• Personal data that we may collect, use, store, and share (when appropriate) about pupils & parents/carers includes, but is not limited to: 

• Personal Information (such as name, date of birth, unique pupil number, parent’s/carer’s national insurance number)
• Contact details and preferences (such as telephone number, email address, postal address, for you and your emergency contacts)
• Assessment information (such as data scores, tracking, and internal/external testing)
• Protected characteristics, (such as ethnic background, religion or belief)
• Special educational needs information (such as EHCP’s, statements, applications for support, care or support plans)
• Exclusion information
• Relevant medical information (such as NHS information, health checks, physical and mental health care, immunisation status and allergies and medical conditions, including physical and mental health)
• Attendance information (such as sessions attended, number of absences and absence reasons)
• Safeguarding information
• Details of any support received, including care packages, plans and support providers
• Photographs & Videos (such as for internal safeguarding & security purposes, school newsletters, media and promotional purposes).
• Closed-circuit television (CCTV) images captured in school
• Data about your use of the school’s information and communications systems
• Payment and banking details where required. 

We may also hold data about pupils and parents/carers that we have received from other organisations, including other schools, local authorities and the Department for Education (“DfE”).

A full breakdown of the information we collect on students & parents/carers can be requested by contacting Roz Flitton (Operations and Facilities Manager) email admin@stpeaton.org.uk 

The purpose of collecting and processing this data includes but is not limited to:

• Contacting you in relation to your child or to inform you about school events and updates
• Supporting pupil learning
• Monitoring and reporting on pupil progress
• Providing appropriate pastoral care
• Protecting pupil welfare and safeguarding
• Assessing the quality of our services
• Administering admissions waiting lists
• Carrying out research
• Complying with the law regarding data sharing
• Adhering to the statutory duties placed upon us by the Department for Education.

This section contains information about the legal basis that we are relying on on when handling your information. These are defined under data protection legislation and for personally identifiably information are: 

• You have given consent for one of more specific purposes. 
• Processing is necessary to comply with the school’s legal obligations.
• Processing is necessary to protect your vital interests. 
• Processing is necessary for tasks in the public interest or exercise of authority vested in the controller (the provision of education)
• Processing is necessary for the school’s legitimate interests or the legitimate interests of a third party.

When we process special category information, which is deemed to be more sensitive, the following lawful basis are used: 

• You have given explicit consent.

• It is necessary to fulfil the school’s obligations or your obligations.
• It is necessary to protect your vital interests.
•  Processing is carried out by a foundation or not-for-profit organisation (includes religious, political or philosophical organisations and trade unions).
• Reasons of public interest in the area of public health.

An example of how we use the information you provide is:

The submission of the school census returns, including a set of named pupil records, is a statutory requirement on schools under Section 537A of the Education Act 1996.

Putting the school census on a statutory basis:

• means that schools do not need to obtain parental or pupil consent to the provision of information

• ensures schools are protected from any legal challenge that they are breaching a duty of confidence to pupils

• helps to ensure that returns are completed by schools.

Where we have obtained consent to use pupils’ personal data, this consent can be withdrawn at any time. We will make this clear when we ask for consent and explain how consent can be withdrawn.

While the majority of information we collect about pupils & parents/carers is mandatory, there is some information that can be provided voluntarily. 

Whenever we seek to collect information from you or your child, we make it clear whether providing it is mandatory or optional. If it is mandatory, we will explain the possible consequences of not complying. 

We keep your information for as long as we need to educate and look after our pupils

The majority of this will be stored in the pupil file and this file will follow the pupil whenever they move schools and will be retained by the last school the pupil attends.

Where we are legally required or have a lawful basis to do so we will keep some information after your child has left the School. This will be retained in line with our Data Retention Schedule, a copy of which can be requested by contacting Roz Flitton (Operations and Facilities Manager) email admin@stpeaton.org.uk  

To protect your data, we have data protection policies and procedures in place, including strong organisational and technical measures, which are regularly reviewed. Further information can be found in our Data Protection Policy or upon request.

In order for us to legally, effectively and efficiently function we are required to share data with appropriate third parties, including but not limited to:

• Our local authority – to meet our legal obligations to share certain information with it, such as safeguarding concerns and exclusions.
• The Department for Education- to meet our legal obligations to share certain information.
• The pupil’s family and representatives- such as in the event of an emergency.
• Educators and examining bodies- such as ensuring we adhere to examining regulations to guarantee the validity of examinations.
• Ofsted- during the course of a school inspection.
• Suppliers and service providers – to enable them to provide the service we have contracted them for.
• Central and local government.
• Our auditors- to ensure compliance with our legal obligations.
• Health authorities (NHS)- to ensure the well being of pupils
• Security organisations to create a secure workplace for all staff.
• Health and social welfare organisations.
• Professional advisers and consultants - for us to develop our services and best provide our public service. 
• Charities and voluntary organisations.
• Police forces, courts, tribunals, security services - to create a secure workplace for all at the school.
• Professional bodies.
• Schools that the pupils attend after leaving us.

We may send your information to other countries when:
•    we or a company we work with store information on computer servers based overseas; or
•    we communicate with you when you are overseas. 
We conduct due diligence on the companies we share data with and note whether they process data in the UK, EEA (which means the European Union, Liechtenstein, Norway and Iceland) or outside of the EEA. 
The UK and countries in the EEA are obliged to adhere to the requirements of the GDPR and have equivalent legislation which confer the same level of protection to your personal data.
For organisations who process data outside the UK and EEA we will assess the circumstances of how this occurs and ensure there is no undue risk.
Additionally, we will assess if there are adequate legal provisions in place to transfer data outside of the UK.

We share students’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.

We are required to share information about our students with our local authority (LA) and the Department for Education (DfE) under section 3 of The Education (Information About Individual Students) (England) Regulations 2013.

To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.

The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies. 

We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.

To find out more about the NPD, go to https://find-npd-data.education.gov.uk/ 

The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:
•    conducting research or analysis
•    producing statistics
•    providing information, advice or guidance
The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
•    who is requesting the data
•    the purpose for which it is required
•    the level and sensitivity of data requested: and 
•    the arrangements in place to store and handle the data 

To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
For more information about the department’s data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data 
For information about which organisations the department has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received

To contact DfE: https://www.gov.uk/contact-dfe 
 

The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies. 

We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.

To find out more about the NPD, go to https://find-npd-data.education.gov.uk/

The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:
•    conducting research or analysis
•    producing statistics
•    providing information, advice or guidance
The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
•    who is requesting the data
•    the purpose for which it is required
•    the level and sensitivity of data requested: and 
•    the arrangements in place to store and handle the data 

To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
For more information about the department’s data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data 
For information about which organisations the department has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received

To contact DfE: https://www.gov.uk/contact-dfe

Your other rights regarding your data:

You may:
•    Withdraw your consent to processing at any time (this only relates to data for which the school relies on consent as a lawful basis for processing) 
•    Ask us to rectify, erase or restrict processing of your personal data, or object to the processing of it in certain circumstances and where sufficient supporting evidence is supplied
•    Prevent the use of your personal data for direct marketing
•    Challenge processing which has been justified on the basis of public interest, official authority or legitimate interests
•    Request a copy of agreements under which your personal data is transferred outside of United Kingdom
•    Object to decisions based solely on automated decision making or profiling (decisions taken with no human involvement, that might negatively affect you)
•    Request a cease to any processing that is likely to cause damage or distress
•    Be notified of a data breach in certain circumstances
•    Refer a complaint to the ICO
•    Ask for your personal data to be transferred to a third party in a structured, commonly used and machine-readable format (in certain circumstances).
The School will comply with the Data Protection legislation in regard to dealing with all data requests submitted in any format, although individuals are asked to preferably submit their request in written format to assist with comprehension. 
Requests should include:
•    Name of individual
•    Correspondence address
•    Contact number and email address
•    Details of the request

Parents/carers also have a legal right to access to their child’s educational record. 
If you would like to exercise any of the rights or requests listed above, please contact Roz Flitton 

• admin@stpeaton.org.uk 

• 020 7504 0537 

• Lower Belgrave St, Belgravia, London SW1W 0NL 

We reserve the right to verify the requesters’ identity by asking for Photo ID. If this proves insufficient, then further ID may be required. 

We reserve the right to verify the requesters’ identity by asking for Photo ID. If this proves insufficient, then further ID may be required. 

Article 22 of the UK GDPR has additional rules to protect individuals from decisions made solely for the purpose of automated decision-making and profiling. The school does not carry out any automated decision-making and/or profiling on pupils or parents/carers.
 

If you suspect that your or someone else’s data has been subject to unauthorised or unlawful processing, accidental loss, destruction or damage, we ask that you please contact Roz Flitton (Operations and Facilities Manager and advise us without undue delay.  

We take any complaints about our collection and use of personal information very seriously. 
If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with the school in the first instance via email to admin@stpeaton.org.uk.  
This complaint may be assessed by our independent Data Protection Officer, Jay Makwana (contactable on jay.makwana@london.anglican.org, 020 3837 5073) with a final response provided within 30 days.  

If you are unhappy with the school’s final response you can refer the matter to the Information Commissioner’s Office: 
•    Report a concern online at https://ico.org.uk/concerns/ 
•    Call 0303 123 1113 
•    Or write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF 
 

If you have any questions, concerns or would like more information about anything mentioned in this privacy notice, please contact either our School Data Protection Lead, Roz Flitton (Operations and Facilities Manager) at St Peter’s Eaton Square C of E Primary or our independent Data Protection Officer, Jay Makwana (contactable on jay.makwana@london.anglican.org, 020 3837 5073).

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.