Data Protection

Data Protection and
Freedom of Information


These pages cover the school’s legal and other obligations with regard to:

  • the school’s Privacy Notices (formerly Fair Processing Notices)
  • the use of personal information (e.g. pupils and staff)
  • Storage systems, including Cloud-based Services
  • Organisations with whom we share our data
  • our Data Protection Registration

Privacy Notices (formerly Fair Processing Notices)

Schools, Local Authorities (LA), the Department for Education (DfE) and other educational bodies that process personal data about pupils and staff are required by the Data Protection Act (1998) to issue a Notice to parents/pupils and staff to inform them of the purposes for which that personal data may be held and used.  The term ‘Fair Processing Notice’ has been replaced by ‘Privacy Notice’. 

Pupils and Parents

Northenden Community School are a data controller for the purposes of the data Protection Act.  We collect personal information from about you and may receive information about you from your previous school.  We hold this personal data to:

  • support your learning;
  • monitor and report on your progress;
  • provide appropriate pastoral care;
  • ensure your safety;
  • asses how well we are doing as a school.

Information about you that we hold is shown below.  We are required by law to pass some information about to our Local Authority (Manchester City Council) and the Department for Education.  We will not give information about you to anyone without your consent unless the law and our policies allow us to.

School Workforce

Northenden Community School are a data controller for the purposes of the data Protection Act.  We collect personal information from about you and may receive information about you. We hold this personal data to:

  • assist in the smooth running of the school
  • provide adequate professional services, e.g. payroll for employees
  • define and monitor of professional activity and performance
  • improve the management of the school workforce data across the sector
  • enable a comprehensive picture of the school workforce and how it is deployed
  • inform recruitment and retention policies and procedures
  • allow for better financial modelling and planning
  • enable ethnicity and disability monitoring
  • support the work of the DfE its agencies and related independent bodies

Use of Personal Information

We store, process and use the following information


  • full name, including any changes of name
  • address, including previous addresses
  • names, addresses and telephone/email contact information of family members (see below)
  • names, addresses and telephone/email contact information of other emergency contacts (see below)
  • personal data, including gender, Ethnic origin, gender, religion, home language
  • medical information, including illnesses and medical conditions, allergies, emergency treatment and required medication
  • pupils’ work (in exercise books), including ongoing marking of work and assessment data
  • summative assessment data, including EYFS, Phonics and Key Stage national assessment results
  • Special Educational Needs, including statements, needs analyses and Individual Education Plans
  • current and historical school reports, including those from other schools
  • participation in school activities, including extra-curricular activities and wrap-around care
  • letters to parents regarding individual pupils
  • safeguarding and child protection information, including that shared by Children’s Services
  • behaviour records, including monitoring records and exclusions
  • attendance records, including authorised and unauthorised absence
  • references to and from other schools
  • photographs of pupil participation in key events and activities
  • individual and class photographs

Pupil data is shared with / stored by

  • the Local Authority (Manchester City Council)
  • Children’s Services (for the purposes of child protection)
  • the Department for Education and its agencies
  • parents (and legal guardians) of the child
  • other schools
  • school and online systems (see below)

Pupils’ Parents and other significant adults

  • full name
  • address and telephone/email contact information
  • child protection referrals and concerns
  • payments made to school for a range of activities and services
  • financial data (stored on ParentPay)

Staff (past and present) and volunteers (where applicable)

  • full name
  • National Insurance and other employment-related details
  • address and telephone/email contact information
  • emergency contact information, including next of kin
  • application forms and qualifications
  • employment checks and references
  • job descriptions, appraisal and other relevant professional development records
  • vetting and Disclosure and Barring Service (formerly CRB) disclosure records
  • medical assessments, where relevant
  • declarations of disqualification and disqualification by association (from childcare)
  • contractual information, including salary and historical payroll information
  • attendance records, including any periods of absence from work
  • references to potential or next employers
  • disciplinary or other professional records, where relevant
  • other relevant employment records

Staff data is shared with / stored by

  • the Local Authority (Manchester City Council)
  • Personnel (One Education) and Payroll (MCC) departments
  • Children’s Services (for the purposes of child protection)
  • the Department for Education and its agencies
  • other employers
  • school and online systems (see below)


We never disclose or share information about pupils or staff with another organisation unless:

  • we are required to do by law or for the purposes of safeguarding
  • the information shared is limited to that required for the purpose
  • the organisation is well known to us, e.g. the Local Authority or the DfE
  • the school has checked the credentials of the requesting organisation
  • we have the permission of parents, e.g. for publication of photographs or other information

Storage and Processing of Personal Data

Personal data is stored, processed and exchanged in the following ways:

  • computer-based databases
  • school computer networks and servers
  • e-mail systems, including secure and encrypted systems
  • password-protected and encrypted staff laptops and memory sticks
  • online data transfer systems
  • online data backup systems (for SIMS)
  • CCTV system (internal and external communal areas – site security only

We use the following school-based and online systems to store and process information about individuals:

  • SIMS (School Information Management System – all pupil and staff data)
  • ORBIT – EYFS assessment and recording system (can be accessed by parents)
  • I-Track (pupil assessment data) – Privacy Policy
  • Blue Sky (staff appraisal data)
  • Junior Library Online (for school library membership, book loans)
  • Parent Pay (online payments system)
  • School website (individual photographs)
  • Swymphony (for pupil swimming achievements)
  • Google Mail for Education
  • Department for Education Secure Access website (including School to School transfer)
  • MCC DBS Application Online system (provided by United Medicare Ltd)

In storing and processing information we comply with the Data Protection Principles which are that the personal information is:

  • fairly and lawfully processed
  • processed for specific purposes
  • adequate, relevant and not excessive
  • accurate and up to date
  • not kept longer than is necessary
  • processed in line with individuals’ rights
  • secure
  • not transferred to other countries without adequate protection

Data Protection Act (Registration)

As required by law, the school is registered with the Information Commissioner’s Office as a user of information about individuals.  Our registration details are as follows:

Registration Number: Z7490495
Date Registered: 16 December 2002

Registration Expires: 15 December 2015
Address: Bazley Road, Northenden, Manchester M22 4FL

This registration information is publicly available via the SEARCH option on the ICO website

Under this registration, we have declared the following:

Reasons/purposes for processing information.

We process personal information to enable us to:

  • provide education, training, welfare and educational support services
  • administer school property
  • maintain our own accounts and records
  • carry out fundraising
  • support and manage our employees

We also use CCTV systems to monitor and collect visual images for security and the prevention of crime.

Type/classes of information processed.

We process information relating to the above reasons/purposes. This information may include:

  • name and personal details
  • family, lifestyle and social circumstances
  • financial details
  • education details
  • employment details
  • student and disciplinary records
  • vetting checks
  • goods and services
  • visual images, personal appearance and behaviour

We also process sensitive classes of information that may include:

  • physical or mental health details
  • racial or ethnic origin
  • religious or other beliefs of a similar nature
  • trade union membership
  • sexual life
  • offences and alleged offences

Who the information is processed about

We process personal information about:

  • our students and pupils
  • advisers and other professional experts
  • school staff
  • members of school boards
  • donors and potential donors
  • suppliers
  • complainants and enquirers
  • individuals captured by CCTV images

Who the information may be shared with

We sometimes need to share the personal information we process with the individual themself and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.

Where necessary or required we share information with:

  • education, training, careers and examining bodies
  • school staff and boards
  • family, associates and representatives of the person whose personal data we are processing
  • local and central government
  • healthcare professionals
  • social and welfare organisations
  • police forces
  • courts
  • current, past or prospective employers
  • voluntary and charitable organisations
  • business associates and other professional advisers
  • suppliers and service providers
  • financial organisations
  • security organisations
  • press and the media
Translate »