Windmill Primary School
Privacy Notice (How we use pupil information)
The categories of pupil information that we collect, hold and share include:
- Personal information (such as name, unique pupil number and address)
- Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility)
- Attendance information (such as sessions attended, number of absences and absence reasons)
- Assessment information
- Relevant medical information
- Special educational needs information
- Exclusion and behavioural information
Why we collect and use this information
We use the pupil data:
- to support pupil learning
- to monitor and report on pupil progress
- to provide appropriate pastoral care
- to assess the quality of our services
- for safeguarding and child protection
- to comply with the law regarding data sharing
The lawful basis on which we use this information
We collect and use pupil information under departmental censuses and the Education Act 1996, for more information on the school census process and requirements see:
We collect and process data under the following legal basis for processing:
Article 6 (GDPR)
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- processing is necessary for compliance with a legal obligation to which the controller is subject;
Article 9 (GDPR)
- the data subject has given explicit consent to the processing of their personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject.
Collecting pupil information
Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this.
Storing pupil data
We hold pupil data in line with IRMS (Information records management service) guidelines. Please see the following document for full details on data storage including time scales.
Who we share pupil information with
We routinely share pupil information with:
- schools that the pupil’s attend after leaving us
- our local authority
- the Department for Education (DfE)
- agencies including the School Nurse and the NHS
- academy trust if applicable
- curriculum resources (all web resources are checked, and minimal details are shared with online teaching resources)
Why we share pupil information
We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.
We share pupils’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.
We are required to share information about our pupils with our local authority (LA) and the Department for Education (DfE) under section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013.
Data collection requirements:
To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.
The National Pupil Database (NPD)
The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.
To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information.
The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:
- conducting research or analysis
- producing statistics
- providing information, advice or guidance
The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
- who is requesting the data
- the purpose for which it is required
- the level and sensitivity of data requested: and
- the arrangements in place to store and handle the data
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
For more information about the department’s data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data
For information about which organisations the department has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received
To contact the DfE: https://www.gov.uk/contact-dfe
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Requesting access to your personal data
Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information or be given access to your child’s educational records. In the first instance please contact the school lead below.
Andy Howe/ Caroline Shannon
Data Protection Officer
turn IT on
01865 597620 (option 3)
You also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress
- prevent processing for the purpose of direct marketing
- object to decisions being taken by automated means
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- claim compensation for damages caused by a breach of the Data Protection regulations
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
Other policies which may reference this privacy notice
This Privacy Notice also applies in addition to the School's other relevant terms and conditions and policies, including:
- any contract between the School and its staff or the parents of students;
- the School's policy on taking, storing and using images of students;
- the School’s policy on the use of CCTV;
- the School’s retention of records policy, (IRMS template);
- the School's safeguarding and pastoral policy
- he School’s Health and Safety policy, including how concerns or incidents are recorded;
- the School's IT policies, including its Acceptable Use policy, On-line Safety policy
If you would like to discuss anything in this privacy notice, please contact:
Andy Howe/Caroline Shannon
Data Protection Officer
Turn IT on
01865 597620 (option 3)
Policy update information (policy number GDPR-103a)
This policy is reviewed annually and updated in line with data protection legislation.
Policy review information
turn IT on
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.
You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.