Privacy Notice and Data Protection
Foxes Piece School – Privacy Notice
Data Protection Act 1998: How we use pupil information
Why we collect and use pupil information:
We collect and hold personal information relating to our pupils and may also receive information about them from the previous school, local authority and/or the Department for Education (DfE). We use this personal data to:
This information will include their contact details, national curriculum assessment results, attendance information, any exclusion information, where they go after they leave us and personal characteristics such as their ethnic group, any special educational needs they may as well as relevant medical information.
We will not give information about our pupils to anyone without your consent unless the law and our polices allow us to do so. If you want to receive a copy of the information about your child that we hold, please contact:-
Louise Chapman, Office Manager on the school number 01628 483455 or office@foxespiece.co.uk
We are required by law, to pass certain information about our pupils to our local authority (LA) and the Department of Education (DfE).
Collecting pupil information:
We collect pupil information via secure Common Transfer File (CTF).
Pupil data is essential for the schools’ operational use. Whilst the majority of pupil information you provide to us is mandatory, some of it requested on a voluntary basis. In order to comply with the data protection legislation, we will inform you at the point of collection, whether you are required to provide certain pupil information to us or if you have a choice in this.
Storing pupil data:
We hold pupil data securely for the set amount of time shown in our data retention schedule below.
1. Pupil Data
Data Type | Retention Period | Reason/Legal Basis |
Pupil Files (e.g., attendance, assessment, medical, safeguarding records) | Until the pupil turns 25 years old | Limitation Act 1980 / Safeguarding requirements |
Special Educational Needs (SEN) files | 35 years after the closure of file | SEN Code of Practice |
Pupil Educational Records (basic personal information, academic progress) | Date of leaving school + 25 years | Limitation Act 1980 |
Attendance Records | Date of attendance + 3 years | School attendance laws |
Accident Reports for pupils | Date of incident + 25 years | Health and Safety legislation |
2. Staff Data
Data Type | Retention Period | Reason/Legal Basis |
Personnel files (e.g., employment records, references) | Termination of employment + 6 years | Limitation Act 1980 |
Payroll, salary records, and pension records | Termination of employment + 6 years | Income Tax (Earnings and Pensions) Act 2003 |
Staff Accident/Incident Reports | Date of incident + 40 years | Health and Safety regulations |
Job applications (successful candidates) | Duration of employment + 6 years | Limitation Act 1980 |
Job applications (unsuccessful candidates) | 6 months from date of decision | Recruitment and privacy law |
3. Governance and Administration
Data Type | Retention Period | Reason/Legal Basis |
Governing body meeting minutes | Permanent | School governance and accountability |
School policies | Retain while current, review every 3 years | Best practice |
Health and Safety records (including risk assessments) | Life of the building + 40 years | Health and Safety regulations |
Ofsted Reports and School Self-Evaluations | Permanent | Accountability and inspection requirements |
4. Financial Data
Data Type | Retention Period | Reason/Legal Basis |
Annual budget and accounts | Current year + 6 years | Financial reporting requirements |
Invoices, receipts, and petty cash records | Current year + 6 years | Financial regulations |
Contracts with suppliers | Termination of contract + 6 years | Limitation Act 1980 |
Free School Meal Applications | Current year + 6 years | Education Act 1996 |
5. Parent and Guardian Data
Data Type | Retention Period | Reason/Legal Basis |
Parent communications (letters, emails, complaints) | Current year + 6 years | Limitation Act 1980 |
Contact details (e.g., emergency contacts, consent forms) | Duration of pupil enrollment | GDPR (data minimization and purpose limitation) |
6. Safeguarding Data
Data Type | Retention Period | Reason/Legal Basis |
Child Protection and Safeguarding records | Date of leaving school + 25 years | Keeping Children Safe in Education (KCSIE) |
Allegations of a child protection nature against a staff member | Until retirement age + 10 years | Independent Inquiry into Child Sexual Abuse (IICSA) guidance |
DBS (Disclosure and Barring Service) checks | 6 months after the check is completed | DBS Code of Practice |
7. Health and Medical Data
Data Type | Retention Period | Reason/Legal Basis |
Medical administration records (medication provided to pupils) | End of school year + 6 years | Health and Safety regulations |
Individual Healthcare Plans | Until the pupil turns 25 years old | SEN Code of Practice |
Accident reports (pupils and staff) | Date of incident + 25 years (pupils) or 40 years (staff) | Health and Safety at Work Act |
General Notes:
This retention schedule balances privacy with legal obligations and ensures that Foxes Piece Primary School responsibly manages and retains data.
Who we share information with:
We routinely share pupil information with:
Why we regularly share pupil information:
Pupil data is essential for the schools’ operational use. Whilst the majority of pupil information you provide to us is mandatory, some of it requested on a voluntary basis. In order to comply with the data protection legislation, we will inform you at the point of collection, whether you are required to provide certain pupil information to us or if you have a choice in this.
DfE may also share pupil level personal data that we supply to them, with third parties. This will only take place where legislation allows it to do so and it is in compliance with the Data Protection Act 1998.
We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.
At Foxes Piece School, we share pupil data to ensure that we can provide the best possible education and support for our pupils, in compliance with statutory obligations. The information is shared for the following purposes:
The sharing of pupil data is governed by relevant legislation, including the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). These laws ensure that data is processed fairly, lawfully, and transparently, with appropriate measures in place to protect pupil privacy.
Who We Share Pupil Information With: We may share pupil data with the following:
How Pupil Data is Transferred: We ensure that data transfers are carried out securely. Depending on the recipient and the nature of the data, we use secure electronic systems such as encrypted emails, secure data portals, or secure courier services. These measures are in place to ensure that pupil information is protected during transfer.
Data Retention Policy: Pupil data is retained in accordance with our Data Retention Policy, which outlines the periods for which we keep specific categories of information. After these periods, data is securely deleted or destroyed, unless we are required to retain it by law.
Our school takes data protection seriously and regularly reviews our data handling practices to ensure compliance with current legislation.
Department for Education (DfE)
The Department for Education (DfE) collects personal data from educational settings and local authorities via various statutory data collections. We are required to share information about our pupils with the Department for Education (DfE) either directly or via our local authority for the purpose of those data collections, under section 3 of the Education (Information about Individuals Pupils) (England) Regulations 2013.
All data is transferred securely and held by the Department for Education (DfE) under a combination of software and hardware controls, which meet the current government security policy framework.
For more information, please see ‘How Government uses your data’ section. For privacy information on the data the Department for Education collects and uses, please see: https://www.gov.uk/government/publications/privacy-information-early-years-foundation-stage-to-key-stage-3.
Requesting access to your personal data
The UK-GDPR gives parents and pupils certain rights about how their information is collected and used. To make a request for your personal information, or be given access to your child’s educational record, contact Louise Chapman, Office Manager.
You also have the following rights:
There are legitimate reasons why we may refuse your information rights request, which depends on why we are processing it. For example, some rights will not apply:
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at raise a concern with ICO.
For further information on how to request access to personal information held centrally by the Department for Education (DfE), please see the ‘How Government uses your data’ section of this notice.
Last updated
We may need to update this privacy notice periodically so we recommend that you revisit this information from time to time. This version was last updated on September 2024.
Contact
If you would like to discuss anything in this privacy notice, please contact Louise Chapman, Office Manager on the school number 01628 483455 or office@foxespiece.co.uk.
How Government uses your data
The pupil data that we lawfully share with the Department for Education (DfE) through data collections:
Data collection requirements
To find out more about the data collection requirements placed on us by the Department for Education (DfE) (for example; via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools
The National Pupil Database (NPD)
The NPD is owned and managed by the Department for Education (DfE) and contains information about pupils in schools in England. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
The data in the NPD is provided as part of the operation of the education system and is used for research and statistical purposes to improve, and promote, the education and well-being of children in England.
The evidence and data provide DfE, education providers, Parliament and the wider public with a clear picture of how the education and children’s services sectors are working in order to better target, and evaluate, policy interventions to help ensure all children are kept safe from harm and receive the best possible education.
To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-npd-privacy-notice/national-pupil-database-npd-privacy-notice
Sharing by the Department for Education (DfE)
DfE will only share pupils’ personal data where it is lawful, secure and ethical to do so. Where these conditions are met, the law allows the Department for Education (DfE) to share pupils’ personal data with certain third parties, including:
For more information about the Department for Education’s (DfE) NPD data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data
Organisations fighting or identifying crime may use their legal powers to contact the Department for Education (DfE) to request access to individual level information relevant to detecting that crime.
For information about which organisations the Department for Education (DfE) has provided pupil information, (and for which project) or to access a monthly breakdown of data share volumes with Home Office and the Police please visit the following website: https://www.gov.uk/government/publications/dfe-external-data-shares
How to find out what personal information the Department for Education (DfE) holds about you
Under the terms of the UK GDPR, you are entitled to ask the Department for Education (DfE):
If you want to see the personal data held about you by the Department for Education (DfE), you should make a ‘subject access request’. Further information on how to do this can be found within the Department for Education’s (DfE) personal information charter that is published at the address below:
or
To contact the Department for Education (DfE): https://www.gov.uk/contact-dfe