GDPR Information

St Francis Catholic Primary School

Privacy Notice (How we use pupil information)

Who we are

We are St Francis Catholic Primary School, Mill Rd, Shelfield, Walsall. WS4 1RH for children aged 3 to 11. This privacy notice explains how we collect, store and use personal data about our pupils. We, St Francis Catholic Primary School are the ‘data controller’ for the purposes of the General Data Protection Regulation (GDPR).

The categories of pupil information that we collect, hold and share include:

  • Personal information, such as name, unique pupil number and address
  • Characteristics, such as ethnicity, language, nationality, country of birth, free school meal eligibility and special educational needs
  • Pupil and curricular records, including results of internal assessments and externally set tests
  • Attendance information, such as sessions attended, number of absences and absence reasons, and exclusion information
  • Safeguarding information
  • Details of any medical conditions
  • Details of any support received, including care packages, plans and support
  • Contact details, contact preferences, date of birth, identification documents

Why we collect and use this information

We use the pupil data:

  • to support pupil learning
  • to monitor and report on pupil progress
  • to provide appropriate pastoral care, and to protect pupil welfare
  • to assess the quality of our services (including monitoring staff performance)
  • to comply with the law regarding data sharing

The lawful basis on which we use this information

We collect and use pupil information on the basis of:

Public task: the processing is necessary for us to perform a task in the public interest or for our official functions

Vital interests: the processing is necessary to protect someone’s life.

Legal obligation: the processing is necessary for us to comply with the law

On some occasions, we process personal information on the basis of consent – for example, when we wish to take and use pupil images. In such instances, we will ask for consent when the use of personal data is optional. We will make this clear when we ask for consent, and explain how consent can be withdrawn in the future.

Collecting pupil information

Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this.

We collect and obtain information from pupils, parents, carers, teachers and other professionals where relevant (e.g. social workers etc).

Storing pupil data

We hold personal data about our pupils while they are attending our school. We may also need to keep it beyond their attendance at the school if this is necessary in order to comply with our legal obligations.

We will only retain the data we collect for as long as is necessary. This will be to satisfy the purpose for which it has been collected in accordance with our data retention schedule, and as identified in our data audit. Please contact us if you would like further clarification on our retention timescales.

Who we share pupil information with

We share pupil information with external agencies where the law requires us to do so, or where we have sought your permission. The agencies who we routinely share pupil information with include:

  • schools that the pupil’s attend after leaving us
  • our local authority
  • the Department for Education (DfE)
  • providers of alternative educational provision
  • NHS and health services, including the school nurse
  • Limited information will be shared with our 3rd party providers who support the school in the education and wider services to our children, including music lesson providers, sports coaches, school meal providers etc. The level of information shared will only be to the degree that is required for those 3rd parties to provide the service to the school, e.g. information on pupils with food allergies is shared with our school meals providers.

Full details of who we share pupil information with is included in our data audit. If you have any questions on who we share the information with, please contact our Data Protection Lead.

Why we share pupil information

We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.

We share pupils’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.

We are required to share information about our pupils with the (DfE) under regulation 5 of The Education (Information About Individual Pupils) (England) Regulations 2013.

Data collection requirements:

To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to

The National Pupil Database (NPD)

The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.

We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.

To find out more about the NPD, go to

The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:

  • conducting research or analysis
  • producing statistics
  • providing information, advice or guidance

The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:

  • who is requesting the data
  • the purpose for which it is required
  • the level and sensitivity of data requested: and
  • the arrangements in place to store and handle the data

To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.

For more information about the department’s data sharing process, please visit:

For information about which organisations the department has provided pupil information, (and for which project), please visit the following website:

To contact DfE:

Requesting access to your personal data

Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact in the first instance our Data Protection Lead SIPS Education, Guardian House, Cronehills Linkway, West Bromwich B70 8SW  

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations

If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at


If you would like to discuss anything in this privacy notice, please contact:

In the first instance, our Data Protection Lead SIPS Education (School  GDPR contact: Mrs A Cooksey.)

Our Data Protection Officer (DPO) is provided by SIPS Education Ltd. The named Data Protection Officers are Laura Hadley and Sue Courtney-Donovan, who can be contacted via



25th May- GDPR Implementation and Key People and Privacy Documents on website.

June 2018- audit of documentation needed to be reviewed

July 2018 – Training of all staff and Governors.

GDPR Lead : SIPS Education

Governor GDPR Champion : Ms Talon

School Contact : Mrs A Cooksey