We are committed to protecting your personal data, and ensuring it is used fairly and lawfully. Information you provide to us will be used in accordance with UK GDPR and the Data Protection Act 2018 legislation.
We are the data controller under the legislation for the personal information we hold about you or your child.
What information do we use?
- personal identifiers and contacts (such as name, unique pupil number, NHS, number, contact details and address)
- characteristics (such as ethnicity, language, and free school meal eligibility)
- safeguarding information (such as court orders, case notes and professional involvement)
- criminal justice information (such as youth justice referral orders)
- special educational needs and disabilities information
- attendance (such as sessions attended, number of absences, absence reasons and any previous schools attended)
- assessment and attainment (such as key stage 1 and phonics results, post-16 courses enrolled for and any relevant results)
- behavioural information (such as exclusions and any relevant alternative provision placements put in place)
- personal relationships (such as contact details of parents/carers, detail of siblings and persons involved with child or young person
This list is not exhaustive, for further information see our privacy notices.
Why do we use this information?
The information you provide helps us to support you and your family alongside helping us to ensure we are meeting our legal responsibilities. For example, we may use it as part of an assessment of educational, social care or family support needs. We need this information to:
- provide appropriate support and care to you, your child or family
- assess whether our services are making a difference, including measuring how well we are doing
- develop and improve our services,
- administer and protect public funds
The usual legal basis for using your information is to comply with a legal obligation we are subject to or to undertake a task we must do or we are empowered to do in the public interest.
If we use special categories of data, for example, more sensitive information relating to your health and ethnicity, it will be because it is necessary for the conditions relating to substantial public interest or the provision/management of social care systems and services.
If we use an alternative legal basis to process your personal data for any reason you will be made aware.
Definitions of legal bases and conditions for using special categories of data can be found on the Information Commissioner's website.
The key statutes that underpin the legal bases and conditions are:
- Education Act 1996
- Children and Families Act 2014
- Children Act 1989
- Education and Inspection Act 2011
- Education and Skills Act 2008
- Working together to Safeguard Children 2018 - Statutory Guidance
- Children and Social Work Act 2017
- Adoption and Children's Act 2002
- Foster Services Regulations 2011 - Statutory Guidance
- Care Standards Act 2000
- Securing Sufficient Accommodation for Looked Children - Statutory Guidance
- Crime and Disorder Act 1998
- Equalities Act 2010
This list is not exhaustive, for further information see our privacy notices.
We collect information, if appropriate and relevant, from a range of individuals and organisations. These will include yourself, family members, schools, health organisations, government departments and criminal justice organisations.
Children and young person's data is essential for to support our operational services that support children and families. Whilst most of the personal information you provide to us is mandatory, some of it is requested on a voluntary basis. To comply with data protection legislation, we will inform you at the point of collection, whether you are required to provide certain personal information to us or if you have a choice in this.
Please note if you do not provide the information that we request it may affect our ability to deliver the support you and your family require.
How will your information be kept secure?
In order to meet our commitment to protecting your personal data we have data policies and procedures in place to ensure that it is safeguarded.
We carry out checks on all third parties we use, and also have contracts in place with them which detail data protection obligations they have to follow. For example, they are required to conform to our supplier information security policy, which protects your data while in their hands.
Your information will only be held by us for the set amount of time stated in our records retention schedule and will be permanently deleted or securely destroyed at the end of the period stated unless we have a lawful reason to retain it.
Who do we share your information with?
We are required by law to pass on personal data we hold about you or your child to the Department for Education (DfE), other government departments and our partner organisations in some circumstances and with your consent in others.
We have a number of data sharing agreements in place with partner agencies including government departments, schools, health services, criminal justice agencies and external consultants who help us improve our services.
We'll often have completed a Data Protection Impact Assessment (DPIA) before we share personal information to make sure we protect your privacy and comply with the law.
For further information on who we share information see our privacy notices.
Wherever possible, we will discuss with you the reasons for sharing information and ask for your consent. However, in many circumstances, the law and our policies allow us to share information without your consent (for example when we feel that you or others are at the risk of harm). When sharing information, we do so in line with data protection legislation and agreed information sharing protocols with our partners.
What are your rights to the personal information we hold about you?
You have the following rights, subject to lawful exemptions, to:
- access copies of any records we hold about you or your child
- have any information we hold about you or your child corrected
- have any information we hold about you or your child erased
- restrict how information we hold about you or your child can be used or shared
- object to information about your you or your child being held
- have any information we hold about you or your child transferred to a third party
- challenge decisions relating to you or your child made using automated decision-making and profiling
You can find more information on your rights, and how to make requests under those rights.
For more detailed advice on your rights visit the Information Commissioner's Office.
Where we are using your personal data with your consent, you have the right to withdraw that consent. If you change your mind, or you are unhappy with our use of your personal data, please let us know by contacting your named contact in whichever of our services is currently supporting you or your child or alternatively contact:
Data Protection Officer
Derbyshire County Council
If you are not satisfied with our response you can request that your concern or complaint is dealt with under the more formal process set out in our complaints procedure.
If, however, you are dissatisfied with our response to your complaint you can of course contact the:
Information Commissioner's Office
Tel: 0303 123 1113 (local rate) or tel: 01625 545 745 if you prefer to use a national rate number.
Fax: 01625 524 510
The Information Commissioner's Office deals with concerns and complaints relating to data protection and freedom of information legislation.
If you have any questions about this privacy notice, email email@example.com
Organisations that we may share your personal data with
Department for Education (DfE)
We share children and young person's data with the Department for Education (DfE) on a statutory basis under section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013. This data sharing underpins school funding, educational attainment policy and monitoring and enables them to produce statistics, assess our performance, determine the destinations of young people after they have left school or college and to evaluate government funded programmes. We do not share information about children and young people without consent unless the law and our policies allow us to do so.
You can find out more about the data collection requirements placed on us by the Department for Education, for example via the school census.
The National Pupil Database (NPD)
The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the department. It's held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
The law requires us to provide information about our pupils to the DfE as part of statutory data collections. Some of this information is then stored in the national pupil database (NPD). The legislation that requires this is the Education (Information About Individual Pupils) (England) Regulations 2013.
Find out more about the NPD.
The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:
- conducting research or analysis
- producing statistics
- providing information, advice or guidance
The department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
- who is requesting the data
- the purpose for which it is required
- the level and sensitivity of data requested
- the arrangements in place to store and handle the data
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
You can find more information about the department's data sharing process.
You can also find information about which organisations the department has provided pupil information and for which project.
Contact the DfE.
NHS Digital operates an IT system known as the Child Protection Information Sharing system (CP-IS). This system helps health and social care staff in England to share information about child protection plans securely, to better protect society's most vulnerable children. When a child is known to social services and is a looked after child, on a child protection plan or unborn child protection plan, basic information about that plan (referred to in this notice as CP Information) is shared securely with the NHS through CP-IS.
During the coronavirus pandemic, CP information will be extracted from CP-IS and shared with school nurses and health visitors, who work for local 0 to 19 public health service providers. This is because school nurses and health visitors cannot currently access CP-IS.
This information is being shared for child protection and health safeguarding purposes and will provide school nurses and health visitors across England with an additional reliable source of information about children on a protection plan and children with a looked after status. This will support them to provide healthcare services to those children at a time when local arrangements for data-sharing may be more difficult to administer due to the impact of coronavirus.
NHS Digital is the controller of the CP information extracted from CP-IS under the General Data Protection Regulation 2016 (GDPR) jointly with NHS England. This is because NHS England has directed NHS Digital to collect this information under the COVID-19 NHS England Public Health Directions 2020 (COVID-19 Directions).
For further information please visit the following NHS Digital pages: