How we use personal information relating to our pupils
If you have any questions or queries or would like to discuss anything in this Privacy Notice, please contact: Mrs Samantha Nunn, Office Manager on 01525 237253 or via email at email@example.com
How we collect pupil information
We obtain pupil information for the start of each academic year through our ‘new pupil’ registration forms. We also collect any changes to pupil information through update forms during the academic year as part of our data administration process to keep the information we hold as up-to-date as possible. We also collect information through secure file transfers which contain relevant information (e.g. name, date of birth, attendance details) about our new pupils from their previous schools.
In addition to the information we collect from parents/carers, we also record and hold the following information:
We use the pupil data to:
We use parent/carer contact information to:
Our school is obliged to make statutory pupil census returns and hold attendance information under the following legislation:
Education Act 1996 – Section 434 (1),(3), (4) & (6) and Section 458 (4) & (5)
Education (Pupil Registration) (England) (Amendment) Regulations 2013
Department of Education Advice on Attendance (Nov 2016)
To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.
Whilst the majority of pupil information you provide to us is mandatory (for reasons described above), there may be some information which we ask you for which is not mandatory but provided on a voluntary basis.
In some cases, we will ask you for information on the legal basis of legitimate interest where the information is required to support an educational or safeguarding function (e.g. a parent/carer email address or mobile contact number so that we can contact the parent/carer in an emergency or reasons involving the safety of the child).
The data we collect relating to medical health information is necessary to protect the vital interests of the child so that we can ensure a child’s medical needs are properly addressed and catered for.
As a Parent/carer, you cannot decline a data collection but you have right to decline providing information for self-declared data items by selecting the ‘Refused’ option e.g. ethnicity.
There are certain personal data items (e.g. photographs) which we collect on the legal basis of legitimate interest. We will ask you for your explicit consent about how these data items can be used if the purpose extends beyond holding the data within our main management information system (e.g. photograph on our school’s website). As a parent/carer you can change your decision to grant or withdraw consent at any time.
If at any point in the future, we seek to use any previously collected information for another purpose or use the information in new software, we will ask for your explicit consent to do so.
We routinely share pupil information with:
We also provide certain pupil data with other parties that provide a service for our school:
The majority of our pupil information is processed in our main Management Information System (MIS). However, our school also purchases third party software to help us provide additional functions and services. Certain data held on our main management information system is also shared with third party software providers for the following reasons:
We do not share information about our pupils with anyone without consent unless the legal basis for holding and sharing the data allow us to do so.
We share pupil data with the Department for Education (DfE) and the Local Authority on a statutory basis through data collections such as the school census under the following statutes:
Section 573A of the Education Act 1996
Education Act 1996 s29(3)
Education (School Performance Information)(England) Regulations 2007
Regulations 5 & 8 School Information (England) Regulations 2008
Education (Pupil Registration) (England) (Amendment) Regulations 2013
Further information about the data collection requirements placed on our school by the DfE through the school census can be found at https://www.gov.uk/education/data-collection-and-censuses-for-schools
The data shared with the DfE and the local Authority is for the purpose of:
Most of the pupil data we share with the DfE is held within their National Pupil Database (NPD). Please refer to the last page of this Privacy Notice for more information about the NPD and their basis for sharing data with third parties.
Our Local Authority’s Privacy Notice relating to early years pupil information can be found at http://www.centralbedfordshire.gov.uk/school/professionals/two-year-old-funding/privacy.aspx and their Privacy Notice relating to pupil information can be found at http://www.centralbedfordshire.gov.uk/schools-portal/administration/school-privacy-notice.aspx
We fully adhere to our Data Protection policies which outline our procedures and processes for accessing, handling and storing data safely in accordance with all the GDPR principles. These policies are regularly reviewed and ratified by our governors. The following processes ensure that we comply with data protection legislation in how we manage the protection of personal data:
We also adhere to our Data Breach Procedures Policy in the event of a data breach. These procedures explain how our school responds to occurrences of known or reported data breaches. A copy of this policy is available on our school website at http://www.stleonards.beds.sch.uk/policies/
Under data protection regulations, you as the parent/carer and pupils (from age 13, you have the following rights:
It should be noted that some of these rights will not apply in circumstances where allowing them would significantly reduce or prevent our ability to perform our duties as a school and safeguard the children in our care.
You do have the right to request access to personal information about you and/or your child that we hold. To request access to your personal information or to your child’s educational record, you can make a Subject Access Request (SAR). For further information about this contact Mrs Samantha Nunn, Office Manager.
Our school will follow procedures outlined in our Subject Access Request Policy available from our website http://www.stleonards.beds.sch.uk/policies/ which follows the guidelines promoted by the data protection regulations.
Please note that whilst we aim to respond to requests within the required time period of one month, we may not be able to honour this time period if we receive requests just before or during school holidays. If the nature of the request is complex and/or the request falls within a holiday period, we will aim to reach a mutually agreed alternative time period.
We hold pupil data for the period determined appropriate for the different types of data we hold.
We will keep information for the minimum period necessary in accordance with DfE’s data retention recommendations which take into account legal and safeguarding considerations linked to the types of data held. Our Data Retention Schedule can be found on our website at http://www.stleonards.beds.sch.uk/policies/
All information is held securely and will be destroyed as appropriate under secure and confidential conditions.
Let us know of any changes to personal information and emergency contact information
As a matter of course, we will contact you at least once a year to ensure that all the personal information and emergency contact details we have for your child is accurate and up-to-date. We would encourage you very strongly to ensure that any changes to phone numbers in particular are notified to our school office as soon as possible.
Reporting concerns about our data protection processes
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance by contacting Mrs Samantha Nunn, Office Manager on 01525 237253 or via email at firstname.lastname@example.org . Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
Keeping you informed through this Privacy Notice
We aim to keep you informed of any changes to our data collections and data protection obligations through this Privacy Notice – the latest copy will be available on our website at http://www.stleonards.beds.sch.uk/topic/parents
We incorporate information about the pupil data we hold and how we adhere to the GDPR principles for protecting this data in our e-Safety and ICT lessons so that our children are aware of what we do.
The National Pupil Database (NPD)
The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department.
It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information.
Sharing data by the DfE
The DfE can legally share information about our pupils from the NPD with third parties who are:
For more information about the department’s data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data
How the DfE keeps data secure
All data is transferred securely and held by DfE under a combination of software and hardware controls, which meet ISO27001 standards and the government security policy framework.
The Department has robust processes in place to ensure the confidentiality of our pupils’ data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
For information about which organisations the department has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received
To contact DfE: https://www.gov.uk/contact-dfe