Privacy Notice - How we use pupil information
We, Peters Hill Primary School, are the data controller for the purposes of Data Protection Law.
Why do we collect and use pupil information?
We collect and use pupil information under the following Acts of parliament and associated legislation:
The Education Act, amendments and accompanying regulations – For example; Section 537A of the 1996 Act enables the education setting to collect information to perform the Department of Education’s termly census.
Section 40(2)(a) of the Childcare Act 2006 - early years foundation stage and Section 87 of the Education Act 2002 - key stage 1 and key stage 2, enables primary age education settings to collect information for the assessing and reporting of the national curriculum
There are various versions of the Education Act both proceeding and following the 1996 Act that have influence on what information is required and how it is processed such as: The Education Reform Act 1988, Further and Higher Education Act 1992, Education Act 1994, School Standards and Framework Act 1998, Teaching and Higher Education Act 1998, Education Act 2002, Higher Education Act 2004, Education Act 2005, Education and Inspection Act 2006 and Education Act 2011, The Education (Pupil Information) England Regulations 2005 and associated regulations and statutory instruments.
Where appropriate we also rely on:
The Children Act and subsequent amendments
The Common Law Duty of Care
Health and Safety at Work Act
Working together to Safeguard Children Guidelines (DfE)
Equality Act 2010
The Disability Discrimination Act,
Special Educational Needs (SEN) Code of Practice
Safeguarding Vulnerable Groups Act
Limitation Act 1980
We collect and use pupil information, for the following purposes:
- to support pupil learning
- to monitor and report on pupil attainment progress
- to provide appropriate pastoral care
- to assess the quality of our services
- to keep children safe (food allergies or emergency contact details)
- to meet the statutory duties placed upon us for DfE data collections
- to comply with the law regarding data sharing
The categories of pupil information that we collect, holdand share include:
- Personal information (such as name, unique pupil number, contact details and address, relevant medical information)
- Characteristics (such as ethnicity, language, gender, religion, date of birth, free school meal eligibility)
- Special educational needs (including the needs and ranking)
- Safeguarding information (such as court orders and professional involvement)
- Medical and administration (such as doctors information, child health, dental health, allergies, medication and dietary requirements)
- Attendance information (such as sessions attended, number of absences and absence reasons, any previous schools attended)
- Assessment and attainment information (such as EYFS, Key Stage or internal academic assessment information.
- Behavioural information (such as exclusions and any relevant alternative provision put in place)
For a further example of the information typically held by schools, please see the Department for Education (DfE) Common Basic Data Set, here:
Collecting pupil information
We collect pupil information via registration forms at the start of school and secure file transfer from previous school (if applicable).
Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with data protection legislation, we will inform you at the point of collection, whether you are required to provide certain pupil information to us or if you have a choice in this and we will tell you what you need to do if you do not want to share this information with us.
We intend to collect consent to process information for photographss, school trips, access to the internet, cashless catering, permission to change clothing (Nursery – Year 2);please note, you have a right to withdraw consent at any time and can contact the school in writing to do this.
If you provide us with contact details of others, for example, in case of emergency or when you may not be available please ensure that they are aware their information has been passed to the school.
A Legitimate Interest Assessment has been completed as the lawful basis for processing personal data within Tucasi (our online payment system) and Groupcall (used to communicate with parents).
We will also receive the above types of personal information, where relevant, from the previous school/nurseryand may also receive information from the Local Authority (LA) and the DfE.
Storing Pupil Data
The information we collect, use and store about pupils and their parents/carers is retained on our computer systems and in paper files, either until it is updated/superseded or until the pupil leaves the school where it will be passed on to the receiving school in accordance with the Education (Pupil Information) England Regulations 2005. Records are retained by a Secondary school for the period of 25 years from the Date of birth of the Child. Further information on how long schools retain information can be seen in the Information Records Management Society Toolkit for schools.
RM Integris is a cloud based system and personal data relating to pupils and the workforce will be hosted in the cloud. This information will be managed in line with the retention period as set out in the Information Records Management Society Toolkit for schools. The school as data controller has undertaken a data protection impact assessment to identify and mitigate against any risks’.
Tucasi is a fully integrated software solution with a dinner money, extended day and trip modules which is designed to help schools reduce the time taken to administer expenditure every day. Pupil data relates to personal identifiers and contacts. Parental/guardian information will be collected relating to Parent/Guardian name and parent/guardian e-mail address. Personal data is stored on remote servers. The school has undertaken a Data Protection Impact Assessment in order to ensure personal data is kept secure.
Who do we share pupil information with?
We routinely share pupil information with:
- Relevant staff within the school.
- Schools that the pupil’s attend after leaving us.
- Our local authority.
- The Department for Education (DfE)
- Health Services including the School Nurse and Test and Trace.
- Investigation Education Service.
- Tucasi - provision of online payment system. (Personal data shared – child’s name, address, unique personal number and class).
- Net Media Ltd - provision of online parents evening booking system. (Personal data shared – child’s name, date of birth and class and parent’s names).
- RM Education – provisions of various services through the ICT managed service. (Personal data shared – details provided by parent/guardian on the new pupil form)
- Groupcall Messenger - allows us to contact you by text and email. (Personal data shared – child’s name, parent’s name, telephone number and email address).
- Cunninghams – provision of cashless catering system. (Personal data shared – child’s name, class, unique personal number).
- The Foundation Stage Forum – provision of online learning journey. (Personal data shared – child’s name, class, observations).
- CPOMS – software application for monitoring child protection, safeguarding, pastoral and welfare issues. Personal data shared – child’s name, class, names of siblings).
- Vaccination UK Ltd. Company who administer the flu vaccine to pupils. (Personal data shared – child’s name and class).
- Just2Easy – provides access to a range of online tools and resources. (Personal data shared – child’s name, class and year group).
- My Maths – provides interactive, online learning. (Personal data shared – child’s name).
- Purple Mash – provides online resources. (Personal data shared – child’s name and class).
- Micro Librarian Systems – library management system. (Personal data shared – child’s name, date of birth, class and gender).
- Renaissance – cloud-based assessment, teaching and learning programmes. (Personal data shared – child’s name, date of birth, class and gender). Renaissance have a comprehensive Privacy Notice available at this link: http://www.renlearn.co.uk/about-us/privacy/ for further information if required.
- Discovery Education (Espresso) - cross curricular digital learning service for teachers and pupils. (Personal data shared – pupil's unique details).
- Maths Rock Stars – Provides online activities and resources. (Personal data shared – name, date of birth, class and gender).
- Carrot Rewards – Online portal to record rewards and achievements. (Personal data shared – pupil's unique details).
- Orchard Digital Ltd – Online spelling, punctuation and grammar resource. (Personal data shared – pupil's name, class and results data).
- Hodder Education’s Rising Stars Wellbeing & Attitudes to Learning Survey. (Personal data shared – pupil information obtained from our management information system).
- Edenred UK – Edenred has been approved by the Department for Education to manage the distribution of eCodes to parents, of children who have been awarded free school meals, to redeem against a free school meal voucher during the Coronavirus situation. (Personal data shared – 1st parent/carer name & contact email address).
- Osbourne Technologies (Entry Sign) – system used to record details of children arriving at school after registration or leaving before the end of the school day. (Personal data shared – name and class).
- Evolve – system used to administer risk assessments for educational visits and residential visits. (Personal data shared – name, unique pupil number, class and gender).
- Satchel One (Show my Homework) - online tool to keep track of pupils’ homework. (Personal data shared – child's name, class, gender, unique pupil number and date of birth).
- Wonde - used to obtain personal data from the school’s management information system to ensure the management and distribution of winter grant food vouchers and utilisation of Education City. (Personal data shared - pupil's unique details).
- Education City – provides educational software (personal data shared – pupil’s unique details).
We are committed to working with the local authority in protecting and safeguarding children and young people in the Borough. As a consequence we intend, where relevant to do so, share information with the Multi-Agency Safeguarding Hub (MASH) which is a co-located arrangement of agencies including the local authority, Police, NHS Trusts and Probation Service integrated into a multi-agency team.
The MASH is the single point of contact for safeguarding concerns, and the MASH share information appropriately and securely on children or young people in order to take timely and appropriate actions. The teams also provide information and advice across a range of child and family services.
Where a pupil/parent/carer has been involved in an accident, an Accident/Incident Report Form will be completed which will include details of the accident including information about you. This information will be passed to the Corporate Health and Safety Team at the local authority. This information will be accessed by Dudley MBC employees, who legally require access to this data, for purposes related to this incident, and may be shared with others to allow us to comply with our statutory duties’.
Why we share pupilinformation
We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.
We share pupils’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.
We are required to share information about our pupils with our local authority (LA) and the Department for Education (DfE) under section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013.
Data collection requirements:
To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.
We may be required to share information about our pupils with the local authority to ensure that they can conduct their statutory duties under
- the Schools Admission Code, including conducting Fair Access Panels.
Department for Education
The Department for Education (DfE) collects personal data from educational settings and local authorities via various statutory data collections. We are required to share information about our pupils with the Department for Education (DfE) either directly or via our local authority for the purpose of those data collections, under: section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013.
All data is transferred securely and held by DfE under a combination of software and hardware controls, which meet the current government security policy framework.
For more information, please see ‘How Government uses your data’ section.
Requesting access to your personal data
Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact YourIG Data Protection Officer Service.
You also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress
- prevent processing for the purpose of direct marketing
- object to decisions being taken by automated means
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- a right to seek redress, either through the ICO, or through the courts
If you have a concern or complaint about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/
For further information on how to request access to personal information held centrally by DfE, please see the ‘How Government uses your data’ section of this notice.
Withdrawal of consent and the right to lodge a complaint
Where we are processing your personal data with your consent, you have the right to withdraw that consent. If you change your mind, or you are unhappy with our use of your personal data, please let us know by contacting the Headteacher in writing.
We may need to update this privacy notice periodically so we recommend that you revisit this information from time to time. This version was last updated on 13 August 2021.
If you would like to discuss anything in this privacy notice, please contact:
YourIG Data Protection Officer Service
The Council House
Tel: 01384 815607
How Government Uses Your Data
The pupil data that we lawfully share with the DfE through data collections:
- underpins school funding, which is calculated based upon the numbers of children and their characteristics in each school.
- informs ‘short term’ education policy monitoring and school accountability and intervention (for example, Pupil progress measures.)
- Supports ‘longer term’ research and monitoring of educational policy (for example, how certain subject choices go on to affect education or earnings beyond school).
Data collection requirements:
To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to
The National Pupil Database (NPD)
Much of the data about pupils in England goes on to be held in the National Pupil Database (NPD).
The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provided invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department.
It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
To find out more about the NPD, go to
Sharing by the Department
The law allows the Department to share pupils’ personal data with certain third parties, including:
- local authorities
- organisations connected with promoting the education or wellbeing of children in England.
- other government departments and agencies.
- organisations fighting or identifying crime.
For more information about the Department’s NPD data sharing process, please visit:
Organisations fighting or identifying crime may use their legal powers to contact DfE to request access to individual level information relevant to detecting that crime. Whilst numbers fluctuate slightly over time, DfE typically supplies data on around 600 pupils per year to the Home Office and roughly 1 per year to the Police.
For information about which organisations the Department has provided pupil information, (and for which project) or to access a monthly breakdown of data share volumes with Home Office and the Police please visit the following website:
How to find out what personal information DfE hold about you
Under the terms of the Data Protection Act 2018, you are entitled to ask the Department:
- if they are processing your personal data
- for a description of the data they hold about you
- the reasons they’re holding it and any recipient it may be disclosed to
- for a copy of your personal data and any details of its source
If you want to see the personal data held about you by the Department, you should make a ‘subject access request’. Further information on how to do this can be found within the Department’s personal information charter that is published at the address below:
To contact DfE: https://www.gov.uk/contact-dfe