Friars Primary School and Day Care Privacy Notice
(How we use pupil information)
Please click on the links below to download our policies and other related documents.
- CCTV Policy
- Data Breach Policy
- Data Protection Policy Friars (including SAR appendix)
- Data Retention Policy
- Electronic Info and Communications Policy
- Freedom Of Information Policy
- Information Security Policy
- Privacy Notice for Governors
- Privacy Notice for Staff
- Privacy notice for Pupils and Parents
- Privacy Notice for Visitors and Contractors
SAR or FOI requests
Please note: Should you require either and SAR (Subject Access Request) or FOI (Freedom of Information), please be aware that the school staff are not available during the school holidays.
The categories of pupil information that we collect, hold and share include:
- Personal information (such as name, unique pupil number and address)
- Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility)
- Attendance information (such as sessions attended, number of absences and absence reasons)
- Assessment information, including national test results such as phonics screening check, Key Stage 1 and 2 test data, as well as internally generated assessment data based on school tracking systems.
- Medical and dietary Information (including allergies, medication diagnosis, Individual Health Care plans, medical consent forms, records of medicine being administered. Records of accidental injuries including an reportable injuries (RIDDOR), individual medical risk assessments.
- Register of children identified with additional special education needs. Records of SEN history including specialist reports and intervention plans. Data analysis of progress of groups of children.
- Records of families accessing support from outside agencies such as Early Help services, including Education Welfare Officer (attendance), Early Help CAMHs, Family support worker, social services.
- Exclusion – the reason for exclusion and the length of exclusion.
- Information related to behaviour incidents – particularly those that involve homophobic or transphobic incidents and racial incidents. Behaviour incidents are logged at categorised based on the nature of the behaviour, e.g. name calling, physical aggression, initimidation, fighting etc.
- Following a transfer to a new provider a record may be kept of the above in our setting.
Why we collect and use this information:
We use the pupil data:
- to support pupil learning
- to monitor and report on pupil progress
- to provide appropriate pastoral care
- to ensure the safety of children
- to improve interventions and packages of support for children and families
- to assess the quality of our services
- to comply with the law regarding data sharing
The lawful basis on which we use this information:
- We collect and use pupil information with consent from parents enabling us to process his or her child’s personal data for one or more specific purposes.
- Where necessary for compliance with a legal obligation for example to register children for national tests and to comply with school census requirements.
- Where processing is necessary for the performance of a task carried out in the public interest. (e.g. Provide assessment data to parents).
- Where processing is necessary in order to protect the vital interests of the data subject (e.g. to deliver vital medical care, disability support)
Collecting pupil information:
Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this.
Storing pupil data:
We hold pupil data for a maximum of 5 years after a pupil has left the school.
Who we share pupil information with:
We routinely share pupil information with:
- schools that the pupil’s attend after leaving us
- our local authority
- the Department for Education (DfE)
- school nurse
- Arbor is a Department for Education approved data processing company that hold all data for pupils. They are GDPR compliant.
- Fisher Family Trust hold and analyse personal data to enable in depth analysis of children’s attainment. They are GDPR compliant.
Why we share pupil information:
We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.
We share pupils’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.
We are required to share information about our pupils with our local authority (LA) and the Department for Education (DfE) under section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013.
We are required to share information related to cohort performance on the school’s website. This is to inform parents of the schools attainment and progress data. This includes performance of specific groups such as that of pupil premium children and those with special needs.
We are required to share cohort performance with Ofsted to enable Ofsted to make judgements about the school’s performance. We share information with receiving schools to enable them to meet the educational needs of pupils.
Data collection requirements:
To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.
The National Pupil Database (NPD):
The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.
To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information.
The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:
- conducting research or analysis
- producing statistics
- providing information, advice or guidance
The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
- who is requesting the data
- the purpose for which it is required
- the level and sensitivity of data requested: and
- the arrangements in place to store and handle the data
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
For more information about the department’s data sharing process, please visit:
For information about which organisations the department has provided pupil information,
(and for which project), please visit the following website:
To contact DfE: https://www.gov.uk/contact-dfe
Requesting access to your personal data:
Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact Craig Stilwell.
You also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress
- prevent processing for the purpose of direct marketing
- object to decisions being taken by automated means
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- claim compensation for damages caused by a breach of the Data Protection regulations
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Please contact the DPO whose details are listed below. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
If you would like to discuss anything in this privacy notice, please contact:
The company Judicium will be ensuring that the school are GDPR compliant.
This will be a process and this privacy Notice will be reviewed.