Data Protection

(Parents, Guardians and Pupils)

How We Use Parent, Guardian and Pupil Information

The categories of pupil information that we collect, hold and share include:

  • Personal information (such as name, unique pupil number and address)
  • Special Category (such as ethnicity, health, language, nationality, country of birth, sexual orientation and free school meal eligibility)
  • Biometric Information such as finger print recognition for school meals
  • Attendance information (such as sessions attended, number of absences and absence reasons)
  • Assessment information (such as results of Welsh national test, statutory assessments in years 2 and 6 and on-going teacher assessment)
  • Relevant medical information given to us by parents and other third parties such as NHS Trusts, GPs and allied medical professionals (such as physiotherapists, sight and hearing impaired professionals)
  • Special Educational Needs and Disability information
  • Behaviour and exclusions – both internal and external

Why we collect and use this information We use the pupil data:

  • to support pupil learning
  • to monitor and report on pupil progress
  • to provide appropriate pastoral care
  • to assess the quality of our services
  • to comply with the law regarding data sharing
  • to safeguard pupils

The categories of parent information that we collect, hold and share include:

  • Personal information (such as name and address)
  • Contact Details including telephone numbers, place of work and email addresses
  • Contact details of relatives that may include names, addresses, telephone numbers and relationship with child
  • Legal access to the child and any court orders indicating access rights
  • Social Service involvement with families.
  • Information relating to whether a parent is a member of the armed forces.

Why we collect and use this information

We use the parent data:

  • To be able to contact you in relation to the pupil’s educational provision, and also in the case of urgency.
  • In order to engage services from other organisations, such as the Local Authority.

The lawful basis on which we use this information

On the 25th May 2018 the Data Protection Act 1998 was replaced by the General Data Protection Regulation (GDPR).

The condition for processing under the GDPR will be:

Processing pupil, parental and carer information is necessary for the school to undertake its statutory responsibilities. This is called in the ‘Public Interest’ and is where the school is exercising official authority which is laid down by law.

Where the school does not have a statutory basis for collecting and processing the data, eg information for a school trip, the school will request your explicit consent to gather and process the information and you will always have the opportunity to opt out of this process. However, in these circumstances, opting out will often prevent the activity taking place.

Collecting pupil information

Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this.

Storing pupil data

We hold pupil data in line with the guidance set out in the Retention Schedule contained within the IRMS Toolkit for Schools.

  • The education record of all pupils will be processed and retained until the pupil leaves the school.
  • For the purposes of inspection by ESTYN, some records are retained.
  • On some occasions, the school has a legal responsibility to retain information for future access. Eg safeguarding and wellbeing.

Following the retention period expiry, information will be destroyed securely and permanently.