Pupil Data

We are required by law to provide education. The main pieces of legislation that govern this are:

* The Education Act (various years)

* The Education (Pupil Registration) (England) Regulations

* The School Standards and Framework Act 1998

* The School Admissions Regulations 2012

* Children and Families Act 2014

* The Special Educational Needs and Disability Regulations 2014

We use the pupil data:

* To support pupil learning

* To monitor and report on pupil progress

* To provide appropriate pastoral care

* To assess the quality of our services

* To comply with the law regarding data sharing

* To share data for statutory inspections and audit purposes

The categories of pupil information that we collect, hold and share include:

* Personal information (such as name, unique pupil number and address)

* Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility)

* Attendance information (such as sessions attended, number of absences and absence reasons)

* Assessment information

* Relevant medical information

* Special Education Needs information

* Exclusions/behavioural information

* Personal information about a pupil’s parents and/or other relatives (such as name, contact details, relationship to child)

The lawful basis on which we use this information

We collect and use general pupil information under GDPR article 6 under the following legal bases;

• We have a legal obligation to do so
• The information is necessary in the performance of our public task
• The processing is necessary to protect the vital interest of the child
• For some categories, we will ask for parental consent
• For some categories, outside of our core obligations of providing education, we process data on the basis that we have a legitimate interest to do so

Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this.

We hold pupil data for varying lengths of time depending on what the information is. This length of time is specified in our Records Management Policy and all data is transferred or securely destroyed in line with this policy.

We routinely share pupil information with:

* schools that pupils attend after leaving us

* our local authority (Milton Keynes Council)

* the Department for Education (DfE)

*Other schools and departments within our MAT

* School Nurses

* Speech & Language Therapists

* Agencies & 3rd parties we commission to deliver services on our behalf such as ParentPay or school meals providers

*School Photographers

*Educational software providers

*External support providers (IT engineers, for example)

We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.

We share pupils’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.

We are required to share information about our pupils with the (DfE) under regulation 5 of The Education (Information About Individual Pupils) (England) Regulations 2013.

Where data is processed on our behalf by another provider (a data processor), we comply with the GDPR by ensuring that they have sufficient measures in place to provide appropriate protection for your data.

Data collection requirements:

To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) you can visit https://www.gov.uk/education/data-collection-and-censuses-for-schools.

The National Pupil Database (NPD)

The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.

We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.

To find out more about the pupil information we share with the department, for the purpose of data collections, go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.

To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information.

The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:

* conducting research or analysis

* producing statistics

* providing information, advice or guidance

The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data.

Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:

* who is requesting the data

* the purpose for which it is required

* the level and sensitivity of data requested: and

* the arrangements in place to store and handle the data

To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.

For more information about the department’s data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data

For information about which organisations the department has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received

To contact DfE: https://www.gov.uk/contact-dfe

Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information contact Jason Smith, IFtL’s Head of Operations and Data Protection Officer, via DPO@iftl.co.uk

You also have the right to:

* object to processing of personal data that is likely to cause, or is causing, damage or distress

* prevent processing for the purpose of direct marketing

* object to decisions being taken by automated means

* in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and

* claim compensation for damages caused by a breach of the Data Protection regulations

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance by contacting dpo@iftl.co.uk

You can also complain directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/

If you would like to discuss anything in this privacy notice, please contact the Data Protection Officer, Jason Smith at dpo@iftl.co.uk