Menu Foxes Piece School
Home Page

Foxes Piece School

Privacy Notice and Data Protection

Privacy Notice and Data Protection

Foxes Piece School – Privacy Notice

Data Protection Act 1998: How we use pupil information

 

Why we collect and use pupil information:

We collect and hold personal information relating to our pupils and may also receive information about them from the previous school, local authority and/or the Department for Education (DfE). We use this personal data to:

  • support our pupils’ learning
  • monitor and report on their progress
  • provide appropriate pastoral care; and
  • access the quality of our services
  • to keep children safe (food allergies, or emergency contact details)
  • to meet the statutory duties placed upon us for the Department for Education (DfE) data collections

 

This information will include their contact details, national curriculum assessment results, attendance information, any exclusion information, where they go after they leave us and personal characteristics such as their ethnic group, any special educational needs they may as well as relevant medical information.

 

We will not give information about our pupils to anyone without your consent unless the law and our polices allow us to do so. If you want to receive a copy of the information about your child that we hold, please contact:-

 

Louise Chapman, Office Manager on the school number 01628 483455 or office@foxespiece.co.uk

 

We are required by law, to pass certain information  about our pupils to our local authority (LA) and the Department of Education (DfE).

 

Collecting pupil information:

We collect pupil information via secure Common Transfer File (CTF).

 

Pupil data is essential for the schools’ operational use. Whilst the majority of pupil information you provide to us is mandatory, some of it requested on a voluntary basis. In order to comply with the data protection legislation, we will inform you at the point of collection, whether you are required to provide certain pupil information to us or if you have a choice in this.

 

Storing pupil data:

We hold pupil data securely for the set amount of time shown in our data retention schedule below.

 

1. Pupil Data

Data Type

Retention Period

Reason/Legal Basis

Pupil Files (e.g., attendance, assessment, medical, safeguarding records)

Until the pupil turns 25 years old

Limitation Act 1980 / Safeguarding requirements

Special Educational Needs (SEN) files

35 years after the closure of file

SEN Code of Practice

Pupil Educational Records (basic personal information, academic progress)

Date of leaving school + 25 years

Limitation Act 1980

Attendance Records

Date of attendance + 3 years

School attendance laws

Accident Reports for pupils

Date of incident + 25 years

Health and Safety legislation

2. Staff Data

Data Type

Retention Period

Reason/Legal Basis

Personnel files (e.g., employment records, references)

Termination of employment + 6 years

Limitation Act 1980

Payroll, salary records, and pension records

Termination of employment + 6 years

Income Tax (Earnings and Pensions) Act 2003

Staff Accident/Incident Reports

Date of incident + 40 years

Health and Safety regulations

Job applications (successful candidates)

Duration of employment + 6 years

Limitation Act 1980

Job applications (unsuccessful candidates)

6 months from date of decision

Recruitment and privacy law

3. Governance and Administration

Data Type

Retention Period

Reason/Legal Basis

Governing body meeting minutes

  Permanent

School governance and accountability

School policies

 Retain while current, review every 3 years

Best practice

Health and Safety records (including risk assessments)

Life of the building + 40 years

Health and Safety regulations

Ofsted Reports and School Self-Evaluations

Permanent

Accountability and inspection requirements

4. Financial Data

Data Type

Retention Period

Reason/Legal Basis

Annual budget and accounts

             Current year + 6 years

           Financial reporting requirements

Invoices, receipts, and petty cash records

             Current year + 6 years

           Financial regulations

Contracts with suppliers  

             Termination of contract + 6 years

           Limitation Act 1980

Free School Meal Applications

              Current year + 6 years

           Education Act 1996

5. Parent and Guardian Data

Data Type

Retention Period

Reason/Legal Basis

Parent communications (letters, emails, complaints)

Current year + 6 years

Limitation Act 1980

Contact details (e.g., emergency contacts, consent forms)

Duration of pupil enrollment

GDPR (data minimization and purpose limitation)

6. Safeguarding Data

Data Type

Retention Period

Reason/Legal Basis

Child Protection and Safeguarding records

Date of leaving school + 25 years

Keeping Children Safe in Education (KCSIE)

Allegations of a child protection nature against a staff member

Until retirement age + 10 years

Independent Inquiry into Child Sexual Abuse (IICSA) guidance

DBS (Disclosure and Barring Service) checks

6 months after the check is completed

DBS Code of Practice

7. Health and Medical Data

Data Type

Retention Period

Reason/Legal Basis

Medical administration records (medication provided to pupils)

End of school year + 6 years

Health and Safety regulations

Individual Healthcare Plans

Until the pupil turns 25 years old

SEN Code of Practice

Accident reports (pupils and staff)

Date of incident + 25 years (pupils) or 40 years (staff)

Health and Safety at Work Act

General Notes:

  • Destruction Method: After the retention period, all records containing personal data must be securely disposed of, such as through shredding (paper) or permanently deleting digital records.
  • Regular Reviews: Review the retention schedule annually to ensure compliance with evolving laws and best practices (e.g., GDPR, Data Protection Act 2018).
  • Access Control: Ensure that sensitive data is accessible only to authorized staff and is stored securely.

This retention schedule balances privacy with legal obligations and ensures that Foxes Piece Primary School responsibly manages and retains data.

 

Who we share information with:

We routinely share pupil information with:

  • schools that the pupils attend after leaving us
  • our local authority
  • the Department for Education (DfE)
  • school nursing team

 

Why we regularly share pupil information:

 

Pupil data is essential for the schools’ operational use. Whilst the majority of pupil information you provide to us is mandatory, some of it requested on a voluntary basis. In order to comply with the data protection legislation, we will inform you at the point of collection, whether you are required to provide certain pupil information to us or if you have a choice in this.

 

DfE may also share pupil level personal data that we supply to them, with third parties. This will only take place where legislation allows it to do so and it is in compliance with the Data Protection Act 1998.

We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so. 

 

 

At Foxes Piece School, we share pupil data to ensure that we can provide the best possible education and support for our pupils, in compliance with statutory obligations. The information is shared for the following purposes:

  • To support pupil learning
  • To monitor and report on pupil progress
  • To provide appropriate pastoral care
  • To assess the quality of our services
  • To comply with legal obligations regarding data sharing

 

The sharing of pupil data is governed by relevant legislation, including the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). These laws ensure that data is processed fairly, lawfully, and transparently, with appropriate measures in place to protect pupil privacy.

Who We Share Pupil Information With: We may share pupil data with the following:

  • Schools that the pupil attends after leaving us
  • Local authorities, to meet legal obligations to share certain information
  • The Department for Education (DfE)
  • Agencies that provide services to pupils, such as health or welfare services
  • Examination boards and educational software providers

How Pupil Data is Transferred: We ensure that data transfers are carried out securely. Depending on the recipient and the nature of the data, we use secure electronic systems such as encrypted emails, secure data portals, or secure courier services. These measures are in place to ensure that pupil information is protected during transfer.

Data Retention Policy: Pupil data is retained in accordance with our Data Retention Policy, which outlines the periods for which we keep specific categories of information. After these periods, data is securely deleted or destroyed, unless we are required to retain it by law.

Our school takes data protection seriously and regularly reviews our data handling practices to ensure compliance with current legislation.

 

Department for Education (DfE)

The Department for Education (DfE) collects personal data from educational settings and local authorities via various statutory data collections. We are required to share information about our pupils with the Department for Education (DfE) either directly or via our local authority for the purpose of those data collections, under section 3 of the Education (Information about Individuals Pupils) (England) Regulations 2013. 

 

All data is transferred securely and held by the Department for Education (DfE) under a combination of software and hardware controls, which meet the current government security policy framework.

For more information, please see ‘How Government uses your data’ section. For privacy information on the data the Department for Education collects and uses, please see: https://www.gov.uk/government/publications/privacy-information-early-years-foundation-stage-to-key-stage-3.

 

Requesting access to your personal data

 

The UK-GDPR gives parents and pupils certain rights about how their information is collected and used. To make a request for your personal information, or be given access to your child’s educational record, contact Louise Chapman, Office Manager. 

 

You also have the following rights:

  • the right to be informed about the collection and use of your personal data – this is called ’right to be informed’.
  • the right to ask us for copies of your personal information we have about you – this is called ’right of access’, this is also known as a subject access request (SAR), data subject access request or right of access request.
  • the right to ask us to change any information you think is not accurate or complete – this is called ‘right to rectification’.
  • the right to ask us to delete your personal information – this is called ‘right to erasure’
  • the right to ask us to stop using your information – this is called ‘right to restriction of processing’.
  • the ‘right to object to processing’ of your information, in certain circumstances
  • rights in relation to automated decision making and profiling.
  • the right to withdraw consent at any time (where relevant).
  • the right to complain to the Information Commissioner if you feel we have not used your information in the right way.

 

There are legitimate reasons why we may refuse your information rights request, which depends on why we are processing it. For example, some rights will not apply:

  • right to erasure does not apply when the lawful basis for processing is legal obligation or public task.
  • right to portability does not apply when the lawful basis for processing is legal obligation, vital interests, public task or legitimate interests.
  • right to object does not apply when the lawful basis for processing is contract, legal obligation or vital interests. And if the lawful basis is consent, you don’t haven’t the right to object, but you have the right to withdraw consent.

 

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at raise a concern with ICO.

For further information on how to request access to personal information held centrally by the Department for Education (DfE), please see the ‘How Government uses your data’ section of this notice.

 

Last updated

We may need to update this privacy notice periodically so we recommend that you revisit this information from time to time. This version was last updated on September 2024. 

 

Contact

If you would like to discuss anything in this privacy notice, please contact Louise Chapman, Office Manager on the school number 01628 483455 or office@foxespiece.co.uk.

 

How Government uses your data

The pupil data that we lawfully share with the Department for Education (DfE) through data collections:

  • underpins school funding, which is calculated based upon the numbers of children and their characteristics in each school.
  • informs ‘short term’ education policy monitoring and school accountability and intervention (for example, school GCSE results or Pupil Progress measures).
  • supports ‘longer term’ research and monitoring of educational policy (for example how certain subject choices go on to affect education or earnings beyond school)

 

Data collection requirements

 

To find out more about the data collection requirements placed on us by the Department for Education (DfE) (for example; via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools

 

The National Pupil Database (NPD)

The NPD is owned and managed by the Department for Education (DfE) and contains information about pupils in schools in England. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.

The data in the NPD is provided as part of the operation of the education system and is used for research and statistical purposes to improve, and promote, the education and well-being of children in England.

The evidence and data provide DfE, education providers, Parliament and the wider public with a clear picture of how the education and children’s services sectors are working in order to better target, and evaluate, policy interventions to help ensure all children are kept safe from harm and receive the best possible education. 

To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-npd-privacy-notice/national-pupil-database-npd-privacy-notice

 

Sharing by the Department for Education (DfE)

DfE will only share pupils’ personal data where it is lawful, secure and ethical to do so. Where these conditions are met, the law allows the Department for Education (DfE) to share pupils’ personal data with certain third parties, including:

  • schools and local authorities
  • researchers
  • organisations connected with promoting the education or wellbeing of children in England
  • other government departments and agencies
  • organisations fighting or identifying crime

For more information about the Department for Education’s (DfE) NPD data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data

Organisations fighting or identifying crime may use their legal powers to contact the Department for Education (DfE) to request access to individual level information relevant to detecting that crime.

For information about which organisations the Department for Education (DfE) has provided pupil information, (and for which project) or to access a monthly breakdown of data share volumes with Home Office and the Police please visit the following website: https://www.gov.uk/government/publications/dfe-external-data-shares

 

How to find out what personal information the Department for Education (DfE) holds about you

 

Under the terms of the UK GDPR, you are entitled to ask the Department for Education (DfE):

  • if they are processing your personal data
  • for a description of the data they hold about you
  • the reasons they’re holding it and any recipient it may be disclosed to
  • for a copy of your personal data and any details of its source

If you want to see the personal data held about you by the Department for Education (DfE), you should make a ‘subject access request’.  Further information on how to do this can be found within the Department for Education’s (DfE) personal information charter that is published at the address below:

https://www.gov.uk/government/organisations/department-for-education/about/personal-information-charter

or 

https://www.gov.uk/government/publications/requesting-your-personal-information/requesting-your-personal-information#your-rights 

To contact the Department for Education (DfE): https://www.gov.uk/contact-dfe

 

 

 

 

 

Top