Skip to content ↓

Privacy Notices

Please click on a title to view the contents of our Privacy Notices:

 Privacy Notice for Parents, visitors and volunteers

Under data protection law, individuals have a right to be informed about how The Spring Partnership Trust (TSPT) and it’s schools use any personal data that we hold about them. We comply with this right by providing ‘privacy notices’ (sometimes called ‘fair processing notices’) to individuals where we are processing their personal data.

This privacy notice explains how we collect, store and use personal data about pupils, parents, visitors and volunteers.

We, The Spring Partnership Trust (TSPT), Room 1, The Warren, Croydon Road, Bromley, Kent, BR2 7AL, are the ‘data controller’ for the purposes of data protection law. In some cases, your data will be outsourced to a third party processor; however, this will only be done if the law requires that we share your data. Where data is outsourced to a third party processor, the same data protection standards that TSPT and its schools uphold are imposed on the processor.

Who processes your information?

TSPT is the data controller of the personal information you provide to us. This means the Trust determines the purposes for which, and the manner in which, any personal data relating to pupils and their families is to be processed. Data Protection Education is the Data Protection Officer for TSPT, with regard to its data controller responsibilities; their role is to oversee and monitor the Trust’s data protection procedures, and to ensure they are compliant with the GDPR. (see below for contact details).

The pupil personal data we hold

Personal data that we may collect, use, store and share (when appropriate) about pupils includes, but is not restricted to:           

  • Personal information (such as name, unique pupil number, address and contact details, contact preferences, date of birth)
  • Characteristics (such as ethnic background, language, nationality, country of birth, eligibility for free school meals, or special educational needs)
  • Health and medical information such as dietary requirements, medication details and mental health conditions
  • Attendance information (such as sessions attended, number of absences and absence reasons)
  • Results of internal assessments and externally set tests
  • Pupil and curricular records
  • Behavioural information (such as achievements, exclusions, internal exclusions and detentions)
  • Safeguarding information, Child Protection reports and disclosures
  • Details of any support received, including care plans and support providers
  • Permission information (such as photographs and videos, social media, collection from school procedures)
  • CCTV images captured in school
  • We may also hold data about pupils that we have received from other organisations, including information passed on when transferring from another school, local authorities and the Department for Education.

Why do we collect and use pupil information

We collect and use pupil information under section 537A of the Education Act 1996, and section 83 of the Children Act 1989. We also comply with Article 6(1)(c) and Article 9(2)(b) of the General Data Protection Regulation (GDPR).

We use the pupil data to:

  • support pupil learning
  • provide appropriate pastoral care
  • deliver live lessons
  • protect pupil welfare
  • monitor and report on pupil progress
  • assess the quality of our services
  • comply with the law regarding data sharing

Our legal basis for using this data

We only collect and use pupils’ personal data when the law allows us to and in accordance with the ICO’s guidance on the lawful basis for processing.

Most commonly, we process it where:

  • We need to comply with a legal obligation, such as with reference to medical conditions or for safeguarding purposes;
  • We need it to perform an official task in the public interest, for example where it relates to a child’s educational progression.

Less commonly, we may also process pupils’ personal data in situations where:

  • We have obtained consent to use it in a certain way, such as photographs or videos
  • We need to protect the individual’s vital interests (or someone else’s interests)

Where we have obtained consent to use pupils’ personal data, this consent can be withdrawn at any time. We will make this clear when we ask for consent, and explain how consent can be withdrawn.

Some of the reasons listed above for collecting and using pupils’ personal data overlap, and there may be several grounds which justify our use of this data.

Collecting this information

While the majority of information we collect about pupils is mandatory, there is some information that can be provided voluntarily. In order to comply with the General Data Protection Regulation, we will make it clear whether providing it is mandatory or optional.

How we store this data

We keep personal information about pupils while they are attending our school. We may also keep it beyond their attendance at our school if this is necessary in order to comply with our legal obligations.

How long is your data stored for?

Personal data relating to pupils and their families while they are attending our school is stored in line with the Trust’s GDPR Data Protection Policy. The Trust follows the retention schedule ‘Toolkit for Schools’ as published by the Information and Records Management Society.

In accordance with the GDPR, the school does not store personal data indefinitely; data is only stored for as long as is necessary to complete the task for which it was originally collected.

Who we share pupil information with

We do not share information about pupils with any third party without consent unless the law and our policies allow us to do so. Where it is legally required or necessary (and it complies with data protection law) we may share personal information about pupils with:

  • schools that the pupil’s attend after leaving us;
  • our local authority (to meet our legal obligations to share certain information such as safeguarding concerns and exclusions);
  • the Department for Education (DfE). We share pupils’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring;
  • The pupil’s family and representatives;
  • Educators and examining bodies;
  • Our regulator e.g. Ofsted;
  • Suppliers and service providers – to enable them to provide the service we have contracted them for eg parent communication providers;
  • Health authorities, health and social welfare organisations;
  • Survey and research organisations;
  • Security organisations;
  • Professional advisers, bodies and consultants;
  • Charities and voluntary organisations, Police forces, courts, tribunals.

The National Pupil Database (NPD)

We are required by law to provide information about pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.

To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information.

Transferring data internationally

Where we transfer personal data to a country or territory outside the European Economic Area, we will do so in accordance with Data Protection law.

Other information we collect and hold

The categories of other information that we collect, hold and share include:

  • Parents’ and carers information (such as name, address, contact information, relationship to the child, involvement with volunteer groups or parents association);
  • Visitor information (such as name, business, car registration, DBS certification, purpose of visit);
  • Volunteers’ information (such as name, address, contact information, DBS certification).

Why we collect and use this information

Parents’ information is collected so that:

  • We can communicate with you about your child (in relation to things such as education and attainment, health and well-being, attendance and behaviour);
  • Send you important information about the school;
  • Provide you with access to tools and services we use in schools (such as parent payment systems and communication applications).

Visitor and volunteer information is collected so that:

  • We have a record of who is and has been in the building, for health, safety and operational purposes;
  • We know whether a visitor can be unaccompanied in areas where children are present;
  • We have a record of official visits (such as inspections or maintenance).

The lawful basis on which we use this information

  • Parental information is processed in the public interest where it is related to their child’s education. We may have a legal obligation to process data in certain processing activities and in some circumstances we will rely on consent as the lawful basis;
  • Visitor and volunteer information is processed as a task in the public interest where it relates to school operations and under a legal obligation where it relates to health and safety.

Collecting this information

Parents: whilst the majority of information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with data protection legislation, we will inform you whether you are required to provide certain information to us or if you have a choice in this.

Visitors/Volunteers: As a visitor or volunteer the information that you provide to us is voluntary. However, we may restrict access to the school if the information is not provided.

Storing this information

Personal data relating to parents/carers, visitors and volunteers is stored in line with the Trust’s GDPR Data Protection Policy. The Trust follows the retention schedule ‘Toolkit for Schools’ as published by the Information and Records Management Society.

In accordance with the GDPR, the school or Trust does not store personal data indefinitely; data is only stored for as long as is necessary to complete the task for which it was originally collected.

Who we share this information with

We routinely share this information with:

Parents: we will share your information with members of staff, other agencies and with third-party processors who provide services to the school/Trust;

Visitors / Volunteers: your information will not be shared unless requested by an external agency in the course of a health and safety incident or in the investigation of a crime.

Requesting access to your personal data

Under data protection legislation, parents/carers and pupils have the right to make a ‘subject access request’ to gain access to personal information that the school or Trust holds about them. To make a request for your personal information contact The Data Protection Officer (see below), or to find out if you can have access to your child’s education record contact the relevant school.

If you make a subject access request, and if we do hold information about you or your child, we will:

  • Give you a description of it
  • Tell you why we are holding and processing it, and how long we will keep it for
  • Explain where we got it from, if not from you or your child
  • Tell you who it has been, or will be, shared with
  • Let you know whether any automated decision-making is being applied to the data, and any consequences of this
  • Give you a copy of the information in an intelligible form

If you would like to make a request please contact our Data Protection Officer (see Contact Us).

Other rights

Under Data Protection law, individuals have certain rights regarding how their personal data is used and kept safe, including the right to:

  • Object to the processing of personal data if it would cause, or is causing, damage or distress;
  • Prevent it being used to send direct marketing;
  • Object to decisions being taken by automated means (by a computer or machine, rather than by a person);
  • In certain circumstances, have inaccurate personal data corrected, deleted or destroyed, or restrict processing;
  • Claim compensation for damages caused by a breach of the Data Protection Regulations.

To exercise any of these rights, please contact our Data Protection Officer.

Contact Us

If you have any questions, concerns or would like more information about anything mentioned in this privacy notice, please contact: Data Protection Education - Data Protection Officer (dpo@dataprotection.education)

Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/

 Privacy Notice for Pupils

The law says that you have a right to be told how our school uses any personal information that we hold about you. This document (known as a ‘privacy notice’) explains how we collect, store and use your personal data.

What is ‘personal data’?

When you are a pupil at this school we hold some information about you to make sure we can help you to learn and look after you at school.

This information includes:

  • Your parent/carers address, email and phone number
  • Your test results
  • Whether there are any days you’ve not been in school
  • Your ethnic background
  • Any special educational needs or medical conditions you have
  • Any good behaviour awards you’ve had, as well as any detentions or exclusions
  • Photographs, videos and CCTV images

We might keep hold of some information after you have left as well, but only if we are allowed to do so.

Why do collect this data and what do we use it for?

The law says that we can collect this data to help run the school and to teach you as well as we can.  We use it to:

  • Get in touch with you and your parents/carers when we need to
  • Check how you’re doing in tests and work out whether you or your teachers need any extra help
  • Keep on teaching with live lessons when you're learning at home
  • Track how well the school as a whole is performing
  • Make sure you are safe

What do I have to do?

As you are younger than 13 we will talk to your parents/carers about collecting information about you.  Most of the time your parent/carer must give us the information we ask for, but sometimes they may be able to say that they don’t want to give it to us.

Data sharing

We only share personal information about you when we are allowed to.  Here are some examples of when the law says we can share your data: 

  • The Department for Education (the people who work for the government)
  • Your family

There are a lot of other examples that we have told your parents/carers about.

Your rights

You have rights over how your personal data is used and kept safe, including the right to find out what personal information we hold about you by making a ‘subject access request’ (if we think you are able to understand your rights and what they mean). 

There are other rights that we have told your parents/carers about.

Contact us

If you have any questions, would like more information about anything you’ve just read or have a problem to do with how we are using your personal data, please talk to your teacher or contact our Data Protection Officer (Data Protection Education) on dpo@dataprotection.education

 Privacy Note for Staff

Privacy Notice for Staff and those involved in Governance

Under data protection law, individuals have a right to be informed about how The Spring Partnership Trust (TSPT) and its schools use any personal data that we hold about them. We comply with this right by providing ‘privacy notices’ (sometimes called ‘fair processing notices’) to individuals where we are processing their personal data.

This privacy notice explains how we collect, store and use personal data about staff, Members, Directors and Local Advisory Council members.

We, The Spring Partnership Trust (TSPT), Room 1, The Warren, Croydon Road, Bromley, Kent, BR2 7AL, are the ‘data controller’ for the purposes of data protection law. In some cases, your data will be outsourced to a third party processor; however, this will only be done if the law requires that we share your data. Where data is outsourced to a third party processor, the same data protection standards that TSPT and its schools uphold are imposed on the processor.

Who processes your information?

TSPT is the data controller of the personal information you provide to us. This means the Trust determines the purposes for which, and the manner in which, any personal data relating to staff is to be processed. Data Protection Education is the Data Protection Officer for TSPT, with regard to its data controller responsibilities; their role is to oversee and monitor the Trust’s data protection procedures, and to ensure they are compliant with the GDPR. (See below for contact details).

The staff personal data we hold

The staff personal data that we may collect, use, store and share (where appropriate) about you includes:

  • personal information (such as name, address, telephone number, employee or teacher number, national insurance number, DBS checks)
  • special categories of data including characteristics information such as gender, age, ethnic group
  • contract information (such as start dates, hours worked, post, roles and salary information) 
  • work absence information (such as number of absences and reasons)
  • qualifications (and, where relevant, subjects taught)
  • relevant medical information
  • photographs, CCTV images and security entry system information (at some schools)

Why we collect and use this information

We collect and use staff information under section 537A of the Education Act 1996. We also comply with Article 6(1)(c) and Article 9(2)(b) of the General Data Protection Regulation (GDPR).

We use staff data to:

  • enable the development of a comprehensive picture of the workforce and how it is deployed
  • inform the development of recruitment and retention policies
  • deliver live lessons as part of the remote education programme
  • enable individuals to be paid
  • protect staff wellbeing

The legal basis for using this data

We only collect and use your personal data when the law allows us to and in accordance with the ICO’s guidance on the lawful basis for processing.

Most commonly, we process it where:

  • We need to comply with a legal or contractual obligation
  • We need it to perform an official task in the public interest

Less commonly, we may also process personal data in situations where:

  • We have obtained consent to use it in a certain way
  • We need to protect the individual’s vital interests (or someone else’s interests)

Where we have obtained consent to personal data, this consent can be withdrawn at any time. We will make this clear when we ask for consent, and explain how consent can be withdrawn.

Some of the reasons listed above for collecting and using personal data overlap, and there may be several grounds which justify our use of this data.

Collecting this information

While the majority of information we collect about staff is mandatory, there is some information that can be provided voluntarily. In order to comply with the General Data Protection Regulation, we will make it clear whether providing it is mandatory or optional.

Storing this information

Personal data relating to staff is stored in line with the Trust’s GDPR Data Protection Policy. In accordance with the GDPR, the school/Trust does not store personal data indefinitely; data is only stored for as long as is necessary to complete the task for which it was originally collected.

Staff personal data provided is kept for safeguarding purposes in accordance with Keeping Children Safe in Education for the duration of employment (with the exception of information relating to HR procedures and the recruitment process) and will be kept for a further six years from the end of employment.  This is with the exception of information relating to pension schemes (if relevant) which will be held for a period of 25 years from the end of employment.

Who we share this information with

We routinely share this information with:

  • our local authority
  • the Department for Education (DfE)
  • third-party service providers (where a contract exists) in order to fulfil contractual obligations, such as payroll

Why we share staff information

We do not share information about staff with anyone without consent unless the law and our policies allow us to do so.

Local authority

We are required to share information about our workforce members with our local authority (LA) under section 5 of the Education (Supply of Information about the School Workforce) (England) Regulations 2007 and amendments.

Department for Education (DfE)

We share personal data with the Department for Education (DfE) on a statutory basis. This data sharing underpins workforce policy monitoring, evaluation, and links to school funding / expenditure and assessment/educational attainment.

We are required to share information about our staff with the (DfE) under section 5 of the Education (Supply of Information about the School Workforce) (England) Regulations 2007 and amendments.

Data collection requirements

The DfE collects and processes personal data relating to those employed by schools (including Multi Academy Trusts) and local authorities that work in state funded schools (including all maintained schools, all academies and free schools and all special schools including Pupil Referral Units and Alternative Provision). All state funded schools are required to make a census submission because it is a statutory return under sections 113 and 114 of the Education Act 2005.

To find out more about the data collection requirements placed on us by the Department for Education including the data that we share with them, go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.

The department may share information about Trust employees with third parties who promote the education or well-being of children or the effective deployment of school staff in England by:

  • conducting research or analysis
  • producing statistics
  • providing information, advice or guidance.

The department has robust processes in place to ensure that the confidentiality of personal data is maintained and there are stringent controls in place regarding access to it and its use. Decisions on whether DfE releases personal data to third parties are subject to a strict approval process and based on a detailed assessment of:

  • who is requesting the data
  • the purpose for which it is required
  • the level and sensitivity of data requested; and
  • the arrangements in place to securely store and handle the data.

To be granted access to staff information, organisations must comply with its strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.

For more information about the department’s data sharing process, please visit:

https://www.gov.uk/data-protection-how-we-collect-and-share-research-data

To contact the department: https://www.gov.uk/contact-dfe

Transferring data internationally

Where we transfer personal data to a country or territory outside the European Economic Area, we will do so in accordance with data protection law.

Other information we collect and hold

The categories of other information that we collect, hold and share include:

  • Member, Director and Local Advisory Council member information (such as name, address, contact information, business interests, financial interests and governance roles in other schools or MATs).

Why we collect and use this information

Member, Director and Local Advisory Council member information is processed as a task in the public interest and is collected so that:

  • We can communicate with these groups regarding school or Trust business;
  • There is a public record (i.e. on the school/Trust website) of Members, Directors and Local Advisory Council members and their business interests;
  • Registration can take place at Companies House (in the case of Directors only), or on Government databases such as Get Information About Schools.

Collecting this information

  • Whilst the majority of information Members, Directors and Local Advisory Council members provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with data protection legislation, we will inform you whether you are required to provide certain information to us or if you have a choice in this.

Storing this information

  • We hold Member, Director and Local Committee personal data in line with the Trust’s GDPR Data Protection Policy. The Trust follows the retention schedule ‘Toolkit for Schools’ as published by the Information and Records Management Society.

Requesting access to your personal data

Under data protection legislation, you have the right to request access to information (a ‘subject access request’) about you that we hold. To make a request for your personal information, contact the Data Protection Officer (see below).

If you make a subject access request, and if we do hold information about you, we will:

  • Give you a description of it
  • Tell you why we are holding and processing it, and how long we will keep it for
  • Explain where we got it from, if not from you
  • Tell you who it has been, or will be, shared with
  • Let you know whether any automated decision-making is being applied to the data, and any consequences of this
  • Give you a copy of the information in an intelligible form

If you would like to make a request please contact our Data Protection Officer (see below).

Other rights

Under data protection law, individuals have certain rights regarding how their personal data is used and kept safe, including the right to:

  • Object to the processing of personal data if it would cause, or is causing, damage or distress
  • Prevent it being used to send direct marketing
  • Object to decisions being taken by automated means (by a computer or machine, rather than by a person)
  • In certain circumstances, have inaccurate personal data corrected, deleted or destroyed, or restrict processing
  • Claim compensation for damages caused by a breach of the Data Protection regulations

To exercise any of these rights, please contact our Data Protection Officer.

Contact Us

If you have any questions, concerns or would like more information about anything mentioned in this privacy notice, please contact:

Data Protection Education - Data Protection Officer (dpo@dataprotection.education)

Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/