Privacy notice


At Stisted CE Primary Academy, we value the privacy and security of your child's personal information. This privacy notice explains how we collect and process pupil information in our school, in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.


We process the following categories of pupil information:


• Personal identifiers and contacts (such as name, unique pupil number, contact details, and address)

• Characteristics (such as ethnicity, language, and free school meal eligibility)

• Safeguarding information (such as court orders and professional involvement)

• Special educational needs (including the needs and ranking)

• Medical and administration (such as doctors' information, child health, dental health, allergies, medication, and dietary requirements)

• Attendance (such as sessions attended, number of absences, absence reasons, and any previous schools attended)

• Assessment and attainment (such as key stage 1 and phonics results, post-16 courses enrolled for, and any relevant results)

• Behavioural information (such as exclusions and any relevant alternative provision put in place)


Why We Collect and Use Pupil Information: 

We collect and use pupil information for the following purposes:


a) To support pupil learning

b) To monitor and report on pupil attainment progress

c) To provide appropriate pastoral care

d) To assess the quality of our services

e) To keep children safe (e.g., food allergies or emergency contact details)

f) To meet the statutory duties placed upon us for the Department for Education (DfE) data collections


Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing pupil information are as follows:

Legal obligation – The use of the data is necessary to permit the school to comply with the law

Public interest – The use of the data is necessary to permit the school to carry out a task in the public interest


Collecting Pupil Information:

We collect pupil information via registration forms at the start of the school year or Common Transfer File (CTF) or secure file transfer from the previous school.


Pupil data is essential for the school's operational use. Whilst the majority of pupil information you provide to us is mandatory, some of it may be requested on a voluntary basis. In order to comply with data protection legislation, we will inform you at the point of collection whether you are required to provide certain pupil information to us or if you have a choice in this.


Storing Pupil Data:

We hold pupil data securely for the set amount of time shown in our data retention schedule. For more information on our data retention schedule and how we keep your data safe, please visit https://www.canonium.org/news-information/policies 


Who We Share Pupil Information With:

We may routinely share pupil information with the following recipients:



We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.


Department for Education (DfE):

The Department for Education (DfE) collects personal data from educational settings and local authorities via various statutory data collections. We are required to share information about our pupils with the Department for Education (DfE) either directly or via our local authority for the purpose of those data collections, under Education (Information About Individual Pupils) (England) Regulations 2013.


All data is transferred securely and held by the Department for Education (DfE) under a combination of software and hardware controls, which meet the current government security policy framework. For more information, please see 'How Government uses your data' section.


Requesting Access to Your Personal Data:

Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information or be given access to your child's educational record, please contact the school office via [email protected] 


You also have the right to:


If you have a concern or complaint about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner's Office at https://ico.org.uk/concerns/ 


Last Updated:

We may need to update this privacy notice periodically, so we recommend that you revisit this information from time to time. This version was last updated on 1st August 2023.


Contact

If you would like to discuss anything in this privacy notice, please contact [email protected] 


How Government Uses Your Data:

The pupil data that we lawfully share with the Department for Education (DfE) through data collections:


• Underpins school funding, which is calculated based upon the numbers of children and their characteristics in each school.

• Informs 'short term' education policy monitoring and school accountability and intervention (e.g., school GCSE results or Pupil Progress measures).

• Supports 'longer term' research and monitoring of educational policy (e.g., how certain subject choices go on to affect education or earnings beyond school).


The National Pupil Database (NPD):

Much of the data about pupils in England goes on to be held in the National Pupil Database (NPD). The NPD is owned and managed by the Department for Education (DfE) and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department for Education (DfE). It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities, and awarding bodies. To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information 


Sharing by the Department for Education (DfE):

The law allows the Department for Education (DfE) to share pupils' personal data with certain third parties, including:


• Schools and local authorities

• Researchers

• Organizations connected with promoting the education or wellbeing of children in England

• Other government departments and agencies

• Organizations fighting or identifying crime


For more information about the Department for Education's (DfE) NPD data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data.


Organizations fighting or identifying crime may use their legal powers to contact the Department for Education (DfE) to request access to individual level information relevant to detecting that crime.


For information about which organizations the Department for Education (DfE) has provided pupil information, (and for which project) or to access a monthly breakdown of data share volumes with Home Office and the Police please visit the following website: https://www.gov.uk/government/publications/dfe-external-data-shares.


How to Find Out What Personal Information the Department for Education (DfE) Holds About You:

Under the terms of the Data Protection Act 2018, you are entitled to ask the Department for Education (DfE):


• If they are processing your personal data

• For a description of the data they hold about you

• The reasons they're holding it and any recipient it may be disclosed to

• For a copy of your personal data and any details of its source


If you want to see the personal data held about you by the Department for Education (DfE), you should make a 'subject access request'. Further information on how to do this can be found within the Department for Education's (DfE) personal information charter that is published at the address below: https://www.gov.uk/government/organisations/department-for-education/about/personal-information-charter 

To contact the Department for Education (DfE):

https://www.gov.uk/contact-dfe