We, Little Kingshill Combined School (the School), are a data controller for the purposes of the General Data Protection Regulation (GDPR). We collect and hold personal information from you about your child and may receive information about your child from their previous school or college, the Local Authority, the Department of Education (DfE) and the Learning Records Service.
The categories of pupil information that we collect, hold and share include:
Personal information (such as name, unique pupil number and address)
Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility)
Safeguarding information (such as court orders and professional involvement)
Attendance information (such as sessions attended, number of absences and absence reasons and any previous schools attended)
Assessment and attainment (such as key stage 1 and phonics results, KS2 results and any relevant results)
Relevant medical information (such as doctors information, child health, dental health, allergies, medication and dietary requirements)
Special educational needs information (including the needs and ranking)
Exclusion and behavioural information (and any relevant alternative provision put in place)
Why we collect and use this information
We use the pupil data:
to support pupil learning
to monitor and report on pupil progress
to provide appropriate pastoral care
to assess the quality of our services
for safeguarding and child protection
to comply with the law regarding data sharing
to keep children safe (food allergies and emergency contact details)
to meet the statutory duties placed upon us for DfE data collections
The lawful basis on which we use this information
We collect and use pupil information under departmental censuses and the Education Act 1996 - for more information on the school census process and requirements see: https://www.gov.uk/education/data-collection-and-censuses-for-schools
We collect and process data under the following legal basis for processing:
Article 6 (GDPR)
the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
processing is necessary for compliance with a legal obligation to which the controller is subject;
Article 9 (GDPR)
the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where European Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject.
Collecting pupil information
We obtain pupil information via registration forms at the start of each academic year. In addition, when a child joins us from another school we are sent a secure file containing relevant information.
Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the GDPR, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this.
Storing pupil data
We hold pupil data in line with IRMS (Information records management service) guidelines. Please see the following document for full details on data storage including time scales.
Who we share pupil information with
We routinely share pupil information with:
schools that the pupil’s attend after leaving us
our local authority
agencies, including the School Nurse, the NHS, CAMHS (Child adolescent mental health services), Social Care, Family Resilience Service and Children’s Centres.
curriculum resources (all web resources are checked and minimal details are shared with online teaching resources)
other parties where there is a legal basis for doing so
Why we share pupil information
We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.
We share pupils’ data with the DfE on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.
We are required to share information about our pupils with our local authority (LA) and the DfE under section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013.
Data collection requirements:
To find out more about the data collection requirements placed on us by the DfE (for example; via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.
The National Pupil Database (NPD)
The NPD is owned and managed by the DfE and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the DfE. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
We are required by law to provide information about our pupils to the DfE, as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.
To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information.
The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:
conducting research or analysis
providing information, advice or guidance
The DfE has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
who is requesting the data
the purpose for which it is required
the level and sensitivity of data requested and
the arrangements in place to store and handle the data
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
For more information about the DfE’s data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data
For information about which organisations the DfE has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received
To contact DfE: https://www.gov.uk/contact-dfe
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Requesting access to your personal data
Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information or be given access to your child’s educational record. In the first instance, please contact the school lead below:
Data Protection officer
Turn IT on
01865 597620 (option 3)
You also have the right to:
object to processing of personal data that is likely to cause, or is causing, damage or distress
prevent processing for the purpose of direct marketing
object to decisions being taken by automated means
in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed and
claim compensation for damages caused by a breach of the Data Protection regulations
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
Sharing by the DfE
The law allows the DfE to share pupils’ personal data with certain third parties, including:
organisations connected with promoting the education or wellbeing of children in England
other government departments and agencies
organisations fighting or identifying crime
For more information about the DfE's NPD data sharing process, please visit:
Organisations fighting or identifying crime may use their legal powers to contact DfE to request access to individual level information relevant to detecting that crime. Whilst numbers fluctuate slightly over time, DfE typically supplies data on around 600 pupils per year to the Home Office and roughly 1 per year to the Police.
For information about which organisations the DfE has provided pupil information, (and for which project) or to access a monthly breakdown of data share volumes with Home Office and the Police please visit the following website: https://www.gov.uk/government/publications/dfe-external-data-shares
To contact DfE: https://www.gov.uk/contact-dfe
Other policies which may reference this privacy notice
This Privacy Notice also applies in addition to the School's other relevant terms and conditions and policies, including:
any contract between the School and its staff or the parents of students
the School's policy on taking, storing and using images of students
the School’s policy on the use of CCTV
the School’s retention of records policy
the School's safeguarding and pastoral policy
the School’s Health and Safety policy, including how concerns or incidents are recorded
the School's IT policies, including its Acceptable Use policy, On-line Safety policy
If you would like to discuss anything in this privacy notice, please contact:
Data Protection Officer
Turn IT on
01865 597620 (option 3)
Policy update information (policy number GDPR-103a)
This policy is reviewed annually and updated in line with data protection legislation.