Message sent from:


The EU General Data Protection Regulation (GDPR) is a new data protection law, which will replace the existing EU laws. It aims to strengthen the protection of “personal data” paying particular attention to the way that data is now used and shared through internet and cloud technologies.

The EU wants to give people more control over how their data is used, whilst making a simpler, clearer a legal framework for organisations who manage, control and process people’s data.


Oak Farm Infant School and GDPR

Here at Oak Farm Infant School, we have been working hard to ensure we are fully GDPR compliant in time for this landmark privacy law.

This includes our role as 'data controllers' for the information we hold on our customers as well as 'data processors' for the data our customers hold within our solutions. Please see below for the full details of our arrangements at Oak Farm Infant School.

If you have not already done so, please return the two forms sent out with every child before the May half-term break regarding GDPR.
If you did not receive the GDPR forms please request copies from the school office.

  • Our Committment to GDPR

    Oak Farm Nursery & Infant School May 2018

    GDPR Privacy Notice for Parent/Carer

    Schools are currently required to inform pupils and their families about how their personal data may be collected and used. This requirement will remain once the General Data Protection Regulation (GDPR) comes into effect on 25th May 2018.

    Who processes your information?

    Oak Farm Nursery & Infant School is the data controller of the personal information you provide to us. This means the school determines the purposes for which, and the manner in which, any personal data relating to pupils and their families is to be processed. Mrs J Sweeney acts as a representative for the school with regard to its data controller responsibilities; they can be contacted on 01895 234375 or head@oakfarm-inf.hillingdon.sch.uk.

    In some cases, your data will be outsourced to a third party processor; however, this will only be done with your consent, unless the law requires the school to share your data. Where the school outsources data to a third party processor, the same data protection standards that Oak Farm Nursery & Infant School upholds are imposed on the processor.

    turnITon is the data protection officer. Their role is to oversee and monitor the school’s data protection procedures, and to ensure they are compliant with the GDPR. The data protection officer can be contacted on 01895 597620 (option 3) or dpo@turniton.co.uk.

    Why do we collect and use your information?

    Oak Farm Nursery & Infant School holds the legal right to collect and use personal data relating to pupils and their families, and we may also receive information regarding them from their previous school, LA and/or the DfE. We collect and use personal data in order to meet legal requirements and legitimate interests set out in the GDPR and UK law, including those in relation to the following:

    • Article 6 and Article 9 of the GDPR
    • Education Act 1996
    • Section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013

    In accordance with the above, the personal data of pupils and their families is collected and used for the following reasons:

    • To support pupil learning
    • To monitor and report on pupil progress
    • To provide appropriate pastoral care including SEND provision and Safeguarding
    • To assess the quality of our service
    • To comply with the law regarding data sharing
    • To keep children safe (food allergies/emergency contact details)
    • To meet the statutory duties placed upon us for DfE data collections

    Which data is collected?

    The categories of pupil information that the school collects, holds and shares include the following:

    • Personal information – e.g. names, pupil numbers and addresses
    • Characteristics – e.g. ethnicity, language, nationality, country of birth and free school meal eligibility
    • Attendance information – e.g. number of absences and absence reasons
    • Assessment information – e.g. national curriculum assessment results  
    • Relevant medical information
    • Information relating to SEND
    • Behavioural information – e.g. number of temporary exclusions
    • Safeguarding

    Whilst the majority of the personal data you provide to the school is mandatory, some is provided on a voluntary basis. When collecting data, the school will inform you whether you are required to provide this data or if your consent is needed. Where consent is required, the school will provide you with specific and explicit information with regards to the reasons the data is being collected and how the data will be used.  

    How long is your data stored for?

    Personal data relating to pupils at Oak Farm Nursery & Infant School and their families is stored in line with the school’s Data Protection Policy and Retention Management Policy.

    In accordance with the GDPR, the school does not store personal data indefinitely; data is only stored for as long as is necessary to complete the task for which it was originally collected.

    Will my information be shared?

    The school is required to share pupils’ data with the DfE on a statutory basis, this includes the following:

    • End of Key Stage Assessment Data
    • School Census

    The National Pupil Database (NPD) is managed by the DfE and contains information about pupils in schools in England. Oak Farm Nursery & Infant School is required by law to provide information about our pupils to the DfE as part of statutory data collections, such as the school census; some of this information is then stored in the NPD. The DfE may share information about our pupils from the NDP with third parties who promote the education or wellbeing of children in England by:

    • Conducting research or analysis
    • Producing statistics
    • Providing information, advice or guidance

    The DfE has robust processes in place to ensure the confidentiality of any data shared from the NDP is maintained.

    Oak Farm Nursery & Infant School will not share your personal information with any third parties without your consent, unless the law allows us to do so. The school routinely shares pupils’ information with:

    • Capita SIMS-pupil database
    • Pupils’ destinations upon leaving the school
    • The LA: including SEND, Safeguarding, Admissions Team, Performance and Intelligence Team
    • The NHS: School Nurses
    • Granary Childcare after school care provider
    • After School Clubs CP Soccer, Futunity, SHSSN Sport Network, La Jolie Ronde,

    The information that we share with these parties includes the following:

    • Pupil School record electronic/paper copy
    • EHCP information, Pupil safeguarding referrals, Pupils data starters/leavers, Assessment data, ,   
    • Pupil names, Address, DoB, Gender, Ethnicity for medical checks  

    What are your rights?

    Parents and pupils have the following rights in relation to the processing of their personal data.

    You have the right to:

    • Be informed about how Oak Farm Nursery & Infant School uses your personal data.
    • Request access to the personal data that Oak Farm Nursery & Infant School holds.
    • Request that your personal data is amended if it is inaccurate or incomplete.
    • Request that your personal data is erased where there is no compelling reason for its continued processing.
    • Request that the processing of your data is restricted.
    • Object to your personal data being processed.

    Where the processing of your data is based on your consent, you have the right to withdraw this consent at any time.

    Please click here for a copy of the Oak Farm Nursery & Infant School GDPR Privacy Notice for Parent/Carer.

    If you have a concern about the way Oak Farm Nursery & Infant School and/or the DfE is collecting or using your personal data, you can raise a concern with the Information Commissioner’s Office (ICO). The ICO can be contacted on 0303 123 1113, Monday-Friday 9am-5pm.


    The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy. The ICO website outlines the GDPR policy in full detail.