Data protection & gdpr
At St James the Great Catholic Primary School, we are committed to protecting the privacy and security of personal information relating to our pupils, parents, staff, governors, and wider school community.
We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, ensuring that all personal data is processed lawfully, fairly, and transparently.
Who We Are (Data Controller)
St James the Great Catholic Primary School is the data controller for the personal information we hold. This means that we are responsible for deciding how we hold and use personal information. We are required under data protection legislation to notify you of the information contained here.
Contact details:
St James the Great Catholic Primary School
Windsor Road
Thornton Heath
CR7 8HJ
0208 771 3424
Data Protection Officer (DPO):
Mr Chris Andrew
office@stjamesthegreat.org
What Information We Collect
We may collect, store and use the following types of personal data:
Pupils:
- Personal identifiers (name, date of birth, address, unique pupil number)
- Characteristics (ethnicity, language, eligibility for free school meals)
- Attendance, assessment and attainment data
- Safeguarding and welfare information
- Medical and dietary information
Parents / Carers:
- Contact details
- Relationship to child
- Financial information (where applicable)
Staff and Governors:
- Personal and contact details
- Employment and recruitment information
- Payroll and performance data
- DBS and safeguarding information
Why We Collect and Use This Information
We use personal data to:
- Support pupil learning and progress
- Monitor and report on attainment and attendance
- Safeguard and promote pupil welfare
- Manage admissions and school administration
- Comply with legal and statutory obligations
- Support staff employment and school operations
Under UK GDPR, schools must identify a lawful basis for processing data, such as carrying out a public task, meeting legal obligations, or fulfilling a contract.
Lawful Basis for Processing
We process personal data under the following lawful bases:
- Public task – to provide education and safeguard children
- Legal obligation – to comply with education law and statutory duties
- Contract – for employment-related processing
- Consent – where required (e.g. use of photographs online)
For special category data (e.g. health or safeguarding information), we process this under additional conditions such as substantial public interest or safeguarding duties.
How We Store and Protect Data
We hold personal data securely and retain it only for as long as necessary, in line with the trust's retention schedules.
We ensure appropriate technical and organisational measures are in place to protect personal data from loss, misuse, or unauthorised access.
Who We Share Data With
We may share personal data with:
- The Department for Education (DfE)
- The Local Authority
- Other schools (e.g. when transferring)
- NHS and health services
- Safeguarding partners
- Approved third-party service providers
Schools are required to share certain data (e.g. school census data) with the DfE as part of statutory duties.
We do not share personal data unless it is lawful and necessary to do so.
Your Data Protection Rights
Under UK GDPR, individuals have the right to:
- Be informed about how their data is used
- Request access to their personal data (Subject Access Request)
- Request correction of inaccurate data
- Request deletion (in certain circumstances)
- Restrict or object to processing
- Data portability (where applicable)
Schools must clearly explain these rights in their privacy notices and how individuals can exercise them.
To exercise any of these rights, please contact the school or our Data Protection Officer.
Photographs and Media
We may take photographs or videos for educational and promotional purposes.
- Consent is requested when a pupil joins the school (e.g. for school newsletters, website or social media use)
- Individuals have the right to withdraw consent at any time
- Images will be used in line with our Use of Communication Channels Policy
Data Breaches
In the unlikely event of a data breach, we will:
- Investigate and take appropriate action
- Notify affected individuals where necessary
- Report to the Information Commissioner’s Office (ICO) when required
Freedom of Information
As a public authority, the school complies with the Freedom of Information Act 2000 and adopts the ICO Model Publication Scheme, making key information publicly available.
Further Information
If you have any questions or concerns about how your data is handled, please contact us or our Data Protection Officer.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).