Privacy Notice - Data Protection Act 2018
How we use pupil information
Chantry Primary Academy, Tomlinson Avenue, Luton, Bedfordshire, LU4 0QP is the data controller. We collect and use your data and that of your child. This notice explains what we collect, why and how we use it.
The categories of pupil information that we collect, hold and share include:
- Personal information (such as name, date of birth, unique pupil number and address)
- Characteristics (such as gender, ethnicity, language, nationality, country of birth, meal arrangements and free school meal eligibility)
- Attendance information (such as sessions attended, number of absences and absence reasons)
- Medical information such as GP surgery details, allergies, medication and dietary requirements
- Assessment and attainment information, including special educational needs information, if relevant
- Safeguarding information, where necessary
- Contact information such as parental and other contact names and telephone numbers for use in cases of emergency
- Sibling information
- History of previous schools and nurseries attended
- Behaviour information
Why we collect and use this information
We use the pupil data:
- to support pupil learning
- to record attendance
- to monitor and report on pupil attainment and progress
- to provide appropriate pastoral care
- to keep children safe in our care
- to assess the quality of our services
- to comply with safeguarding obligations
- to assess the quality of our services
- to comply with the law regarding data returns and sharing
The lawful basis on which we use this information
We collect and use pupil information under the lawful basis of public interest and for special category data (such as religion, ethnicity and medical information) because it is necessary for a reason of substantial public interest.
For further information regarding the data collection requirements that are placed on us by the Department for Education (e.g. school census), please go to, https://www.gov.uk/education/data-collection-and-censuses-for-schools
Some of the information we collect and use is provided with your consent and that is the lawful basis for us processing it. For example, your permission to process your child’s data for school trips and for access to online providers of educational materials. We will make it clear where we are asking for your consent and why, and provide you with the opportunity to refuse to provide us with that information, explaining what the consequence of that will be.
Storing pupil data
We hold pupil data for the period determined appropriate for the different types of data we hold.
We will keep information for the minimum period necessary in accordance with DfE’s data retention recommendations which consider legal and safeguarding considerations linked to the types of data held. Our Data Retention Schedule can be found on our website at:
All information is held securely and will be destroyed as appropriate under secure and confidential conditions.
Who we share pupil information with
We routinely share pupil information with:
- schools that the pupil’s attend after leaving us
- our local authority
- the Department for Education (DfE)
- online education providers
- support staff
We may also share some pupil details with other parties that provide a service to our school such as,
- External club providers
- Trip providers
The majority of our pupil information is processed in our main Management Information System (MIS).
We also purchase some third party software to help us provide further services. Certain data held on our main MIS is shared with third party software providers for the following reasons:
- Assessment software which uses the main pupil information such as name, class, date of birth and some contextual information to help us record attainment and track progress
- Text messaging software which uses the contact names and telephone numbers stored in order to notify parents/carers of certain events and important notices
- Online payments system which uses our pupil names and classes to link to parent users for the purpose of enabling payments for trips, before and after school clubs etc.
- Safeguarding / behaviour software in order to effectively manage safeguarding and behaviour within the school.
- Online booking systems to facilitate events
- Software to manage Single Sign On (SSO) to online resources
We actively ensure that all of the third party software organisations we share data with comply with the General Data Protection Regulations through their Privacy Notices and Data Sharing Agreements that they share with us.
Why we share pupil information
We share pupils’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.
We are required to share information about our pupils with the (DfE) under regulation 5 of The Education (Information About Individual Pupils) (England) Regulations 2013.
We share other pupil data to ensure that they receive the most appropriate educational and pastoral support for their needs.
We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.
Data collection requirements:
To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.
The National Pupil Database (NPD)
The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.
To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information.
The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:
conducting research or analysis
providing information, advice or guidance
The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
- who is requesting the data
- the purpose for which it is required
- the level and sensitivity of data requested: and
- the arrangements in place to store and handle the data
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
For more information about the department’s data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data
For information about which organisations the department has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received
To contact DfE: https://www.gov.uk/contact-dfe
Requesting access to your personal data
Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. You also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress
- prevent processing for the purpose of direct marketing
- object to decisions being taken by automated means
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- claim compensation for damages caused by a breach of the Data Protection regulations
To make a request for your personal information, be given access to your child’s educational record, or request any of the rights associated with your or your child’s data contact Jon Briggs, Operations Manager, 01582 706500 email@example.com
Please note we cannot always agree to the request. We will consider all requests and explain the reason for the decision.
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
If you would like to discuss anything in this privacy notice, please contact:
Jon Briggs, Operations Manager, 01582 706500 firstname.lastname@example.org
The school’s Data Protection Officer is Paula Creighton, who can be contacted at email@example.com.