Please click here to view our privacy notice for employees
Privacy Notice (How we use pupil information)
​
Introduction
​
Keys Co-operative Academy Trust is the data controller for the use of personal data in this privacy notice.
As an Academy Trust we collect a significant amount of information about our pupils. This notice explains why we collect the information, how we use it, the type of information we collect and our lawful reasons to do so.
​
What type of data is collected?
​
The DfE and government requires us to collect a lot of data by law, so that they can monitor and support schools more widely, as well as checking on individual schools’ effectiveness.
​
The categories of pupil information that the school collects, holds and shares include the following:
​
-
Personal information – e.g. names, pupil numbers, contact details and addresses
-
Characteristics – e.g. ethnicity, language, nationality, country of birth and free school meal eligibility
-
Safeguarding information (such as court orders and professional involvement)
-
Special educational needs (including the needs and ranking)
-
Medical and administration (such as doctors’ information, child health, dental health, allergies, medication and dietary requirements)
-
Attendance information (such as sessions attended, number of absences, absence reasons and any previous schools attended)
-
Assessment and attainment information (such as key stage 1 and phonics results, post 16 courses enrolled for and any relevant results)
-
Behavioural information (such as exclusions and any relevant alternative provision put in place)
-
CCTV, photos and video recordings of you are also personal information
Why do we collect data?
​
We collect and use the pupil data to:
​
-
Support pupil learning
-
Monitor and report on pupil attainment progress
-
Provide appropriate pastoral care
-
Assess the quality of our services
-
Keep children safe (e.g. food allergies, emergency contact details)
-
Fulfil our statutory obligations to safeguard and protect children and vulnerable people
-
Enable targeted, personalised learning for pupils
-
Manage behaviour and effective discipline
-
Comply with our legal obligations to share data
-
Keep pupils, parents and carers informed about school events and school news
Our Legal Obligations
We must make sure that information we collect and use about pupils is in line with the GDPR and Data Protection Act. This means that we must have a lawful reason to collect the data, and that if we share that with another organisation or individual, we must have a legal basis to do so.
​
The lawful basis for schools to collect information comes from a variety of sources, such as the Education Act 1996, Regulation 5 of The Education (Information About Individual Pupils) (England) Regulations 2013, Article 6 and Article 9 of the GDPR.
​
The Department for Education and Local Authorities require us to collect certain information and report back to them. This is called a ‘public task’ and is recognised in law as it is necessary to provide the information.
We also have obligations to collect data about children who are at risk of suffering harm, and to share that with other agencies who have a responsibility to safeguard children, such as the police and social care.
We also share information about pupils who may need or have an Education Health and Care Plan (or Statement of Special Educational Needs). Medical teams have access to some information about pupils, either by agreement or because the law says we must share that information, for example school nurses may visit the school.
​
Counselling services, careers services, occupational therapists are the type of people we will share information, so long as we have consent or are required by law to do so.
​
We must keep up to date information about parents and carers for emergency contacts.
​
Collecting pupil information
​
We collect pupil information via pupil data collection sheets at the start of the year, Common Transfer File (CTF) or secure file transfer from the previous school.
​
Pupil data is essential for the schools’ operational use. Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with Data Protection legislation, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this.
​
How we use the data
​
In school we also use various third-party tools to make sure that pupils’ best interests are advanced. We also record details about progress, attainment and pupil development to support future planning and learning.
We use software to track progress and attainment.
​
We use data to manage and monitor pastoral needs and attendance/absences so that suitable strategies can be planned if required.
​
We use systems to take electronic payments for school meals. This includes financial software to manage school budgets, which may include some pupil data.
​
Data can be used to monitor school effectiveness, the impact of intervention and learning styles across groups of pupils as well as individual children.
​
We may use consultants, experts and other advisors to assist the school in fulfilling its obligations and to help run the School properly. We might need to share pupil information with them if this is relevant to their work.
We also use contact information to keep pupils, parents, carers up to date about school events.
​
Storing pupil data
​
We hold pupil data securely for the set amount of time shown in our data retention schedule. For more information on our data retention schedule and how we keep your data safe, please read our records management policy which can be viewed here
​
Who we share pupil information with
​
We routinely share pupil information with:
​
-
schools that the pupil’s attend after leaving us
-
schools that have referred to our Alternative Provision Academies
-
our local authority
-
the Department for Education (DfE)
-
Keys Co-operative Academy Trust and Schools in the Trust
-
NHS / School Nurse
Why we share pupil information
​
We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.
​
The Department for Education collects personal data from educational settings and local authorities via various statutory data collections.
​
We are required to share information about our pupils with the (DfE) under regulation 5 of The Education (Information About Individual Pupils) (England) Regulations 2013.
​
In our Alternative Provision Academies, we are required to pass information about our pupils to the Department for Education (DfE) under regulation 4 of The Education (Information About Individual Pupils) (England) Regulations 2013.
​
All data is transferred securely and held by the DfE under a combination of software and hardware controls, which meet the current government security policy framework.
​
For more information, please see ‘How Government Uses Your Data’ section of this privacy notice.
We may be required to share information about our pupils with the local authority to ensure that they can conduct their statutory duties under the School Admissions Code, including conducting Fair Access Panels.
Youth support services - Pupils aged 13+
​
Once our pupils reach the age of 13, we also pass pupil information to our local authority and / or provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996.
​
This enables them to provide services as follows:
-
youth support services
-
careers advisers
A parent or guardian can object to any information in addition to their child’s name, address and date of birth being passed to their local authority or provider of youth support services by informing us. This right is transferred to the child/pupil once they reach age 16.
​
Data is securely transferred to the youth support service via secure/encrypted email.
​
Requesting access to your personal data
​
Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact the School’s Office Manager.
​
You also have the right to:
​
-
to ask us for access to information about you that we hold
-
to have your personal data rectified, if it is inaccurate or incomplete
-
to request the deletion or removal of personal data where there is no compelling reason for its continued processing
-
to restrict our processing of your personal data (i.e. permitting its storage but no further processing)
-
to object to direct marketing (including profiling) and processing for the purposes of scientific/historical research and statistics
-
not to be subject to decisions based purely on automated processing where it produces a legal or similarly significant effect on you
-
​
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
​
For further information on how to request access to personal information held centrally by DfE, please see the ‘How Government uses your data’ section of this notice.
​
Withdrawal of consent and the right to lodge a complaint
​
Where we are processing your personal data with your consent, you have the right to withdraw that consent. If you change your mind, or you are unhappy with our use of your personal data, please let us know by contacting the School Office Manager.
​
Last updated
​
We may need to update this privacy notice periodically, so we recommend that you revisit this information from time to time. This version was last updated on 2nd February 2021.
​
Contact
​
If you would like to discuss anything in this privacy notice, please contact:
Jane Smith, Executive Support & Governance Officer, Keys Co-operative Academy Trust
The Trust's Data Protection officer is SBM Services
​
More information about Data Protection and our Policies
How we manage the data and our responsibilities to look after and share data is explained in our Data Protection policy and connected policies which are also available on our website.
How Government uses your data
​
The pupil data that we lawfully share with the DfE through data collections:
-
underpins school funding, which is calculated based upon the numbers of children and their characteristics in each school.
-
informs ‘short term’ education policy monitoring and school accountability and intervention (for example, school GCSE results or Pupil Progress measures).
-
supports ‘longer term’ research and monitoring of educational policy (for example how certain subject choices go on to affect education or earnings beyond school)
Data collection requirements
​
To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools
​
The National Pupil Database (NPD)
​
Much of the data about pupils in England goes on to be held in the National Pupil Database (NPD).
The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department.
​
It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
​
To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information
​
Sharing by the Department
​
The law allows the Department to share pupils’ personal data with certain third parties, including:
​
-
schools and local authorities
-
researchers
-
organisations connected with promoting the education or wellbeing of children in England
-
other government departments and agencies
-
organisations fighting or identifying crime
For more information about the Department’s NPD data sharing process, please visit:
https://www.gov.uk/data-protection-how-we-collect-and-share-research-data
Organisations fighting or identifying crime may use their legal powers to contact DfE to request access to individual level information relevant to detecting that crime. Whilst numbers fluctuate slightly over time, DfE typically supplies data on around 600 pupils per year to the Home Office and roughly 1 per year to the Police.
​
For information about which organisations the Department has provided pupil information, (and for which project) or to access a monthly breakdown of data share volumes with Home Office and the Police please visit the following website: https://www.gov.uk/government/publications/dfe-external-data-shares
​
How to find out what personal information DfE hold about you
​
Under the terms of the Data Protection Act 2018, you are entitled to ask the Department:
​
-
if they are processing your personal data
-
for a description of the data they hold about you
-
the reasons they’re holding it and any recipient it may be disclosed to
-
for a copy of your personal data and any details of its source
-
​
If you want to see the personal data held about you by the Department, you should make a ‘subject access request’. Further information on how to do this can be found within the Department’s personal information charter that is published at the address below:
To contact DfE: https://www.gov.uk/contact-dfe