Privacy Notice

This privacy notice describes how we collect and use personal information about pupils, in accordance with the UK General Data Protection Regulation (UK GDPR), section 537A of the Education Act 1996 and section 83 of the Children Act 1989.

Following Brexit, Regulation (EU) 2016/679, General Data Protection Regulation (GDPR) is retained EU law and known as UK GDPR. The UK GDPR sits alongside an amended version of the Data Protection Act 2018 that relate to general personal data processing, powers of the Information Commissioner and sanctions and enforcement. The GDPR as it continues to apply in the EU is known as EU GDPR. This notice applies to all pupils and parents

Who Collects This Information

Who Collects This Information St Mary’s Catholic High School Academy Trust is a “data controller” of personal data and gathers and uses certain information about pupils and parents. This means that we are responsible for deciding how we hold and use personal information about pupils and parents. Under data protection legislation, we are required to notify you of the information contained in this privacy notice.

 This notice does not form part of any contract to provide services and we may update this notice at any time.

It is important that you read this notice with any other policies mentioned within this privacy notice, so that you are aware of how and why we are processing your information, what your rights are under data protection legislation and the procedures we take to protect your personal data.

Data Protection Principles

We will comply with the data protection principles when gathering and using personal information, as set out in our data protection policy.

Categories of Pupil Information We Collect, Process, Hold and Share

We may collect, store and use the following categories of personal information about you:

• Personal information such as name, pupil number, date of birth, gender and contact information;
• Emergency contact and family lifestyle information such as names, relationship, phone numbers and email addresses;
• Characteristics (such as language, and free school meal eligibility);
• Attendance details (such as sessions attended, number of absences and reasons for absence);
• Performance and assessment information;
• Behavioural information (including exclusions);
• Images of pupils engaging in school activities;
• Information about the use of our IT, communications and other systems, and other monitoring information;
• Financial details;
• Post 16 learning information.

We may also collect, store and use the following more sensitive types of personal information:

• Information about your race or ethnicity, religious or philosophical beliefs
• Information about your health, including any medical conditions and sickness records.
• Special educational needs information.

How We Collect this Information

Whilst the majority of information you provide to us is mandatory, some of it is provided to us on a voluntary basis. To comply with the UK General Data Protection Regulation, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

How We Use Your Personal Information

We hold pupil data and use it for:

We will only use your personal information when the law allows us to do so. Most commonly, we will hold pupil data and use it for:

• Pupil selection (and to confirm the identity of prospective pupils and their parents);
• Providing education services and extra-curricular activities to pupils, and monitoring pupils' progress and educational needs;
• Informing decisions such as the funding of schools;
• Assessing performance and to set targets for schools;
• Safeguarding pupils' welfare and providing appropriate pastoral (and where necessary medical) care;
• Support teaching and learning;
• Giving and receive information and references about past, current and prospective pupils, and to provide references to potential employers of past pupils;
• Managing internal policy and procedure;
• Enabling pupils to take part in assessments, to publish the results of examinations and to record pupil achievements;
• To carry out statistical analysis for diversity purposes;
• Legal and regulatory purposes (for example child protection, diversity monitoring and health and safety) and to comply with legal obligations and duties of care;
• Enabling relevant authorities to monitor the school's performance and to intervene or assist with incidents as appropriate;
• Monitoring use of the school's IT and communications systems in accordance with the school's IT security policy;
• Making use of photographic images of pupils in school publications, on the school website and on social media channels;
• Security purposes
• Where otherwise reasonably necessary for the school's purposes, including to obtain appropriate professional advice and insurance for the school;
• To provide support to pupils after they leave the school in connection with further University applications.

The Lawful Bases on which we use this Information

We will only use your information when the law allows us to. Most commonly, we will use your information in the following circumstances:

• Consent: the individual has given clear consent to process their personal data for a specific purpose;
• Contract: the processing is necessary for a contract with the individual;
• Legal obligation: the processing is necessary to comply with the law (not including contractual obligations);
• Vital interests: the processing is necessary to protect someone’s life.
• Public task: the processing is necessary to perform a task in the public interest or for official functions, and the task or function has a clear basis in law; and
• The Education Act 1996: for Departmental Censuses 3 times a year. More information can be found at: https://www.gov.uk/education/data-collection-and-censuses-for-schools.

We need all the categories of information in the list above primarily to allow us to comply with legal obligations. Please note that we may process information without knowledge or consent, where this is required or permitted by law.

How We Use Particularly Sensitive Personal Information

Special categories of particularly sensitive personal information, such as information about your health, racial or ethnic origin, sexual orientation, or biometrics require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data. We may process special categories of personal information in the following circumstances:

• In limited circumstances, with your explicit written consent.
• Where we need to carry out our legal obligations in line with our data protection policy.
• Where it is needed in the public interest, such as for equal opportunities monitoring.
• Where it is necessary to protect you or another person from harm.

Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.

Sharing Data

We may need to share your data with third parties where it is necessary. There are strict controls on who can see your information. We will not share your data if you have advised us that you do not want it shared unless it’s the only way we can make sure you stay safe and healthy, or we are legally required to do so.

We share pupil information with:

• the Department for Education (DfE) - on a statutory basis under section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013;
• Ofsted;
• Other Schools that pupils have attended/will attend;
• NHS;
• Welfare services (such as social services);
• Law enforcement officials such as police, HMRC;
• Local Authority Designated Officer;
• Professional advisors such as lawyers and consultants;
• Support services (including insurance, IT support, information security);
• Providers of learning software such as [e.g., Satchel, Edukey etc) and
• The Local Authority;
• Youth Support Services – under section 507B of the Education Act 1996, to enable them to provide information regarding training and careers as part of the education or training of 13– 19-year-olds.

The Department for Education request regular data sharing on pupil attendance to help support those vulnerable students and to assist with intervention strategies. Further information on how the Department for Education collects this data will be made available on the school website.

Information will be provided to those agencies securely or anonymised where possible.

The recipient of the information will be bound by confidentiality obligations, we require them to respect the security of your data and to treat it in accordance with the law.

We may transfer your personal information outside the UK and the EU. If we do, you can expect a similar degree of protection in respect of your personal information.

Retention Periods

Except as otherwise permitted or required by applicable law or regulation, the school only retains personal data for as long as necessary to fulfil the purposes they collected it for, as required to satisfy any legal, accounting or reporting obligations, or as necessary to resolve disputes.

Security

We have put in place measures to protect the security of your information (i.e., against it being accidentally lost, used or accessed in an unauthorised way). In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. The school keep information about pupils on computer systems and sometimes on paper.

You can find further details of our security procedures within our Data Breach policy and our Cyber Attack policy.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if yours or your child’s personal information changes while your child attends our school.

Youth Support Services

Pupils aged 13+

Once our pupils reach the age of 13, we also pass pupil information to our local authority and / or provider of youth support services as they have responsibilities in relation to the education or training of 13–19-year-olds under section 507B of the Education Act 1996.

We must provide the pupils name, the parents name(s) and any further information relevant to the support services role.

This enables them to provide services as follows:

•  Youth Support Services
• Careers Advisers

A parent or guardian can request that only their child’s name, address and date of birth is passed to their local authority or provider of youth support services by informing us. This right is transferred to the child / pupil once he/she reaches the age of 16.

Pupils aged 16+

We will also share certain information about pupils aged 16+ with our local authority and / or provider of youth support services as they have responsibilities in relation to the education or training of 13–19- year-olds under section 507B of the Education Act 1996.

This enables them to provide services as follows:

• post-16 education and training providers
• Youth Support Services
• Careers Advisers

For more information about services for young people, please visit our local authority website.

The National Pupil Database

The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.

We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.

To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupildatabase-user-guide-and-supporting-information.

The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:

• conducting research or analysis
• producing statistics
• providing information, advice or guidance

The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:

• who is requesting the data?
• the purpose for which it is required
• the level and sensitivity of data requested: and
• the arrangements in place to store and handle the data

To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.

For more information about the department’s data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data.

For information about which organisations the department has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received.

To contact DfE: https://www.gov.uk/contact-dfe.

Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or information regarding your child’s education record, contact Mrs Alison Finch via enquiries@stmaryschesterfield.org.uk.

Your Rights of Access, Correction, Erasure and Restriction

Under certain circumstances, by law you have the right to:

• Access your personal information (commonly known as a “subject access request”). This allows you to receive a copy of the personal information we hold about you and to check we are lawfully processing it. You will not have to pay a fee to access your personal information. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
• Correction of the personal information we hold about you. This enables you to have any inaccurate information we hold about you corrected.
• Erasure of your personal information. You can ask us to delete or remove personal data if there is no good reason for us continuing to process it.
• Restriction of processing your personal information. You can ask us to suspend processing personal information about you in certain circumstances, for example, if you want us to establish its accuracy before processing it.
• To object to processing in certain circumstances (for example for direct marketing purposes).
• To transfer your personal information to another party.

If you want to exercise any of the above rights, please contact Mrs Alison Finch, Director of Business and Finance in writing.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights).

Right to Withdraw Consent

In circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact Mrs Alison Finch. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Contact

If you would like to discuss anything within this privacy notice or have a concern about the way we are collecting or using your personal data, we request that you raise your concern with Mrs Alison Finch in the first instance.

We have appointed a data protection officer (DPO) to oversee compliance with data protection and this privacy notice. If you have any questions about how we handle your personal information which cannot be resolved by Mrs Alison Finch, then you can contact the DPO on the details below:

Data Protection Officer: Judicium Consulting Limited
Address:  5th Floor, 98 Theobalds Road, London, WC1X 8WB
Email: dataservices@judicium.com
Web: www.judiciumeducation.co.uk

You have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues at https://ico.org.uk/concerns.

Changes to this Privacy Notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

Signature:   A Finch                                           Date:   28.04.2025

Change History Record