Skip to the content

Data Protection

Royal Wootton Bassett Academy Trust takes data protection and our obligations with regard to data protection seriously.

The Academy Trust is a Data Controller for the purposes of the Data Protection Act 2018 and the General Data Protection Regulation (together “Data Protection Law”) and is registered with Information Commissioner's Office (“ICO”). This section of the website provides information on how the Academy uses (“processes”) personal data about individuals (together “data subjects”).  

The Academy Trust Compliance Officer acts as the Academy’s Data Protection Officer and is available to contact on any Data Protection issue by emailing: gdpr@rwbatrust.org.uk

This section of the website is intended to be read in conjunction with other relevant Academy and Academy Trust policies including (but not limited to):

  • Taking, Storing and Using Images of Children Policy
  • Data Retention Policy
  • Child Protection and Safeguarding Policies
  • Health and Safety Policy
  • IT, Bring Your Own Device and Acceptable Use Policies

Personal Data

Personal data is data relating to a living individual who can be identified from that information or from that data and other information in the Academy’s possession (for example: name, address, telephone number, staff number). It can also include expressions of opinions about an individual. Sensitive or special category personal data relates to racial or ethnic origin, political opinions, religious beliefs, trade union membership, health, sex life, criminal convictions. Personal data concerning disability is sensitive data.

In order to carry out its ordinary duties to staff, pupils and parents, the Academy needs to process a wide range of personal data about individuals (including current, past and prospective staff, pupils or parents) as part of its daily operations. Dependent on the nature of the Academy’s relationship with the data subject, there will be different reasons and purposes for the school processing your personal data, the types of data held, how the data is collected, the legal basis for processing the data, who has access to the data, who the data is shared with, the retention period for that data, and the specific subject rights with regard to that data.

We collect and use pupil information under the Education Act 1996. The EU general data protection regulation 2016/679 (GDPR) took effect from May 25, 2018 and we use this data under Article 6 'lawfulness of processing' and Article 9 'Processing of special categories of personal data'.

We use pupil data:

  • to support pupil learning
  • to monitor and report on pupil progress
  • to provide appropriate pastoral care
  • to assess the quality of our services
  • to comply with the law regarding data sharing

The categories of pupil information that we collect, hold and share include:

  • Personal information (such as name, unique pupil number and address)
  • Any relevant medical information
  • Special Educational needs
  • Exclusions and behavioural information
  • Assessment information
  • Post 16 learning information
  • Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility)
  • Attendance information (such as sessions attended, number of absences and absence reasons).

Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the general data protection regulation (GDPR) we will inform you whether you are required to provide certain pupil information to us, or if you have a choice in this.

Storing pupil data

We hold pupil data for 6 years following a student's last entry which would be when they reach 25 years of age.

Who we share information with

We do not share information about pupils with anyone without consent unless the law and our policies allow us to do so.

We share pupils' data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.

We are required to share information about our pupils with the DfE under regulation 5 of the Education (Information About Individual Pupils) (England) Regulations 2013.

Students aged 13+

Once our pupils reach the age of 13, we also pass pupil information to our local authority and/or provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996. This enables them to provide services as follows:

  • careers advisers
  • youth support services

A parent/guardian can request that only their child's name, address and date of birth is passed to their local authority or provider of youth support services by writing to us. This right is transferred to the child/pupil once he/she reaches the age of 16.

Students aged 16+

We will also share certain information with our local authority and/or provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996. This enables them to provide services as follows:

  • post-16 education and training providers
  • careers advisers
  • youth support services

Privacy Notices

For ease of reference and understanding, the Academy Trust has produced different Privacy Notices for the different categories of individuals it deals with. These can be accessed below.

Your Rights and Contact Details

All data subjects have certain rights under Data Protection Law, including a right to be given access to data held about them by a data controller. Other rights will be dependent on the nature of the information given and are more fully explained in the privacy notices below.

If you have any concerns about the Academy’s handling of your personal data, please contact the Academy Trust’s Data Protection Officer (gdpr@rwbatrust.org.uk). You can also find details of your rights under Data Protection Law at: www.ico.org.uk.