Who we are:
The Rose Learning Trust is committed to keeping your personal information safe and secure. This notice is intended to provide information about how the Trust will use of “process” personal data about individuals including current, past and prospective pupils (“Pupils”) and their parents, carers or guardians (referred to in this notice as “parents”).This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why, and when we process your personal data.
The Rose Learning Trust’s registered office is:
The Rose Learning Trust
We are a company registered in England and Wales under company number 108820308
We are registered on the Information Commissioner's Office Register; registration number is
ZA 229898, and act as the Data Controller when processing your data. Our designated Data Protection Officer is Deborah Temperton, who can be contacted at DPO@roselearning.co.uk
Why the Trust needs to process persona data
In order to carry out its ordinary duties to staff, pupils and parents, the Trust may process a wide range of personal data about individuals as part of its daily operation. Some of this activity the Trust will need to carry out in order to fulfil its legal rights, duties, or obligations. To make sure we can help you learn and look after you at school. For the same reasons we get information about you from some other places too, like other schools, the local council, medical and educational professionals, and the government. The Trust holds the legal right to collect and use personal data relating to individuals, in order to meet legal requirements and legitimate interests set out in the GDPR and UK law, including those in relation to the following:
- Article 6 and Article 9 of the GDPR
- Education Act 1996
We hold some personal information about you to make sure we can help you learn and look after you at school. For the same reasons, we get information about you from some other places too, like other schools, the local council, medical and education professionals, and the governments
This information includes: - This list is not exhaustive
The personal data that we may collect, use, store, and share (when appropriate) about you and your children includes, but is not restricted to:
- Personal identifiers, contacts, and characteristics such as name, unique pupil number, contact details and address
- Attendance details such as sessions attended, number of absences and reason for absence
- Information relating to episodes of being a child in need (such as referral information, assessment information, Section 47 information, Initial Child Protection Information and Child Protection Plan information)
- Results of internal assessments and externally set tests
- Pupil and curricular records
- Characteristics, such as ethnic background, eligibility for free school meals, or special educational needs
- Exclusion information
- Special Education Needs information (including the needs, information from other professional services, information contained in an ECHP
- Details of any medical conditions, including physical and mental health
- Attendance information such as sessions attended, number of absences, absence reasons and any previous schools attended
- Behavioural information such as exclusions and any relevant alternative provision put in place
- Safeguarding information (such as court orders and professional involvement)
- Details of any support received, including care packages, plans and support providers
- Assessment and attainment information such as Key Stage 1 and phonics results, Key Stage 2 results
- School trip information such as consents and current medical issues, or voluntary contributions made
- Provision of educational software in support of teaching and learning
- Information to enable the pupil to be provided with a school meal
- Medical information and administration
- Information required in order to meet our statutory requirements for statutory returns and audit
We use CCTV in various locations around our school sites within the Trust to ensure it remains safe.
- We will adhere to the ICO’s Code of Practice for the use of CCTV.
- Any enquiries about the CCTV system should be directed to the DPO.
Why we use this information
We use this data to help run the school, including to: -
- Provide you with an education including extra-curricular activities
- Safeguarding pupils’ welfare and provide appropriate pastoral and where necessary, medical care
- Monitor pupils’ progress and educational needs
- Enable pupils to take part in national or other assessments, and to publish the results of public examinations or other achievements of pupils at the school
- Maintain relationships with the school community
- Help us with the management planning and forecasting, research, and statistical analysis and to enable us to monitor the Trust’s performance
- Allocate the correct teaching resource
- Provide any additional support
- Monitor use of the Trust’s IT system in accordance with the school’s Acceptable Use Policy
- Receive information about current and prospective pupils from any educational institution that they attend
- Confirm the identity of prospective pupils and their parents
- Use photographic or video images of pupils in learning journeys or in school displays for legitimate educational purposes. Photographs for promotional use for use in school newsletters or school or other websites or media will only be used with pupil’s/parents’ permission
- Create invoices and process payments for services such as school meals, school trips etc
- For security purposes and for regulatory and legal purposes, for example, child protection and health and safety and to comply with its legal obligations
- Receive reports from any organisations that may be working with your child
- Where otherwise reasonably necessary for the trust’s purposes, including to obtain appropriate professional advice and insurance for the school
- To keep you updated about the running of the school, such as emergency closures, events or activities including by sending updates and newsletters by text, email and post
Use of personal data for marketing purposes
Where you have given us consent to do so, we may send you marketing information by email or text promoting school events, campaigns, charitable causes or services that may be of interest to you. This may include relevant and appropriate information about fundraising events held by the school PTA or other local charities, or information about local commercial or not for profit services such as holiday clubs, child-friendly activities or other children’s services.
You can withdraw consent or ‘opt out’ of receiving these emails and/or texts by contacting your school office
We commission school photographers to take photos of pupils which are uploaded to our student information management systems. You may be offered these photographs for purchase through such service providers but there is no obligation to buy your child’s photograph.
We always obtain data sharing agreements for any such providers.
We never sell your data.
Our legal basis for using this information
- We will only collect and use your information when the law allows us to. Most often, we will use your information where:
- We need to comply with the law in meeting the statutory duties placed upon us
- We need to use it to carry out a task in the public interest in order to provide you with an education
Sometimes, we may also use your person information where:
- You, or your parents/carers have given us permission to use it in a certain way
- We need to protect you or someone’s else’s vital interests (protect your life)
- Where we have got permission to use your data, you or your parents/carers may withdraw this at any time. We will make this clear when we ask for permission and explain how to go about withdrawing consent.
- Some of the reasons listed above for collecting and using your information overlap, and there may several grounds which mean we can use your data.
Collecting this information
- Pupil data is essential for the school’s operational use.
- While in most cases you, or your parents/carers, must provide the personal information we need to collect, there are some occasions when you can choose whether or not to provide the data
- We will always tell you if it’s optional. If you must provide the data, we will explain what might happen if you do not
- In addition, when a child joins us from another school, we receive a secure file containing relevant information called a Common Transfer File (CTF)
- We ask parent to keep pupil information up to date via the school office. You will receive reminders to update your information regularly throughout the school year.
We keep personal information about pupils and parents/carers while they are attending our trust. We may also keep it beyond their attendance at our trust if this is necessary in order to comply with our legal obligations.
For information on our Records Management Policy, and how we keep your data safe, please see the trust website.
Why we share pupil information
We do not share information about pupils with any third party without consent unless the law and our policies allow us to do so.
Where it is legally required, or necessary (and it complies with data protection law) we may share personal information about pupils with:
- Our local authority to meet our legal obligations to share certain information with it, such as safeguarding concerns and exclusions
- The Department for Education
- The pupil’s family and representatives
- Schools within The Rose Learning Trust
- Educators and examining bodies
- Our regulator – Ofsted
- Financial Organisations
- Our auditors
- Survey and research organisations
- Health authorities such as the School Nurse and other medical professionals
- Health and social welfare organisations
- Professional advisers and consultants
- Charities and voluntary organisations in support of pupils’ needs
- Police forces, courts and tribunals
- Schools that the pupils attend after leaving us
- Our ICT support suppliers who support us with MIS and other ICT
- School meal providers where relevant allergy information is vital
- Suppliers and service providers and educational software providers in support of teaching and learning to enable them to prove the service we have contracted them for such as: -
- Arbor – our school information management system
- CPOMS – safeguarding and behaviour management system
- Video Conferencing e.g. Zoom
- Parent Pay – our parent communication and payment systems
- Parent Mail – our parent communication system
- Free School Meal Eligibility Team
- Education software in support of teaching and learning
- Assessment software in support of pupil assessment
- Microsoft Outlook email communication system
- Cool Milk to enable free milk for reception/nursery pupils
This list is not exhaustive.
We may also share your information with:
- Other partners, where we have your consent e.g. peripatetic music teachers
- Other third-party partners, where we have your consent, providing services such as after school clubs
Remote Learning/Home Working
Staff, learners, and other associates at the Rose Learning Trust will make use of personal data both in and outside of the organisation setting.
This will include homework, planning, marking, remote learning and collaboration with colleagues. It will also include administration processes and facilities management.
The Rose Learning Trust will review the use of suitable technology for remote working and home learning, and ensure that appropriate technical, security and organisational measures are taken. The choice of technologies and processes will take into account the needs of the Rose Learning Trust to respect and protect the rights and freedoms of its staff, learners, and the wider community with respect to personal data.
We use CCTV in various locations around our school sites within the Trust to ensure it remains safe. We will adhere to the ICO’s Code of Practice for the use of CCTV.
We do not need to ask individuals’ permission to use CCTV, but we make it clear where individuals are being recorded. Security cameras are clearly visible and accompanied by prominent signs explaining that CCTV is in use.
Any enquiries about the CCTV system should be directed to the DPO
The National Pupil Database (NPD)
The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.
To find out more about the pupil information we share with the department, for the purpose of data collections, go to:-
To find out more about the NPD, go to: -
The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:
- conducting research or analysis
- producing statistics
- providing information, advice or guidance
The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
- who is requesting the data?
- the purpose for which it is required
- the level and sensitivity of data requested: and
- the arrangements in place to store and handle the data
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
In accordance with Data Protection Law, some of the Trusts processing activity is carried out on its behalf by third parties, such as IT systems, web developers, cloud storage and social media providers. Where possible this is subject to contractual assurances that personal data will be kept securely and only in accordance with the Trusts specific directions.
The Trust is required by law to provide information to the DfE as part of statutory data collections such as the academy census and the academy workforce return. This data sharing underpins school funding and educational attainment policy and monitoring
For more information about the department’s data sharing process, please visit:
For information about which organisations the department has provided pupil information, (and for which project), please visit the following website:
To contact DfE: https://www.gov.uk/contact-dfe
- How to access personal information we hold about you
- You can find out if we hold any personal information about you, and how we use it, by making a ‘subject access request’, as long as we judge that you can properly understand your rights and what they mean.
If we do hold information about you, we will:
- Give you a description of it
- Tell you why we are holding it and using it, and how long we keep it for
- Explain where we got it from, if not from you or your parents
- Tell you who it has been, or will be, shared with
- Let you know if we are using your data to make any automated decisions (Decision being taken by a computer or machine, rather than by a person)
- Give you a copy of the information
- You may also ask us to send your personal information to another organisation electronically in certain circumstances
Your other rights over your data
You have other rights over how your personal data is used and kept safe, including the right to: -
- Say that you do not want it to be used if this would cause, or is causing, harm or distress
- Stop it being used to send you marketing materials
- Say that you do not want it used to make automated decisions (decisions made by a computer or machine, rather than by a person)
- Have it corrected, deleted, or destroyed if it is wrong, or restrict our use of it
- Claim compensation if the data protection rules are broken and this harms you in some way
We take any complaints about how we collect and use your personal data very seriously, so please let us know if you think we have done something wrong.
You can make a complaint at any time by contacting our Data Protection Officer, DPO@roselearning.co.uk
You can also complain to the Information Commissioner’s Office in one of the following ways:
Call: 0303 123 1113
Information Commissioner’s Office
Cheshire, SK9 5AF
If you have any questions, concerns or would like more information about anything mentioned in this privacy notice, please contact out Data Protection officer
Deborah Temperton at DPO@roselearning.co.uk
PRIVACY NOTICE - CORONAVIRUS - TRACK AND TRACE
All schools have an obligation to respond to the Government’s advice on the Coronavirus and the development of the NHS ‘Track and Trace’ scheme is a key part of the Government’s plan to manage Coronavirus
As our school have re-opened it has been our priority to ensure that the wellbeing and health and safety of our children, staff and their families is at the heart of our planning in order to ensure that our schools are safe places to return
Our responsibility extends beyond the school gates and we have a duty to respond to the government’s guidance. We hold a lot of data and it may be necessary for us to share this data, when request to do so, with the Public Health NHS (National Health Service) Trace and Trace Workers.
We expect that we will be asked to provide details, including contact details, of any cases of Coronavirus (or a suspected case) that may arise within any of our schools within The Rose Learning Trust. We have an obligation to share this, and any other health data, as part of our Public Duty as set out below.
We will endeavour to contact any and all individuals directly do that we can manage the information and sharing of their data. However, in some cases we may be required to provide this to the new Public Health HS Track and Trace system
Please be assured that we will keep a record of information that we share
This Privacy Notice should be read alongside other General Data Protection Regulation (GDPR) and Data Protection Information on our website.
NHS Test and Trace – The Law
The law on protecting personally identifiable information, known as the General Data Protection Regulation (GDPR), allows Public Health England to use the personal information collected by NHS Test and Trace.
The section of the GDPR that applies is:
Article 6(1)(e) ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’
As information about health is a special category of personal information, a further section of the GDPR applies:
Article 9(2)(i) ‘processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of healthcare’
Public Health England also has special permission from the Secretary of State for Health and Social Care to use personally identifiable information without people’s consent where this is in the public interest. This is known as ‘Section 251’ approval and includes the use of the information collected by NHS Test and Trace to help protect the public from coronavirus. The part of the law that applies here is Section 251 of the National Health Service Act 2006 and the associated Health Service (Control of Patient Information) Regulations 2002.
Test and Trace
Schools are in a very different situation. The tracing process of ‘Test and Trace’ is made more difficult as schools are public authorities. They have a legal duty to protect and promote the welfare of pupils and a duty of care to staff. It is hoped that additional government guidance will be provided for schools.
As a private individual, compliance with the scheme is optional, you cannot at the present time be forced to provide details. As a school it is more complicated.
If a person in a school has Covid or symptoms they will be sent home as will other people in school who have had contact and who may be at risk.
In school it would be most unusual for any one person to know the details of everyone else who may be affected. It is only the school that will have that data. We would notify individuals about a risk, and in many instances that will be sufficient
However, the Department of Education Guidance goes onto say:
‘As part of the national test and trace programme, if other cases are detected within the child or young person’s cohort or in the wider education or childcare settings, Public Health England’s local Health Protection Teams will conduct a rapid investigation and will advise the schools and other settings on the most appropriate action to take’
So in this situation is it not a matter of giving consent to share the data, there is a Public Duty to do so As a Trust we will co-operate with such requests and we are under an obligation to share data.
At no point we will share data without a sound legal basis, but please be aware that we will share data where necessary.