GDPR - Privacy Notice, Child and Parent

Privacy Notice (How we use pupil information)

We, Elangeni School, are a data controller for the purposes of the General Data Protection Regulation. We collect and hold personal information from you about your child and may receive information about your child from their previous school or college, the Local Authority, the Department of Education (DfE) and the Learning Records Service.

The categories of pupil information that we process include:

  • personal identifiers and contacts (such as name, unique pupil number, contact details and address)
  • characteristics (such as ethnicity, language, and free school meal eligibility)
  • safeguarding information (such as court orders and professional involvement)
  • special educational needs (including the needs and ranking)
  • medical and administration (such as doctors information, child health, dental health, allergies, medication and dietary requirements)
  • attendance (such as sessions attended, number of absences, absence reasons and any previous schools attended)
  • assessment and attainment (such as key stage 2 results and previous key stage results from previous school)
  • behavioural information (such as exclusions and any relevant alternative provision put in place)

Why we collect and use pupil information

 We collect and use pupil information, for the following purposes:

  1. to support pupil learning
  2. to monitor and report on pupil attainment progress
  3. to provide appropriate pastoral care
  4. to assess the quality of our services
  5. to keep children safe (food allergies, or emergency contact details)
  6. to meet the statutory duties placed upon us for DfE data collections
  7. for safeguarding and child protection
  8. to comply with regulations and the law regarding data sharing
  9. to communicate with parents

The lawful basis on which we use this information

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing pupil information are:

  • Article 6.1.e states that the use of personal data is justified if ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’. In this instance, the requirement for the school to deliver education under the Education Act (1996) requires us to collect information to deliver this service.  
  • Article 9 covers the use of sensitive personal information (this includes health and social care information). This is justified either by article 9.2.a (consent from the data subject) or article 9.2.e (processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services).

How we collect pupil information

We obtain pupil information via application or data collection forms at the start of each academic year. In addition, when a child joins us from another school we are sent a secure file containing relevant information.

Pupil data is essential for the schools’ operational use. Whilst the majority of pupil information you provide to us is mandatory, some of it requested on a voluntary basis. In order to comply with the data protection legislation, we will inform you at the point of collection, whether you are required to provide certain pupil information to us or if you have a choice in this.

How we store pupil data

We hold pupil data securely for the set amount of time shown in our data retention schedule which is in line with IRMS (Information Records Management Service) guidelines


For more information on our data retention schedule and how we keep your data safe, please click here.

Who we share pupil information with 

We routinely share pupil information with:

  • schools that the pupils attend after leaving us
  • our local authority, Buckinghamshire Council
  • the Department for Education (DfE)
  • school governors (not on an individually named basis)
  • agencies including the school nursing team and NHS
  • curriculum resources (all web resources are checked and minimal details are shared with online teaching resources)
  • communication resources (all web resources are checked and minimal details are shared with online communication resources)
  • other parties where there is a legal basis for doing so

Why we regularly share pupil information

We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.

We share pupils’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.

Department for Education

The Department for Education (DfE) collects personal data from educational settings and local authorities via various statutory data collections. We are required to share information about our pupils with the Department for Education (DfE) either directly or via our local authority for the purpose of those data collections, under:

  • section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013.
  • section 87 of the Education Act 2002. Article 11 of The Education (National Curriculum) (Key Stage 2 Assessment Arrangements) (England) Order 20032

All data is transferred securely and held by DfE under a combination of software and hardware controls, which meet the current government security policy framework.

For more information, please see ‘How Government uses your data’ section.

How Government uses your data

The pupil data that we lawfully share with the DfE through data collections: 

  • underpins school funding, which is calculated based upon the numbers of children and their characteristics in each school. 
  • informs ‘short term’ education policy monitoring and school accountability and intervention (for example, school GCSE results or Pupil Progress measures).
  • supports ‘longer term’ research and monitoring of educational policy (for example how certain subject choices go on to affect education or earnings beyond school)

Data collection requirements

To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to

The National Pupil Database (NPD)

Much of the data about pupils in England goes on to be held in the National Pupil Database (NPD).

The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department.

It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.

To find out more about the NPD, go to


Sharing by the Department

The law allows the Department to share pupils’ personal data with certain third parties, including:

  • schools
  • local authorities
  • researchers
  • organisations connected with promoting the education or wellbeing of children in England
  • other government departments and agencies
  • organisations fighting or identifying crime

For more information about the Department’s NPD data sharing process, please visit:

Organisations fighting or identifying crime may use their legal powers to contact DfE to request access to individual level information relevant to detecting that crime. Whilst numbers fluctuate slightly over time, DfE typically supplies data on around 600 pupils per year to the Home Office and roughly 1 per year to the Police.

For information about which organisations the Department has provided pupil information, (and for which project) or to access a monthly breakdown of data share volumes with Home Office and the Police please visit the following website:

To contact DfE:

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. 

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Requesting access to your personal data

Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact the School Data Protection Lead, Mrs Clare Prescott-Pounds, in the first instance.


Data Protection officer




School Data Protection Lead

Mrs Clare Prescott-Pounds

01494 721436

Data Protection Officer


01865 597620 (option 3 - GDPR)

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • a right to seek redress, either through the ICO, or through the courts

If you have a concern or complaint about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at

Other policies which may reference this privacy notice

This Privacy Notice also applies in addition to the school’s other relevant terms and conditions and policies, including:

  • any contract between the school and its staff or the parents of students;
  • the school’s policy on taking, storing and using images of students (digital photography);
  • the school’s policy on the use of CCTV
  • the school’s retention of records policy, (IRMS template);
  • the school’s safeguarding policy;
  • the school’s Health and Safety policy, including how concerns or incidents are recorded;
  • the school’s IT policies, including its Acceptable Use policy, E- Safety policy;
  • the school’s Data Protection Policy


If you would like to discuss anything in this privacy notice, please contact:

Data Protection officer




School Data Protection Lead

Mrs Clare Prescott-Pounds

01494 721436

Data Protection Officer


01865 597620 (option 3 - GDPR)

Policy update information

This policy is reviewed annually and updated in line with data protection legislation.

Policy update – May 2018

Reviewed date – May 2022



NACE Membership
NACE Membership
Gold Travel Plan 2023
Gold Travel Plan 2023
SMSC Gold Quality Mark
SMSC Gold Quality Mark
School Games Mark 2022 - 2023
School Games Mark 2022 - 2023
NACE Membership
NACE Membership
Gold Travel Plan 2023
Gold Travel Plan 2023
SMSC Gold Quality Mark
SMSC Gold Quality Mark
School Games Mark 2022 - 2023
School Games Mark 2022 - 2023
NACE Membership
NACE Membership
Gold Travel Plan 2023
Gold Travel Plan 2023
SMSC Gold Quality Mark
SMSC Gold Quality Mark