What is a Privacy Notice?
A Privacy Notice sets out how we use personal data (information) that we hold about individuals. The General Data Protection Regulation (GDPR) requires us to publish this information. This Privacy Notice explains how we collect, store, use and share personal data about our pupils and their parents/carers.
The types of personal data that we collect, hold and share include:
· Personal information (such as name, unique pupil number and address)
· Characteristics (such as ethnicity, language, nationality and eligibility for free school meals)
· Attendance information (including the number of absences and reasons for absence)
· Assessment information (such as test data, progress reports and estimated attainment
· Information relating to medical needs, special educational needs and disabilities
· Payment information relating to school meals, trips, extra-curricular activities etc.
Why we collect and use this information
We use this personal data:
· to support children learning
· to safeguard children
· to monitor and report on children’s progress
· to provide appropriate pastoral care
· to keep parents/carers informed about their child’s education and wellbeing
· to assess the quality of our provision
· to comply with the law regarding data sharing
· to provide services such as school meals and trips and visits
The lawful basis on which we use this information
We collect and use personal data in order to meet certain legal requirements. Under the GDPR,
this is known as “Legal obligation”. Relevant laws include:
· Article 6 and Article 9 of the GDPR
· Education Act 1996
· Education (Pupil Registration) (England) Regulations 2006
· Education (Information About Individual Pupils) (England) Regulations 2013
· Children’s and Families Act 2014, section 69
In some cases, we use personal data as part of our day-to-day function as a school even though
there may not be a specific law covering this. This is part of our “Public task” to educate and
support our children.
Giving your consent
The majority of the data you provide to us is mandatory (i.e. we do not need your permission to
hold this data). However, in some cases data is provided to us on a voluntary basis. Under the
GDPR, this is known as “Consent”, and applies to things like using a child’s photo on the school
website. Where required, we will ask you to give us your consent before using this data.
Special Category Personal Data
Information such as health needs, ethnic origin, religious beliefs and biometric data is known as
“Special Category Personal Data”. There are additional restrictions on how we can use sensitive
information of this type.
How long do we keep your data?
We keep different types of data for different amounts of time, in accordance with our Retention
Policy. This policy takes account of the retention schedules produced by the Information Record
Management Society, which can be viewed at http://irms.org.uk/page/SchoolsToolkit.
Who we share personal data with
The law requires us to share children’s data with the Department for Education (DfE).
We do not share personal data with anyone else without consent unless the law and our policies
allow us to do so. As well as the DfE, we routinely share certain types of personal data with:
· Other schools (eg when children move to another school)
· Leeds City Council (and other local authorities, where appropriate)
· National Health Service
We also share personal data with certain other third parties as part of our function as a school.
These companies / organisations must comply with strict terms and conditions covering the
confidentiality, security, retention and use of data. They include:
· Educational visits providers (for children participating in off-site visits)
· Evolve (our educational visits risk assessment system)
· FFT Aspire (children achievement data analysis)
· Micro Librarian Systems (school library management system)
· Mymaths (Maths website)
· SIMS (Schools Information Management System)
· Tucasi / Scopay (payments / online banking system)
Data collection requirements
To find out more about the data collection requirements placed on us by the Department for
Education (for example, via the school census) go to www.gov.uk/education/data-collection-andcensuses-for-schools.
Otley All Saints has in place technical and organisational measures to ensure a level of security
appropriate to the sensitive nature of the personal data that we use. We also provide data privacy
awareness training for all staff.
Requesting access to your personal data
Under data protection law, parents/carers have the right to request access to information that we
hold about them. To make a request for your personal information, or be given access to your
child’s educational record, contact the school office.
You also have the right to:
· object to processing of personal data that is likely to cause, or is causing, damage or
· prevent processing for the purpose of direct marketing
· object to decisions being taken by automated means
· in certain circumstances, have inaccurate personal data rectified, blocked, erased or
· claim compensation for damages caused by a breach of the Data Protection regulations
If you have a concern about the way we are collecting or using your personal data, please raise
your concern with us in the first instance. Alternatively, you can contact the Information
Commissioner’s Office at https://ico.org.uk/concerns/.
If you would like to discuss anything in this privacy notice, please contact ian.thomsonsmith@