General Data Protection Regulations

GDPR 

How we use pupil information

Over Hall Community School collects and uses pupil information to support learning, safeguard pupils, meet statutory requirements and ensure the effective operation of the school.

The categories of pupil information we collect include:

  • Personal information (such as name, date of birth, address)
  • Contact details
  • Assessment and attainment data
  • Behavioural information
  • Attendance information
  • Special educational needs information
  • Safeguarding information
  • Medical information
  • Photographs 

Why we collect and use pupil information

We use pupil data to:

  • Support pupil learning and progress
  • Monitor and report on attainment and progress
  • Provide appropriate pastoral and safeguarding support
  • Assess the quality of our services
  • Administer admissions, transitions and school meals
  • Meet statutory duties, including census returns
  • Comply with legal and regulatory requirements

The lawful basis for using pupil information

Under the UK GDPR, the lawful bases we rely on for processing pupil data include:

  • Public task – processing is necessary to perform a task in the public interest or in the exercise of official authority (the provision of education)
  • Legal obligation – processing is required by law (e.g. School Census, safeguarding)
  • Vital interests – to protect the health or safety of pupils
  • Consent – used only where required, such as for pupil photographs used for promotional purposes (consent can be withdrawn at any time)

Who we share pupil information with

We routinely share pupil information with:

  • Schools pupils attend after leaving us
  • Our local authority and their commissioned service providers
  • The Department for Education (DfE)
  • Health, social care and safeguarding agencies where required
  • Assessment and education support services

We do not share personal information unnecessarily. Some data sharing is statutory and does not rely on consent.

The National Pupil Database (NPD)

The National Pupil Database is owned and managed by the Department for Education and contains information about pupils in schools in England. It is used to support research, statistics and educational improvement.

We are required by law to provide information to the DfE through statutory data collections such as the School Census. This is permitted under the Education (Information About Individual Pupils) (England) Regulations 2013.

The DfE may share information from the NPD with approved third parties who promote the education or wellbeing of children by:

  • Conducting research or analysis
  • Producing statistics
  • Providing information, advice or guidance

Strict controls apply to how this data is accessed, stored and used.

Further information is available on the GOV.UK website.

Storing pupil information

We hold pupil information securely on our electronic systems and, where necessary, in paper form.

  • Access is restricted to authorised staff only
  • Security measures are in place to prevent unauthorised access
  • Pupil records are retained until the pupil reaches the age of 25, after which they are securely destroyed in line with retention guidance.

Your data protection rights

Under data protection legislation, parents/carers and pupils have the right to:

  • Be informed about how personal data is used
  • Access personal data held about them
  • Request rectification of inaccurate or incomplete data
  • Request erasure of data (in certain circumstances)
  • Restrict processing (in certain circumstances)
  • Object to processing (where applicable)
  • Withdraw consent (where consent is the lawful basis)
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

Requesting access to personal data (Subject Access Requests)

Parents/Carers and pupils may request access to personal data held by the school.

Requests:

  • Can be made verbally or in writing
  • Will be responded to within one calendar month
  • Should be directed to the Headteacher or the Data Protection Officer

We also share Data Collection Sheets annually to ensure our records remain accurate and up to date.

Photographs

The school will seek consent from parents/carers before using pupil photographs for non-statutory purposes such as the website or promotional materials. Consent preferences are recorded and stored securely.

Data Protection Officer (DPO)

The school has appointed a Data Protection Officer to oversee compliance with data protection legislation.

Data Protection Officer:

Miss Clews - School Business Manager

Email: businessmanager@overhall.cheshire.sch.uk 

Concerns and complaints

If you have a concern about how we collect or use personal data, please contact the Headteacher or the Data Protection Officer in the first instance.

You may also contact the Information Commissioner’s Office (ICO):

Website: www.ico.org.uk/concerns 

Review

This privacy notice is reviewed regularly and updated as necessary.

Screenshot 2026-01-01 155434.png

Files to Download

cat-data-protection-policy-inc.-the-protection-of-biometric-information.pdf cat-privacy-notice-for-pupils.pdf cat-privacy-notice-for-workforce.pdf cat-privacy-notice-for-governors.pdf