We are required by law to provide education. The main pieces of legislation that govern this are:
* The Education Act (various years)
* The Education (Pupil Registration) (England) Regulations
* The School Standards and Framework Act 1998
* The School Admissions Regulations 2012
* Children and Families Act 2014
* The Special Educational Needs and Disability Regulations 2014
We use the pupil data:
* To support pupil learning
* To monitor and report on pupil progress
* To provide appropriate pastoral care
* To assess the quality of our services
* To comply with the law regarding data sharing
* To share data for statutory inspections and audit purposes
* To keep children safe (food allergies, or emergency contact details)
* To meet the statutory duties placed upon us for the Department for Education (DfE) data collections
The categories of pupil information that we collect, hold and share include:
* Personal identifiers and contacts (such as name, unique pupil number, contact details and address)
* Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility)
* Safeguarding information (such as court orders and professional involvement)
* Special educational needs (including the needs and ranking)
* Medical and administration (such as doctors’ information, child health, dental health, allergies, medication and dietary requirements)
* Attendance (such as sessions attended, number of absences, absence reasons and any previous schools attended)
* Assessment and attainment (such as key stage 1 and phonics results, post 16 courses enrolled for and any relevant results)
* Behavioural information (such as exclusions and any relevant alternative provision put in place)
* Personal information about a pupil’s parents and/or other relatives (such as name, contact details, relationship to child)
We collect and use general pupil information in line with the UK GDPR under the following legal bases;
- We have a legal obligation to do so
- The information is necessary in the performance of our public task
- The processing is necessary to protect the vital interest of the child
- For some categories, we will ask for parental consent
- For some categories, outside of our core obligations of providing education, we process data on the basis that we have a legitimate interest to do so
Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the UK General Data Protection Regulation, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this.
We collect this information via ATF and CTF file transfers, via secure file transfer from previous schools, and directly from registration forms provided by parents/carers.
We hold pupil data for varying lengths of time depending on what the information is. This length of time is specified in our Records Management Policy and all data is transferred or securely destroyed in line with this policy.
We routinely share pupil information with:
* schools that pupils attend after leaving us
* our local authority partners
* the Department for Education (DfE)
*Other schools and departments within our MAT
* School Nurses
* Speech & Language Therapists
* Agencies & 3rd parties we commission to deliver services on our behalf such as ParentPay or school meals providers
*Educational software providers
*External support providers (IT engineers, for example)
*Youth support services (pupils aged 13+)
We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.
We share pupils’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.
We are required to share information about our pupils with the (DfE) under regulation 5 of The Education (Information About Individual Pupils) (England) Regulations 2013.
Where data is processed on our behalf by another provider (a data processor), we comply with the UK GDPR by ensuring that they have sufficient measures in place to provide appropriate protection for your data.
Data collection requirements:
To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) you can visit https://www.gov.uk/education/data-collection-and-censuses-for-schools.
The National Pupil Database (NPD)
Much of the data about pupils in England goes on to be held in the National Pupil Database (NPD).
The NPD is owned and managed by the Department for Education (DfE) and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department for Education (DfE).
It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies. To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information
Sharing by the Department for Education (DfE)
The law allows the Department for Education (DfE) to share pupils’ personal data with certain third parties, including:
· schools and local authorities
· organisations connected with promoting the education or wellbeing of children in England
· other government departments and agencies
· organisations fighting or identifying crime
For more information about the Department for Education’s (DfE) NPD data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data
Organisations fighting or identifying crime may use their legal powers to contact the Department for Education (DfE) to request access to individual level information relevant to detecting that crime.
For information about which organisations the Department for Education (DfE) has provided pupil information, (and for which project) or to access a monthly breakdown of data share volumes with
Home Office and the Police please visit the following website: https://www.gov.uk/government/publications/dfe-external-data-shares
How to find out what personal information the Department for Education (DfE) holds about you
Under the terms of the Data Protection Act 2018, you are entitled to ask the Department for Education (DfE):
· if they are processing your personal data
· for a description of the data they hold about you
· the reasons they’re holding it and any recipient it may be disclosed to
· for a copy of your personal data and any details of its source
If you want to see the personal data held about you by the Department for Education (DfE), you should make a ‘subject access request’. Further information on how to do this can be found within the Department for Education’s (DfE) personal information charter that is published at the address below: https://www.gov.uk/government/organisations/department-for-education/about/personal-information-charter To contact the Department for Education (DfE): https://www.gov.uk/contact-dfe
Data Sharing relating to Secondary Age Pupils
Once our pupils reach the age of 13, we also pass pupil information to our local authority and / or provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996.
This enables them to provide services as follows:
· youth support services
· careers advisers
The information shared is limited to the child’s name, address and date of birth. However where a parent or guardian provides their consent, other information relevant to the provision of youth support services will be shared. This right is transferred to the child / pupil once they reach the age 16
We will also share certain information about pupils aged 16+ with our local authority and / or provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996.
This enables them to provide services as follows:
· post-16 education and training providers
· youth support services
· careers advisers
Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information contact Jason Smith, IFtL’s Head of Operations and Data Protection Officer, via DPO@iftl.co.uk
You also have the right:
· to have your personal data rectified, if it is inaccurate or incomplete
· to request the deletion or removal of personal data where there is no compelling reason for its continued processing
· to restrict our processing of your personal data (i.e. permitting its storage but no further processing)
· to object to direct marketing (including profiling) and processing for the purposes of scientific/historical research and statistics
· not to be subject to decisions based purely on automated processing where it produces a legal or similarly significant effect on you