School Logo

Privacy Statement

We, Little Kingshill Combined School (the School), are a data controller for the purposes of the General Data Protection Regulation (GDPR). We collect and hold personal information from you about your child and may receive information about your child from their previous school or college, the Local Authority, the Department of Education (DfE) and the Learning Records Service.


The categories of pupil information that we collect, hold and share include:

  • Personal information (such as name, unique pupil number and address)

  • Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility)

  • Safeguarding information (such as court orders and professional involvement)

  • Attendance information (such as sessions attended, number of absences and absence reasons and any previous schools attended)

  • Assessment and attainment (such as key stage 1 and phonics results, KS2 results and any relevant results)

  • Relevant medical information (such as doctors information, child health, dental health, allergies, medication and dietary requirements)

  • Special educational needs information (including the needs and ranking)

  • Exclusion and behavioural information (and any relevant alternative provision put in place)


Why we collect and use this information

We use the pupil data:

  • to support pupil learning

  • to monitor and report on pupil progress

  • to provide appropriate pastoral care

  • to assess the quality of our services

  • for safeguarding and child protection

  • to comply with the law regarding data sharing

  • to keep children safe (food allergies and emergency contact details)

  • to meet the statutory duties placed upon us for DfE data collections


The lawful basis on which we use this information

We collect and use pupil information under departmental censuses and the Education Act 1996 - for more information on the school census process and requirements see:


We collect and process data under the following legal basis for processing:

Article 6 (GDPR)

  1. the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

  2. processing is necessary for compliance with a legal obligation to which the controller is subject;

Article 9 (GDPR)

  1. the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where European Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject.


Collecting pupil information

We obtain pupil information via registration forms at the start of each academic year. In addition, when a child joins us from another school we are sent a secure file containing relevant information.

Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the GDPR, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this.


Storing pupil data

We hold pupil data in line with IRMS (Information records management service) guidelines. Please see the following document for full details on data storage including time scales.


Who we share pupil information with

We routinely share pupil information with:

  • schools that the pupil’s attend after leaving us

  • our local authority

  • the DfE

  • agencies, including the School Nurse, the NHS, CAMHS (Child adolescent mental health services), Social Care, Family Resilience Service and Children’s Centres.

  • curriculum resources (all web resources are checked and minimal details are shared with online teaching resources)

  • school governors

  • other parties where there is a legal basis for doing so


Why we share pupil information

We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.

We share pupils’ data with the DfE on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.

We are required to share information about our pupils with our local authority (LA) and the DfE under section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013.


Data collection requirements:

To find out more about the data collection requirements placed on us by the DfE (for example; via the school census) go to


The National Pupil Database (NPD)

The NPD is owned and managed by the DfE and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the DfE. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.


We are required by law to provide information about our pupils to the DfE, as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.

To find out more about the NPD, go to


The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:

  • conducting research or analysis

  • producing statistics

  • providing information, advice or guidance


The DfE has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:

  • who is requesting the data

  • the purpose for which it is required

  • the level and sensitivity of data requested and

  • the arrangements in place to store and handle the data


To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.


For more information about the DfE’s data sharing process, please visit:

For information about which organisations the DfE has provided pupil information, (and for which project), please visit the following website:

To contact DfE:


Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.


We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.


Requesting access to your personal data

Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information or be given access to your child’s educational record.  In the first instance, please contact the school lead below:






School Lead

Stephen Dodd

01494 863744

Data Protection officer

Turn IT on

01865 597620 (option 3)


You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress

  • prevent processing for the purpose of direct marketing

  • object to decisions being taken by automated means

  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed and

  • claim compensation for damages caused by a breach of the Data Protection regulations


If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at


Sharing by the DfE

The law allows the DfE to share pupils’ personal data with certain third parties, including:

  • schools

  • local authorities

  • researchers

  • organisations connected with promoting the education or wellbeing of children in England

  • other government departments and agencies

  • organisations fighting or identifying crime


For more information about the DfE's NPD data sharing process, please visit:


Organisations fighting or identifying crime may use their legal powers to contact DfE to request access to individual level information relevant to detecting that crime. Whilst numbers fluctuate slightly over time, DfE typically supplies data on around 600 pupils per year to the Home Office and roughly 1 per year to the Police.


For information about which organisations the DfE has provided pupil information, (and for which project) or to access a monthly breakdown of data share volumes with Home Office and the Police please visit the following website:


To contact DfE:


Other policies which may reference this privacy notice

This Privacy Notice also applies in addition to the School's other relevant terms and conditions and policies, including:

  • any contract between the School and its staff or the parents of students

  • the School's policy on taking, storing and using images of students

  • the School’s policy on the use of CCTV

  • the School’s retention of records policy

  • the School's safeguarding and pastoral policy                                                            

  • the School’s Health and Safety policy, including how concerns or incidents are recorded

  • the School's IT policies, including its Acceptable Use policy, On-line Safety policy



If you would like to discuss anything in this privacy notice, please contact:






School Lead

Stephen Dodd

01494 863744

Data Protection Officer

Turn IT on

01865 597620 (option 3)


Policy update information (policy number GDPR-103a)


This policy is reviewed annually and updated in line with data protection legislation.