Skip to content ↓

GDPR - Privacy Notice

Privacy Notice for Parents and Carers

Under data protection law, individuals have a right to be informed about how the school uses any personal data held about them. We comply with this right by providing ‘privacy notices’ to individuals whose personal data we may be required to process.

 This privacy notice aims to inform parents and carers of how and why The St Marylebone CE Bridge School collects, stores and uses information about pupils and parents. Pupils under 13 and those with learning difficulties may not be considered to have the capacity to consent or understand these regulations, therefore it is important that parents and carers understand their rights and those of their child.

We, (The St Marylebone CE Bridge School) are the ‘data controller’ for the purposes of data protection law.

Our data protection officer is: Kate Miller.

The Collection and Use of Personal Data

1.1 Why do we collect data?

 Much of the data items the school processes are necessary for us to operate and educate your child and are covered by the six lawful basis outlined in the regulations. The school will only collect the data needed for a specific purpose, ensure it is maintained accurately and store it securely until it is no longer required. The upmost care is taken to manage and process any data, lawfully, fairly and in a transparent manner as directed by the General Data Protection Regulations (GDPR).

We use the pupil data:

To support pupil learning.

To monitor and report on pupil progress.

To provide appropriate pastoral care.

To protect pupil welfare.

To assess the quality of our services.

To administer admissions waiting lists.

To carry out research.

To comply with the law regarding data sharing.

1.2 What types of data?

Some of the data items we retain are in the form of hard copies, such as those received from your local authority (i.e. Education Health and Care Plans) and other professionals, (i.e. Educational Psychologist, CAMHS reports etc.). Other elements are in the form of digital data, such as the personal information we store in our school management system (SIMS) which may have been supplied by parents/carers or forwarded to us from a previous school during a pupil’s transition.

 The school creates various data items on pupils during their time at school. These include assessment, where baselines are determined on entry and current attainment is measured termly, (Classroom Monitor) and attendance (SIMS) which is monitored twice daily.

Data items that the school requires to function are often in the form of personal information or sensitive information. The following are not an exhaustive list, but these may include:


Unique pupil number.

Date of birth.


Parent contact information.


First language.


Free school meals eligibility. In addition, there are other necessary pieces of information that the school requires to function.

These can include:

Relevant medical information and allergies.

Special educational needs information.


Assessment data.

Under the new regulations, obtaining these data items would be classed as a legal obligation, a public task or a vital interest. We rely on them to enable us to keep pupils safe, monitor their progress and draw on the skills of other professionals to tailor teaching and learning to each pupil’s specific needs.

1.3 Collecting Data:

Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis and you have the right to refuse to provide this. In order to comply with the General Data Protection Regulations, any time you are requested to provide private or sensitive information in future, we will inform you whether this is mandatory, or if this is voluntary.

1.4 Storing Data:

Pupil data is held for as long as the pupil attends St Marylebone CE Bridge School. We may also keep it beyond this date if this is necessary in order to comply with our legal obligations.

SMBS has adopted the framework suggested by the DfE on Pages 54 to 62 of Data Protection: A Toolkit for Schools. An example of this guidance instructs us to remove data elements related to behaviour within one year of a pupil leaving SMBS, whilst it details that schools should retain safeguarding information until a pupil reaches the age of 25. Please see the DfE guidance for further information.

1.5 Accuracy of Information:

The school will provide an updated copy of the data capture, permissions and consent forms for all new pupils who join SMBS. Furthermore, on a yearly basis the school will provide all parents with a copy of the data we hold in our school management system to check for accuracy. The school can only maintain data items such as parent phone numbers if we are updated when they change. We ask all parents to assist in this by providing up to date information whenever necessary.

2. Sharing of Information

2.1 Who do we share with?

 We do not share information about our pupils or parents without their being a legal bases for doing so, or without consent being provided. It is our policy to maintain a database of all organisations we work with, our reasons for sharing information with them and the legal basis for this sharing, or that consent has been received.

2.2 Legal Obligation:

 We are required to share information about our pupils with our local authority and the DfE under section 3 of The Education Regulations 2013. This data sharing underpins school funding and educational attainment policy and monitoring. The sharing of this data is covered by our legal obligation, these organisations include:

Local Authorities

The Department for Education (DfE)

2.3 Public Task:

The school shares data with other providers as a public task, which allows us to undertake actions to in order for the school to run properly. This enables us to fulfil our duty to each young person to ensure pupils’ needs are being fully met and the correct services are being provided. Different types of data will be shared depending on the type of roll these organisations have. These organisations/groups include:

  • Speech & Language Therapists through both our own and NHS or local authority commissioned services (if required within an EHCP).
  • Occupational Therapists or Physiotherapists through NHS or local authority commissioned services (if required within an EHCP).
  • Virtual Schools (for Looked After Children).
  • Examining Bodies (i.e. AQA and Edexcel)
  • Our Regulator (i.e. Ofsted)
  • The School Nurse (for specific areas of need).
  • The pupil’s family and representatives.
  • Youth support services through the local authority or commissioned services for pupils aged 13 and over.
  • A school/college/sixth form that the pupil is attending after leaving SMBS.
  • SIMS.
  • Joskos who manage the school’s computer network.
  • LgFL who manage the school’s network filter.
  • Education Business Partnership who provide the school’s work experience programme.
  • Classroom Monitor who provide the assessment system that the school uses to track progress.
  • Catering Academy who provide school lunches on site and require allergy/medical information.

2.3 Vital Task:

In an emergency, the school will engage with other providers through our vital interest, which allows us to undertake actions to protect someone’s life. The most likely scenario would be sharing pupil information with a paramedic if a pupil is admitted to hospital or sharing personal data to The Metropolitan Police in an emergency.

2.3 Legitimate Interest:

The school will, from time to time, engage with services that will support the education of a pupil. Although these areas could reasonably be assumed to be a legitimate interest, there are occasions where a pupil’s personal information (name/date of birth) may be required for registration or to set up an account. Parents and pupils have a choice as to whether their data is shared with these organisations, so we have listed all of these current providers below and where appropriate we have asked for specific consent to share basic pupil information. Any organisations we have worked with in the past (or intend to work with) may also be listed here. Consent will be sought if/when the school engages with this service again.

  • Mathswatch
  • Accelerated Reader
  • Class Dojo
  • London Youth Games
  • Optional NHS Services (i.e. vaccinations and dental inspections)
  • Westminster Sports Unit
  • Cycle Active (currently not engaged with this service)
  • Job Explorer Database (JED)

3. Formal Data Collection

3.1 Data collection requirements:

 The school has a duty to share certain data through a termly census. To find out more about the data collection requirements placed on us by the Department for Education please visit

3.2 The National Pupil Database (NPD):

The NPD is owned and managed by the DfE and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the DfE. It is held in electronic format for statistical purposes.

This information is securely collected from a range of sources including school, local authorities and awarding bodies.

We are required, by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of the information is then stored in the NPD. The law that allows this is the Education (Information about Individual Pupils) (England) Regulations 2013.

To find out more about the pupil information we share with the department, for the purpose of data collections, go to

To find out more about the NPD go to

The DfE may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:

  • Conducting research or analysis
  • Producing statistics
  • Providing information, advice or guidance

4. Access and Rights

4.1 Requesting access to your personal data and your rights:

 Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request, known as a Subject Access Request, for your personal information, or be given access to your child’s educational record, contact the school office in person, by email on where your query will be dealt with by the Data Protection Officer.

If you make a subject access request, and if we do hold information about you or your child, we will:

  • Give you a description of it.
  • Tell you why we are holding and processing it, and how long we will keep it for.
  • Explain where we got it from, if not from you or your child.
  • Tell you who it has been, or will be, shared with.
  • Let you know whether any automated decision-making is being applied to the data, and any consequences of this.
  • Give you a copy of the information in an intelligible form.

4.2 Your additional rights:

 Under data protection law, individuals have certain rights regarding how their personal data is used and kept safe, including the right to:

  • Object to processing of personal data that is likely to cause, or is causing, damage or distress.
  • Prevent processing for the purpose of direct marketing.
  • Object to decisions being taken by automated means.
  • In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed.
  • Claim compensation for damages caused by a breach of the Data Protection regulations.

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us via telephone or email in the first instance. You may also contact the Information Commissioner’s Office directly at

5. Contact Us

The St Marylebone CE Bridge School
Herries Street
W10 4LE

Telephone: 020 3693 4752

Herries Street, London, W10 4LE

020 3693 4752