May 2018

1. General introduction

This privacy notice tells parents, prospective parents, pupils and members of staff at Firle School (the school) what to expect when the school collects, uses, retains and discloses your personal information (“data”). Personal data is information which (on its own or together with other information) identifies you and is about you. This includes what a parent, prospective parent, child or member of staff tells us, and what we learn by having you as part of the school.

To ensure that we process your personal information fairly and lawfully, this notice informs you

a. Why we need your personal information.

b. How it will be used

c. With whom it will be shared

d. How it will be stored

e. What rights you have in relation to the personal information we collect.

Your privacy is protected by law, which says that we can use your personal information only if it is necessary and if we have a proper reason to do so.

When the information processed relates to matters such as race, religion, ethnic origin or health we must consider additional information required by the Regulation for this type of data.

There follows a more detailed explanation of what we do with your information, as required by the General Data Protection Regulation EU 2016/679 (GDPR).

2. How we use pupil information

This section is to explain to parents and prospective parents (together in this document called “parents”) and pupils (which includes children of prospective parents) how the school uses their personal information.

Firle School processes personal information about its pupils and when it does this, it is officially called a “data controller”. We collect information from you and your child. We may receive information from a previous school or nursery, or a local authority.

1. The types of pupil information that we collect, keep and share include:

i. Personal information, (such as names, dates of birth and address of pupils and prospective pupils, parents and siblings, unique pupil number, arrangements for travel to and from school).

ii. Characteristics (such as ethnicity, nationality, country of birth, free school meal eligibility).

iii. Attendance information (such as sessions attended, number of absences and reasons for being away from school).

iv. Information about behaviour and achievements (such as rewards received or sanctions imposed).

v. Assessment and attainment information (such as results of in-school tests, homework and assessments, progress data and SATs).

vi. Sensitive Information (such as medical information, special educational needs requirements, education and health care plans and supporting documentation, and information about a disability).

vii. Safeguarding information.

viii. Information relating to consideration of attendance at other schools (such as preferences for secondary schools).

3. Why we collect and use this information

We use the pupil and parent data:

i. To support pupil learning, for planning and delivering lessons and other school activities including carrying out risk assessments.

ii. To support children at phase changes and when changing school.

iii. To monitor and report on pupil progress.

iv. To provide appropriate pastoral care, and to ensure that pupils are safe.

v. To assess the quality of our services.

vi. To ensure compliance with the school’s behaviour and other policies.

vii. To facilitate the provision of school meals, music lessons, sports training and matches, clubs, trips and other out of school activities not required by the National Curriculum.

viii. To facilitate management and governorship of the school.

ix. To comply with the law regarding data sharing.

x. To ensure that the school complies with its statutory obligations.

4. The lawful basis on which we use your information

We process this information variously under the lawful bases provided by:

  • Legal Obligation - that it is necessary to process the information to comply with the law (Articles 6(1) (c) GDPR).
  • Tasks in public interest or exercise of official authority - that it is necessary to process the information in order that the school can fulfil a task in the public interest and for its official functions, and that task or function has a clear basis in law (Article 6(1) (e) GDPR).
  • Legitimate Interests – that it is necessary in pursuit of the legitimate interests of the school balanced against the needs of the individual particularly those of children (Article 6(1) (f) GDPR).

Special category data (such as religion and ethnicity) are processed under the following additional lawful bases:

  • Processing is necessary for reasons of substantial public interest. (Article 9(2) (g)).
  • For health data: processing is necessary to protect the vital interests of the data subject or of another natural person, where the data subject is physically or legally incapable of giving consent. (Article 9(2) (c)).

5. Collecting pupil information

Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this.

6. Storing pupil data

We retain pupil data in accordance with the statutory and best practice guidelines set out in the IRMS toolkit Retention Guidelines approved by the Department for Education.

Data relating to prospective parents and their children will be stored until it is established that the child will not be attending the school.

7. Who we share pupil information with

We routinely share pupil information with:

  • Schools that pupils attend after leaving us,
  • Our local authority,
  • The Department for Education (DfE),
  • External agencies including the police, social services, and medical professionals, where necessary for safeguarding,
  • External agencies including speech and language and occupational therapists where there is a SEND need,
  • Contractors who facilitate the running of the school administration e.g. Parent Pay and Target Tracker (a tool that monitors pupils progress),
  • In the event that the school joins a federation, other schools in the federation
  • Ofsted,
  • Websites: Sometimes we will use secure websites to support us with our school processes. These currently include the school website, Speechlink, SIMS, Premier Sport and educational learning sites i.e. maths, spelling and reading programmes (e.g. Mathletics and maths passports). We take all measures to transfer data securely.

8. Why we share pupil information

We do not share information about our pupils without consent unless the law and our policies allow us to do so.

We share pupils’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.

We are required to share information with our local authority (LA) and the Department for Education (DfE) under section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013. information about our pupils stipulated in Schedule 1 thereof.

9. Data collection requirements

To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to

10. The National Pupil Database (NPD)

The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.

We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.

To find out more about the NPD, go to

The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:

  • conducting research or analysis
  • producing statistics
  • providing information, advice or guidance

The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:

  • who is requesting the data
  • the purpose for which it is required
  • the level and sensitivity of data requested: and
  • the arrangements in place to store and handle the data

To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.

For more information about the department’s data sharing process, please visit:

For information about which organisations the department has provided pupil information, (and for which project), please visit the following website:

If you require more information about how the LA and/or DFE store and use data please go to the following websites:

East Sussex County Council:

Department for Education:
Piccadilly Gate
Store Street
M1 2WD

Telephone 0370 000 2288

To contact DfE:

11. Requesting access to your personal data

Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact:

School Business Manager - Mrs Sue Miller Phone 01273 858260

Address: Firle Church of England Primary School,
The Bostal,
East Sussex. BN8 6LF

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations

If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at

Data Protection Officer

Our Data Protection Officer is based with the Local Authority. Contact details are:

Data Protection Officer for Firle Church of England Primary School
Information Governance Team
Children’s Services
East Sussex County Council.
Phone: 01273 337 610

(NOTE: Whilst this Privacy Notice refers to the Articles of the GDPR, it is intended to continue to be applicable to equivalent provisions in any Act of Parliament.)