making, drug and alcohol abuse and software piracy
● Any material that may bring the school or any individual within it into disrepute e.g. promotion of violence, gambling, libel and disrespect

Users must not:

● Reveal or publicise confidential or proprietary information
● Intentionally interfere with the normal operation of the internet connection, including the propagation of computer viruses
● Transmit unsolicited commercial or advertising material either to other users, or to organisations connected to other networks except where permission has been given to the school
● Use the school’s hardware and Wi-Fi facilities for running a private business Intimidate, threaten or cause harm to others
● Access or interfere in any way with other users’ accounts
● Use software or hardware that has been prohibited by the school

Where the school provides a laptop / chrome book for staff, only these devices may be used to conduct school business outside of school.

All breaches of prohibited behaviours detailed above will be investigated, where appropriate, in liaison with the police.

Storage of Images

Photographs and videos provide valuable evidence of pupils’ achievement and progress in a variety of contexts and can be used to celebrate the work of the school. In line with GDPR they are used only with the written consent of parents/carers which is secured in the first instance on a child’s entry to the school. Records are kept on file and consent can be changed by parents/carers at any time by informing the school in writing.

Photographs and images of pupils are only stored on the school’s agreed secure networks which include some cloud-based services. Rights of access to stored images are restricted to a limited range of staff. Staff and pupils may have temporary access to photographs taken during a class session, but these will be transferred/deleted promptly.

Parents/carers should note that there may be some children who are at risk and must not have their image put online and others who do not want their image online. For these reasons parents/carers must follow the school’s Acceptable Use Agreement and refrain from taking or posting online photographs of any member of the school community, other than their own child/ren.

Staff and other professionals working with pupils, should only use school equipment to record images of pupils whether on or off site whenever possible. If a member of staff uses a personal device to record images, etc, then the device must be password protected. Images must then be transferred to the school’s data storage systems and deleted from the personal device. Permission to use images of all staff who work at the school is sought on induction and a written record is located in the personnel file.

Use of personal mobile devices (including phones)

The school allows staff, including temporary and peripatetic staff, and visitors to use personal mobile phones and devices only in designated areas and never in the presence of pupils. Under no circumstance does the school allow a member of staff to contact a pupil or parent/carer using their personal device.

Parents/carers may only use personal mobile phones and devices in designated areas unless otherwise informed, e.g. for specific events and activities. Under no circumstance should images be taken at any time on school premises or on off-site school events and activities of anyone other than their own child, unless there is a pre-specified permission from Adrian Dudley. When a parent/carer is on school premises but not in a designated area, their phone/s must be switched off and out of sight.

Pupils are allowed to bring personal mobile devices/phones to school but must not use them for personal purposes during the school day. In lesson times all such devices must be switched off. Under no circumstance should pupils use their personal mobile devices/phones to take images of

● any other pupil unless they and their parents have given agreement in advance
● any member of staff

New technological devices

New personal technological devices may offer opportunities for teaching and learning. However, the school must consider educational benefit and carry out risk assessments before use in school is allowed. Parents/carers, pupils and staff should not assume that new technological devices will be allowed in school and should check with Adrian Dudley before they are brought into school. This also includes compatibility with any existing school hardware and software.

Reporting incidents, abuse and inappropriate material

There may be occasions in school when either a pupil or an adult receives an offensive, abusive or inappropriate message or accidentally accesses upsetting or abusive material. When such a situation occurs the pupil or adult must report the incident immediately to the first available member of staff and the DSL (Adrian Dudley). Where such an incident may lead to significant harm, safeguarding procedures should be followed. The school takes the reporting of such incidents seriously and where judged necessary, the DSL will refer details to social care or the police.

5. Curriculum

Online safety is embedded within our curriculum. The school provides a comprehensive curriculum for online safety which enables pupils to become informed, safe and responsible. This includes teaching to prevent radicalisation, for which staff provide a narrative to counter extremism.

The curriculum is flexible and can respond to any immediate online safety issues and risks as they emerge.

It is necessary for pupils to develop skills of critical awareness, digital resilience and good online citizenship to enable them to use internet, mobile and digital technologies safely and responsibly. Pupils are taught to recognise the creative, collaborative, cultural, economic and educational opportunities provided by the internet, mobile and digital technologies. Curriculum work will also include:

● Understanding the dangers of giving out personal details online (e.g. full name, address, mobile/home phone numbers, school details, IM/email address) and the importance of maintaining maximum privacy online
● Thinking carefully before placing images online and considering their appropriateness and understanding the importance of gaining consent before posting photographs of others
● Understanding the permanency of all online postings and conversations
● Understanding relevant legislation, including copyright, and the importance of respecting other people’s information, reputation and images
● What constitutes cyberbullying, how to avoid it, the impact it has and how to access help.

6. Staff Training

Staff are trained to fulfil their roles in online safety. The school audits the training needs of all school staff and provides regular training to improve their knowledge and expertise in the safe and appropriate use of internet, mobile and digital technologies. This training is recorded as part of safeguarding records.

New staff are provided with a copy of the online safety policy and must sign the school’s Acceptable Use Agreement as part of their induction and before having contact with pupils (Appendix A).Any organisation, including peripatetic staff, trainee teachers and regular visitors working with children based on the school premises are also provided with a copy of the online safety policy and required to sign the Acceptable Use Agreement (Appendix A).

Guidance is provided for occasional visitors, volunteers and parent/carer helpers (Appendix B).

7. Working in Partnership with Parents/Carers

The school works closely with families to help ensure that children can use internet, mobile and digital technologies safely and responsibly both at home and school. It is important that parents/carers understand the crucial role they play in this process. The school seeks to regularly consult and discuss online safety with parents/carers and seeks to promote a wide understanding of the benefits of new technologies and associated risks. The school provides regular updated online safety information through the school website and by other means.

Parents/carers are asked on a regular basis to read, discuss and co-sign with each child the Acceptable Use Agreement. A summary of key parent/carer responsibilities will also be provided and is available in Appendix D. The Acceptable Use Agreement explains the school’s expectations and pupil and parent/carer responsibilities. The support of parents/carers is essential to implement the online safety policy effectively and keep all children safe.

8. Records, monitoring and review

The school recognises the need to record online safety incidents and to monitor and review policies and procedures regularly in order to ensure they are effective and that the risks to pupils and staff are minimised.

All breaches of this policy must be reported and all reported incidents will be logged. All staff have the individual responsibility to ensure that incidents have been correctly recorded, acted upon and reported.

The school supports pupils and staff who have been affected by a policy breach. Where there is inappropriate or illegal use of internet, mobile and digital technologies, this will be dealt with under the school’s behaviour and disciplinary policies as appropriate. Breaches may also lead to criminal or civil proceedings.

9. Appendices of the Online Safety Policy

A. Online safety acceptable use agreement guidelines for staff (inc peripatetic) andgovernors
B. Requirements for visitors, volunteers and parent/carers working in the school
C. Online safety acceptable use agreements for pupils
D. Online safety policy guide for parents/carers.
E. Guidance on cyberbullying incidents for staff, governors, parents and pupils
F. Guidance on negative comments on social media by parents, pupils, governors and staff
G. Online safety incident reporting form
H. Online safety incident log
I. Google G Suite for Education Privacy Notice

Appendix A – Online Safety Acceptable Use Agreement – Staff* and Governors
*including trainee teachers who are members of staff

You must read this agreement in conjunction with the online safety policy and the Data Protection Policy. Once you have read these, you must sign and submit this agreement and it will be kept on record in the school. You should retain your own copy for reference. This forms part of your professional and safeguarding responsibilities.

Internet, mobile and digital technologies are part of our daily working life and this agreement is designed to ensure that all staff and governors are aware of their responsibilities in relation to their use. All staff and governors are expected to adhere to this agreement and to the online safety policy. Any concerns or clarification should be discussed with Adrian Dudley. Breaches will be investigated, recorded and, where appropriate, disciplinary procedures will apply and police involvement will be sought.

Internet Access

I will not access or attempt to access any sites that contain any of the following: child abuse; pornography; discrimination of any kind; promotion of prejudice against any group; promotion of illegal acts; any other information which may be illegal or offensive. Inadvertent access on school equipment must be treated as an online safety incident, reported to the online safety lead and/or DSL and an incident report completed.

Online conduct

I will ensure that my online activity, both in and outside school, will not bring the school, my professional reputation, or that of others, into disrepute.

I will not browse, download, upload or distribute any material that could be considered offensive, illegal or discriminatory. Exceptionally, use of controversial material as part of the curriculum should be planned and approved on every occasion (see policy).

I will report any accidental access to or receipt of inappropriate materials or filtering breach to Adrian Dudley and Debbie Daniel

I understand that all my use of the internet and other related technologies can be traced and monitored and, should it be required, must be made available to my line manager, Headteacher and others as required.

I will not give out my personal contact and online account information such as phone numbers, email address, and social media account details to pupils and/or parents/carers.

Social networking

I understand the need to separate my professional role from my private friendships; in my professional capacity I will not become ‘friends’ with parents/carers or pupils on social networks. Where my school role is my only connection to an individual, private online contact is unacceptable with parents/carers or pupils.

When using social networking for personal use I will ensure my settings are not public. My private account postings will never undermine or disparage the school, its staff, governors, parents/carers or pupils. Privileged information must remain confidential.

I will not upload any material about or references to the school or its community on my personal social networks.

Passwords

I understand that there is no occasion when a password should be shared with a pupil or anyone who is not a staff member.

Data protection

I will follow requirements for data protection as outlined in GDPR policy. These include:

● Photographs must be kept securely and used appropriately, whether in school, taken off the school premises or accessed remotely
● Personal data can only be taken out of school or accessed remotely when authorised by the headteacher or governing body
● Personal or sensitive data taken off site must be encrypted

Images and videos

I will only upload images or videos of staff, pupils or parents/carers onto school approved sites where specific permission has been granted.

I will not take images, sound recordings or videos of school events or activities on any personal device.

Use of email

I will ONLY use my school email address for school business. All such correspondence must be kept professional and is open to Subject Access Requests under the Freedom of Information Act. I will not use my school email addresses or governor hub for personal matters or non-school business.

Use of personal devices

I understand that as a member of staff I should at no time put myself in a position where a safeguarding allegation can be made against me as a result of my use of personal devices. I understand that the use of personal devices in school is at the discretion of the Headteacher. I will only use approved personal devices in designated areas and never in front of pupils. I will not access secure school information from personal devices (see policy).

Additional hardware/software

I will not install any hardware or software on school equipment without permission of the school.

Promoting online safety

I understand that online safety is the responsibility of all staff and governors and I will promote positive online safety messages at all times including when setting homework or providing pastoral support.

I understand that it is my duty to support a whole school safeguarding approach and will report any inappropriate or concerning behaviour (of other staff, governors, visitors, pupils or parents/carers) to the DSL.

Classroom management of internet access

I will pre-check for appropriateness all internet sites used in the classroom; this will include the acceptability of other material visible, however briefly, on the site. I will not free-surf the internet in front of pupils.

User signature

I agree to follow this Acceptable Use Agreement and to support online safety throughout the school. I understand this forms part of the terms and conditions set out in my contract of employment (staff members only) and/or my responsibilities as a governor.

Signature …….………………….………… Date ……………………
Full Name …………………………………………………………………….. (printed)
Job title ……………………………………………………………………………

Appendix B – Requirements for visitors, volunteers and parent/carer helpers
(Working directly with children or otherwise)

School name: MTO Persian School
Online safety lead: Amir Hosseini
DSL: Leila Mobayen

This document is designed to ensure that you are aware of your responsibilities when using any form of IT in the school and other aspects of safeguarding in connection with online safety. Please raise any safeguarding concerns arising from your visit immediately with the Headteacher and/or DSL

● I understand I may only use my personal mobile phone(s) and other devices with camera functions in designated areas. When not in a designated area, phones must be switched off and out of sight. Any exception must be pre-arranged.
● I will not take images, sound recording or videos of school events or activities, on or off site, on any device. Any possible exception must be pre-arranged.
● I will not give out my personal details such as mobile phone number, email address, and social media account details to pupils and parent/carers. Where appropriate I may share my professional contact details with parents/carers provided the DSL or Headteacher is informed before I leave the school.
● I understand my visit to the school may give me access to privileged information about pupils, staff, school systems and plans. Such information should never be shared online, including on social media sites.
● I understand I should not use school equipment to access the internet without prior approval from my contact in the school or the Headteacher.
● If working in the classroom, I will pre-check for appropriateness all internet sites I intend to use including checking the acceptability of other material visible on the site. I will not free-surf the internet in front of pupils. If I am in any doubt about the appropriateness of the content I plan to use I will check with my contact in the school.

Appendix C – Online Safety Acceptable Use Agreement – Pupils

● I will only use school IT equipment for school purposes.
● I will not download or install software on school IT equipment.
● I will only log on to the school network, other school systems and resources using my own school user name and password.
● I will not reveal my passwords to anyone other than a parent/carer.
● I will not use my personal email address or other personal accounts on school IT equipment.
● I will make sure that all my electronic communications are responsible and sensible.
● I understand that everything I search for, access, post or receive online can be traced now and in the future. My activity can be monitored and logged and if necessary shared with teachers, parents/carers and the police if necessary. I know it is essential that I build a good online reputation.
● I will not browse, download, upload or forward material that could be considered offensive or illegal. If I accidentally come across any such material I will report it immediately to a member of staff if I am in school, or parent/carer if I am not in school.
● I will not give out my own or others’ personal information, including: name, phone number, home address, interests, schools or clubs or any personal image. I will report immediately any request for personal information, to a member of staff if I am in school or parent/carer if I am not in school.
● I should never post photographs, videos or livestream without the permission of all parties involved.
● I will not upload any images, videos, sounds or words that could upset, now or in the future, any member of the school community, as this is cyberbullying.
● I will be respectful to everyone online; I will treat everyone the way that I want to be treated. I will ensure that all my online activity, both in and outside school, will not cause distress to anyone in the school community or bring the school into disrepute.
● I will not respond to hurtful behaviour online but will report it. I have the right to block and will say no to any inappropriate or upsetting request.
● I will respect the privacy and ownership of others’ work on-line and will adhere to copyright at all times.
● I will not attempt to bypass the internet filtering system in school.
● I will not assume that new technologies can be brought into school and will check with staff before bringing in any device.
● I will not lie about my age in order to sign up for age inappropriate games, apps or social networks.
● I understand that not everything I see or hear online is true, accurate or genuine. I also know that some people on the internet are not who they say they are and may have ulterior motives for assuming another identity that will put me at risk. I will gain permission from parents/carers before arranging to meet someone I only know on the internet.

Dear Parent/Carer,
The internet, email, mobile technologies and online resources have become an important part of learning and life. We want all pupils to be safe and responsible when using any IT. It is essential that pupils are aware of online risk, know how to stay safe and know where to go to report problems and access support.

Pupils are expected to read and discuss this agreement with you and then sign below to show they will follow the terms of the agreement. Any concerns or explanation can be discussed with Mr Dudley. Please can you also sign and return the parent/carer agreement below. This document will be kept on record at the school.

Pupil agreement

Pupil name…………………………………………………………………………

I have discussed this agreement with my parents/carers and understand the commitment I have made
and my responsibilities.

Pupil signature……………………………………………………………………..

Parent(s)/Carer(s) agreement

Parent(s)/Carer(s) name(s)……………………………………………………….

I/we have discussed this agreement, which highlights the associated risks when accessing the internet, mobile and digital technologies, with our child. I/we agree to support them in following the terms of this agreement.

I/we also agree not to share school related information or images online or to post material that may bring the school or any individual within it into disrepute. (Rather than posting negative material online, any parent, distressed or concerned about an aspect of school should make immediate contact with a member of staff. Negative postings about the school would impact on the reputation of the whole school community. Parents are encouraged to report breaches so that we can protect the reputation of the school, staff, pupils and parents.)

I/we also agree only to use personal mobile phones and devices in designated areas of the school unless otherwise informed, e.g. for specific events and activities. I/we understand that under no circumstance should images be taken at any time on school premises of anyone other than our own child/ren, unless there is a pre-specified agreement. I/we understand that when on school premises but not in a designated area where phones can be used, they must be switched off and out of sight.

Parent(s)/carer(s) signature(s) …………………………………..…………………
Date ……………………………………………………………………

Appendix D – Online safety policy guide – Summary of key parent/carer responsibilities

The school provides online safety information for parents/carers, through the website, in newsletters and at events. It is important that parents/carers understand their key role in supporting children to behave appropriately and keep themselves safe online.

The online safety policy, supported by its acceptable use agreements, is intended to protect the interests and safety of the whole school community.

● Parents/carers are required to support their child in understanding and signing the Online Safety Acceptable Use Agreement for pupils.
● Parents/carers may only use personal mobile phones and devicesin designated areas of the school unless otherwise informed, e.g. for specific events and activities. Under no circumstance should images be taken at any time on school premises that include anyone other than their own child, unless there is a pre-specified agreement with individuals and parents/carers. When a parent/carer is on school premises but not in a designated area, their phone/s must be switched off and out of sight.
● Parents/carers should not assume that pupils can bring technological devices to school and should always check the school policy.
● All cyberbullying incidents affecting children in the school should be reported immediately. (If the incident involves an indecent image of a child the report must also be made immediately to the police for your own protection.) The school will investigate and respond to all reported cyberbullying incidents, liaising with others where appropriate. No reply should ever be sent to the sender/poster of cyberbullying content. If applicable block the sender and report abuse to the site. Evidence should be retained and shown in school and/or to the police. Evidence should not be forwarded.
● The school may choose to set up social media sites, blogs or have some other online presence in its own name. Parents/carers, however, do not have the right to set up any site, page, chat group or any other online presence that uses the school name or logo in any form.
● Any parent/carer, distressed or concerned about an aspect of school should make immediate contact with a member of staff rather than posting their concerns online. Parents/carers should not share school related information or images online or post material that may bring the school or any individual within it into disrepute. Negative postings about the school would impact on the reputation of the whole school community. Parents/carers are encouraged to report breaches so that we can protect the reputation of the school, staff, pupils and parents/carers.

Please see the full online safety policy in the policies section on the school website.

Appendix E – Guidance on the process for responding to cyberbullying incidents

All cyberbullying incidents should be reported and responded to. Where the perpetrator is a member of the school community the majority of cases can be dealt with through mediation and/or disciplinary processes.

The following procedures are recommended:

● Never reply to the sender/poster of cyberbullying content. If applicable, block the sender.
● Incidents should be reported immediately. Pupils should report to a member of staff (e.g. class teacher, Form Tutor, Head of Year) and staff members should seek support from their line manager or a senior member of staff.
● The person reporting the cyberbullying should save the evidence and record the time and date. This evidence must not be forwarded but must be available to show at a meeting. Under no circumstances should indecent images of children and young people be printed or forwarded as this is a further criminal act. Staff should not ask to see the evidence of reported indecent images of children or young people but must refer this immediately to the police. Any member of staff being shown such evidence should immediately inform their line manager or the Headteacher so that the circumstances can be recorded.
● A senior member of staff will meet with the person who has reported the incident and the target, if different, to listen, reassure and support. All relevant facts will be reviewed and documented.
● A senior member of staff will conduct an investigation.
● Anyone found to have cyberbullied will have attention drawn to the seriousness of their behaviour and if necessary the police will be involved. If the comments are threatening, abusive, sexist, of a sexual nature, constitute a hate crime or are libellous they may well break the law. Online harassment and stalking is also a crime.
● Once evidence has been secured then the person who has cyberbullied will be requested to remove the offending comments/material. Any refusal will lead to an escalation of sanctions.

Appendix F – Guidance for staff on preventing and responding to negative comments on
social media

The school should make it clear which, if any, social media platforms are used to communicate with parents/carers. If used correctly, parents can use a school’s social media site as a source of reliable information. The online safety policy, see especially Appendix F (Online safety policy guide – Summary of
key parent/carer responsibilities), clarifies that no other social media platforms should be set up using the school’s name or logo.

The school should regularly reinforce with all parties that discussion of school issues on social media platforms, either positive or negative, should not take place as this could bring the school into disrepute and affect families and children. Parents should be encouraged to be good online role models and not post statements written in anger or frustration. Identified routes to raise concerns directly with the school should be used.

If negative comments are posted:

● Collect the facts

As soon as you become aware of adverse comments relating to the school you need to establish what is being said. It is essential that if you have access to the postings they are secured and retained together with any other evidence. Do not become engaged in responding directly.

If the allegations against a member of staff or a pupil are of a serious nature, these will need to be formally investigated. This may involve the police and the Headteacher will need to follow the school’s safeguarding procedures.

If there is a risk of serious damage to the school reputation or the reputation of individual members of staff, professional legal advice should be sought.

Adverse comments of any kind are highly demotivating and cause stress and anxiety. It is important that the senior staff reassure and support all staff and/or other affected members of the school community.

● Addressing negative comments and complaints

Contact the complainants and invite them to a meeting. In the meeting, make sure you have any evidence available.

The meeting must:

● Draw attention to the seriousness and impact of the actions/postings;
● Ask for the offending remarks to be removed;
● Explore the complainant’s grievance;
● Agree next steps;
● Clarify the correct complaints procedures.

If the meeting does not resolve the issue, the parents must be informed that the school will need to take the matter further. This may include:

● Reporting the matter to the social network site if it breaches their rules or breaks the law;
● Reporting the matter to the police if it breaks the law, e.g. if the comments are threatening, abusive, malicious, sexist, of a sexual nature, constitute a hate crime or are libellous they may well break the law. Online harassment and stalking is also a crime. If inappropriate postings continue or the original material is not removed, a second meeting is advisable to re-iterate the seriousness of the matter.

Appendix G – Online safety incident record

Appendix I Google G Suite for Education Privacy Notice

G Suite for Education Privacy Notice

This Privacy Notice is meant to help G Suite for Education users and parents understand what data we collect, why we collect it, and what we do with it. This Notice includes information about our privacy practices that are specific to G Suite for Education and summarizes the most relevant portions of the Google Privacy Policy, which provides additional examples and explanations that may be useful. We hope you will take the time to read this Notice and the Google Privacy Policy, which both apply to G Suite for Education accounts.

Information we collect

A G Suite for Education account is a Google Account created and managed by a school for use by students and educators. When creating this account, the school may provide Google with certain personal information about its students and educators, which includes a user’s name, email address, and password in most cases, but could also include secondary email, phone, and address if the school chooses to provide that information. Google may also collect personal information directly from users of G Suite for Education accounts, such as telephone number, profile photo or other information they add to a G Suite for Education account.

Google also collects information based on the use of our services. This includes:

• device information, such as the hardware model, operating system version, unique device identifiers, and mobile network information including phone number of the user;
• log information, including details of how a user used our service, device event information, and the user’s Internet protocol (IP) address;
• location information, as determined by various technologies including IP address, GPS, and other sensors;
• unique application numbers, such as application version number; and
• cookies or similar technologies which are used to collect and store information about a browser or device, such as preferred language and other settings.

How we use information we collect

1. In G Suite for Education Core Services
2. The G Suite for Education Core Services (“Core Services”) are listed in the Services Summary and include Gmail, Calendar, Classroom, Contacts, Drive, Docs, Forms, Groups, Sheets, Sites, Slides, Talk/Hangouts, Vault, and Chrome Sync. These services are provided to a school under its G Suite for Education agreement and, as applicable, Data Processing Amendment. (Users and parents can ask their school if it has accepted the Data Processing Amendment.)
3. User personal information collected in the Core Services is used only to provide the Core Services. Google does not serve ads in the Core Services or use personal information collected in the Core Services for advertising purposes.
4. In Google services generally
5. Besides the Core Services, G Suite for Education users may have access to other Google services that we make generally available for consumers, such as Google Maps, Blogger, and YouTube. We call these “Additional Services” since they are outside of the Core Services.
6. The Google Privacy Policy describes fully how Google services generally use information, including for G Suite for Education users. To summarize, we use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect Google and our users. We also us this information to offer users tailored content, such as more relevant search results. We may combine personal information from one service with information, including personal information, from other Google services.

7. Google may serve ads to G Suite for Education users in the Additional Services. For G Suite for Education users in primary and secondary (K-12) schools, Google does not use any user personal information (or any information associated with a G Suite for Education Account) to target ads, whether in Core Services or other Google services accessed while using a G Suite for Education account.

Learn more about Core and Additional Services for G Suite for Education users.

Information users share

A school may allow students to access Google services such as Google Docs and Sites, which include features where users can share information with others or publicly. When users share information publicly, it may be indexable by search engines, including Google. Our services provide users with various options for sharing and removing content.

Information we share

Information we collect may be shared outside of Google in limited circumstances. We do not share personal information with companies, organizations and individuals outside of Google unless one of the following circumstances applies:

• With user consent. We will share personal information with companies, organizations or individuals outside of Google when we have user consent or parents’ consent (as applicable).
• With G Suite for Education administrators. G Suite for Education administrators have access to information stored in the Google Accounts of users in that school or domain.
• For external processing. We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.
• For legal reasons. We will share personal information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

o meet any applicable law, regulation, legal process or enforceable governmental request.
o enforce applicable Terms of Service, including investigation of potential violations.
o detect, prevent, or otherwise address fraud, security or technical issues.
o protect against harm to the rights, property or safety of Google, our users or the public as required or
permitted by law.

We may share non-personal information publicly and with our partners – like publishers or connected sites. For example, we may share information publicly to show trends about the general use of our services.

Transparency and choice

We provide a variety of user controls that enable G Suite for Education users to make meaningful choices about how information is used in Google services. Depending on the settings enabled by the school, users can use the various controls described in the Privacy Policy, such as Google activity controls, to manage their privacy and information. We provide additional information for parents, students, and administrators on the G Suite for Education Privacy Center.

Parental review and deletion of information

The parents of G Suite for Education users in Primary/Secondary (K-12) schools can access their child’s personal information or request that it be deleted through the school administrator. School administrators can provide for parental access and deletion of personal information consistent with the functionality of our services. If a parent wishes to stop any further collection or use of the child’s information, the parent can request that the administrator use the service controls available to them to limit the child’s access to features or services, or delete the child’s account entirely. Guidance for administrators on how to use service controls to accomplish this is available in the G Suite Help Center.

Interpretation of conflicting terms

This Notice is intended to provide the key information about our collection and use of data for G Suite for Education users, and is consistent with the Google Privacy Policy and the G Suite for Education agreement, which provide additional examples and explanations that may be useful. Where there are terms that differ, as with the limitations on advertising in G Suite for Education, the G Suite for Education agreement (as amended) takes precedence, followed by this Privacy Notice and then the Google Privacy Policy.

Contact us

If you have questions about management of G Suite for Education accounts or use of personal information by a school, please contact the G Suite for Education account administrator. If you have questions about our practices, please visit the G Suite for Education Privacy Center. Also see our Privacy Troubleshooter for more questions about privacy and Google’s products and services. G Suite for Education administrators can contact Google about the information in this Notice by submitting the contact form while signed in to their administrator account. Parents can also contact Google about the information in this Notice.

Online Safety Policy