Skip to content ↓

Privacy Notice

This Policy applies to Coombe Hill Infants’ School and its wraparound care – Coombe Connections Club.

This document is intended to give you, as parents, a guideline as to how we, Coombe Hill Infants’ School, use information about your child. We legally have to follow the General Data Protection Regulation (GDPR). This came in to force on 25 May 2018 and is used alongside the Data Protection Act 2018.


Why do we collect and use pupil information?

We collect and use pupil information under the Section 537A of the Education Act 1996 – this information can be found in the census guide documents on the following website

We also collect data under the EU – General Data Protection Regulation,

  • Article 6 “Lawfulness of Processing”: Processing is necessary for compliance with a legal obligation to which the controller (i.e. the school) is subject.
  • Article 9 (c) “Processing of Special Categories of Personal Data”: Processing is necessary to protect the vital interests of the data subject or of another person where the data subject is physically or legally incapable of giving consent.

We may also receive information about our pupils from their previous schools or nursery, the local education authority or the Department for Education (DfE).

We use the pupil data:

  • to support pupil learning
  • to monitor and report on pupil progress
  • to provide appropriate pastoral care
  • to assess the quality of our services
  • to comply with the law regarding data sharing


The categories of pupil information that we collect, hold and share include:

  • Personal information (such as name, unique pupil number and address)
  • Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility)
  • Attendance information (such as sessions attended, number of absences and absence reasons)
  • Assessment information, (such as teacher assessment levels, SATS scores, and progress tracking scores or as required by the Department of Education (DfE)
  • Medical information (such as details into medical condition, treatment of medical condition and medicines to be administered, first aid incidents)
  • Special Educational Needs information (such as type of special educational need, intervention information, referral information to other LA services)
  • Behavioural information (such as behaviour incidents, behaviour monitoring and sanctions and rewards information)
  • Asylum/Refugee status information as required by the Local Authority
  • Parental contact details
  • Admission numbers
  • Previous educational settings
  • Child’s birth date confirmation
  • Child’s address confirmation
  • Sibling information
  • Home School Partnership documentation.
  • Safeguarding information (such as safeguarding incidents and referrals to the LA)
  • We also use photographs within school of your child. See Parental Consent form.


Collecting pupil information

Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this.


Storing pupil data

We hold pupil data in the form of secure paper and electronic records. This information is stored and retained in accordance with the Information and Records Management Society (IRMS) 2016. As guidelines become updated we will adhere to the new updates.


Who do we share pupil information with?

We routinely share pupil information with:

  • schools that the pupil’s attend after leaving us
  • our local authority
  • the Department for Education (DfE)
  • School Health
  • The NHS

We also employ other companies as data processors. We share personal data with these companies to enable them to perform specific functions as part of the administration of the school or to deliver teaching and learning and other essential services. Examples of data processors we use are Capita, ParentPay and Accent (our catering company). The school is responsible for how these companies use your data and therefore we ensure that the companies comply with data protection laws and our policies.


Why we share pupil information

We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.

We share pupils’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.


Data collection requirements:

To find out more about the data collection requirements placed on us by the Department for Education (for example: via the school census) go to


The National Pupil Database (NPD)

The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.


We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.


To find out more about the pupil information we share with the department, for the purpose of data collections, go to


To find out more about the NPD, go to


The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:

  • conducting research or analysis
  • producing statistics
  • providing information, advice or guidance


The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:

  • who is requesting the data
  • the purpose for which it is required
  • the level and sensitivity of data requested: and
  • the arrangements in place to store and handle the data


To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.


For more information about the department’s data sharing process, please visit:


For information about which organisations the department has provided pupil information, (and for which project), please visit the following website:


To contact DfE:


Requesting access to your personal data

Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact Jackie Patel, Data Protection Officer (contact details at end).


You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations


If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at



If you would like to discuss anything in this privacy notice, please contact:

            Alison Reid, Data Protection Officer.

Coombe Hill Infants’ School

Coombe Lane West




020 8942 9481