Privacy Policy/Notice

Pupils/Students and Parents

Last reviewed: March 2023

Next review date: August 2023

Modifications: New TIO template

Appendices: None

Privacy Notice (How we use pupil / student information)

The categories of pupil / student information that we collect, hold and share include:

  • Personal information (such as name, unique pupil number and address)
  • Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility)
  • Attendance information (such as sessions attended, number of absences and absence reasons)
  • Assessment information
  • Relevant medical information
  • Special educational needs information (including the needs and ranking)
  • Exclusion and behavioural information
  • Safeguarding information (such as court orders and professional involvement)
  • Medical and administration (such as doctors information, child health, dental health, allergies, medication and dietary requirements)

Why we collect and use this information

  • We use the pupil / student data:
  • to support pupil / student learning
  • to monitor and report on pupil / student progress
  • to provide appropriate pastoral care
  • to assess the quality of our services
  • for safeguarding and child protection
  • to comply with the law regarding data sharing
  • to keep children safe (food allergies or emergency contact details)
  • to meet the statutory duties placed upon us by the DfE data collections

The lawful basis on which we use this information

We collect and use pupil / student information under departmental censuses and the Education Act 1996, for more information on the school census process and requirements see:

We collect and process data under the following legal basis for processing:

Article 6 (UK GDPR)

  1. the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  2. processing is necessary for compliance with a legal obligation to which the controller is subject;

Article 9 (UK GDPR)

  1. the data subject has given explicit consent to the processing of their personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject.

Collecting pupil / student information

Whilst the majority of pupil / student information you provide to us is mandatory through [Common Transfer File (CTF) or secure file transfer from previous school], some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain pupil / student information to us or if you have a choice in this.

Storing pupil / student data

We hold pupil / student data in line with IRMS (Information records management service) guidelines. Please see the following document for full details on data storage including time scales. 

Who we share pupil / student information with

We routinely share pupil / student information with:

  • schools that the pupil’s / students attend after leaving us
  • our local authority
  • the Department for Education (DfE)
  • agencies including the School Nurse and the NHS
  • academy trust if applicable
  • curriculum resources (all web resources are checked, and minimal details are shared with online teaching resources)

Why we share pupil / student information

We do not share information about our pupils / students with anyone without consent unless the law and our policies allow us to do so.

We share pupils’ / students’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.

We are required to share information about our pupils / students with our local authority (LA) and the Department for Education (DfE) under section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013.

Data collection requirements:

To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to collection-and-censuses-for-schools

The National Pupil Database (NPD)

The NPD is owned and managed by the Department for Education and contains information about pupils / students in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.

We are required by law to provide information about our pupils / students to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils / students) (England) Regulations 2013.

To find out more about the NPD, go to pupil-database-user-guide-and-supporting-information.

The department may share information about our pupils / students from the NPD with third parties who promote the education or well-being of children in England by:

  • conducting research or analysis
  • producing statistics
  • providing information, advice or guidance

The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:

  • who is requesting the data
  • the purpose for which it is required
  • the level and sensitivity of data requested: and
  • the arrangements in place to store and handle the data

To be granted access to pupil / student information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.

For more information about the department’s data sharing process, please visit:

For information about which organisations the department has provided pupil / student information, (and for which project), please visit the following website:

To contact the DfE:

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Requesting access to your personal data

Under data protection legislation, parents and pupils / students have the right to request access to information about them that we hold. To make a request for your personal information or be given access to your child’s educational records. In the first instance please contact the school lead below.

Position Name Email Phone
School Lead Karen Herring 01296 481353
Data Protection Officer turn IT on 01865 597620 (option 3)

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations

If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at

Other policies which may reference this privacy notice

  • This Privacy Notice also applies in addition to the School’s other relevant terms and conditions and policies, including:
  • any contract between the School and its staff or the parents of students;
  • the School’s policy on taking, storing and using images of students;
  • the School’s policy on the use of CCTV;
  • the School’s retention of records policy, (IRMS template);
  • the School’s safeguarding and pastoral policy
  • the School’s Health and Safety policy, including how concerns or incidents are recorded;
  • the School’s IT policies, including its Acceptable Use policy, On-line Safety policy

Policy update information (policy number GDPR-103a)

This policy is reviewed annually and updated in line with data protection legislation.

Policy review information

Review date Reviewed by
02-05-2018 turn IT on
08-08-2019 turn IT on
04-08-2020 turn IT on
02-08-2021 turn IT on
04-08-2022 turn IT on

Policy update information

Review date Revision Description on change By
02-05-2018 1.00 Draft release turn IT on
03-05-2018 1.00 Full release turn IT on
08-08-2019 1.01 Full release turn IT on
02-08-2021 1.02 Full release turn IT on