General Data Protection Regulation (GDPR)

St Mary's Catholic Primary School – Data Protection

Our Commitment to Your Privacy

At St Mary's Catholic Primary School, we take data protection and your privacy seriously. In line with the UK General Data Protection Regulation (UK GDPR), we are committed to ensuring that personal data relating to pupils, parents/carers, staff, and other stakeholders is handled securely, lawfully, and transparently.

What is GDPR?

The General Data Protection Regulation (GDPR) is a law that came into effect on 25 May 2018. It replaces the Data Protection Act 1998 and sets out key principles and responsibilities for how organisations, including schools, collect, use, store, and share personal information.

Why We Collect and Use Personal Data

We collect and use personal information for a number of reasons, including:

  • To support pupil learning and progress
  • To monitor and report on pupil attainment and attendance
  • To provide pastoral care and ensure the safety and welfare of our pupils
  • To manage school operations (e.g., staffing, recruitment, governance, school trips)
  • To communicate with parents, carers, and external agencies
  • To meet our legal obligations to share data with the Department for Education (DfE), Ofsted, and the Local Authority

What Data We Hold

We may collect and process the following types of personal data:

  • Pupil and parent/carer names, contact details, and emergency contact information
  • Date of birth, gender, nationality, and unique pupil numbers (UPN)
  • Attendance and behaviour records
  • Medical and dietary information
  • Safeguarding information
  • Special educational needs and disabilities (SEND) data
  • Assessment and academic data
  • Staff qualifications and employment details (for school staff)

Lawful Basis for Processing

We only process personal data where there is a lawful basis to do so under UK GDPR. This includes:

  • Legal obligation
  • Public task (in the public interest)
  • Contractual necessity
  • Consent (in specific situations)
  • Vital interests (to protect life)

How We Keep Your Data Safe

We have strong data protection and cybersecurity measures in place to protect your information. This includes:

  • Password-protected systems
  • Secure storage of paper records
  • Regular reminders in briefings for staff regarding data protection
  • Clear retention and deletion policies

Who We Share Data With

We only share personal data where it is lawful and necessary, for example with:

  • The Department for Education (DfE)
  • The Local Authority (London Borough of Enfield)
  • School nursing and health services
  • Educational software providers (e.g. for online learning platforms)
  • Ofsted or other education inspection bodies
  • External agencies for safeguarding or special education support

We will not share your personal information with third parties for marketing purposes.

Your Rights Under GDPR

Under GDPR, you have the right to:

  • Access the personal data we hold about you and your child
  • Request correction of any inaccurate data
  • Request erasure of data in certain circumstances
  • Object to or restrict processing
  • Request data portability (for certain types of data)
  • Withdraw consent (where processing is based on consent)

If you would like to make a data request or raise a concern about how your personal data is being handled, please contact the school.

Contact Details

Our Admin Officer is Mrs Petra Efstathiou, she may be contacted by email:

 

office@stmarys.enfield.sch.uk

Phone: 020 88042396
Address: St Mary’s Catholic Primary School, Durants Road, Ponders End, Enfield EN3 7DE

 

 

The Data Protection Officer may be contacted by email:

 

Schools.Data.Protection.Officer@enfield.gov.uk quoting our school name

 

or by post:

 

Data Protection Officer - <St Mary’s Catholic Primary School

Enfield Council

Civic Offices

Silver Street

Enfield

EN1 3XA

 

Policies and Further Information

You can access our policies below including:

  • Data Protection Policy
  • Privacy Notice for Parents and Pupils
  • Retention Schedule

 

For more information on how the UK GDPR affects schools, visit the ICO website: https://ico.org.uk/

 

ARTICLE 30 REGISTER OF PROCESSING ACTIVITIES SEPTEMBER 2024

ARTICLE 35 DATA PROTECTION IMPACT ASSESSMENT SEPTEMBER 2024

DATA PROTECTION POLICY FOR ST MARY'S APRIL 2024

FREEDOM OF INFORMATION POLICY SEPTEMBER 2024

PRIVACY NOTICE APRIL 2025

PRIVACY STATEMENT FOR YOUNG PEOPLE SEPTEMBER 2024

RETENTION AND DISPOSAL SCHEDULE FOR ST MARY'S SEPTEMBER 2024