The King's (The Cathedral) School


Privacy Notice for Students

We collect the following information about you:

  • Personal identifiers (such as name, date of birth, unique pupil number, candidate or examination numbers and contact details)
  • Characteristics (such as ethnicity, language, religious beliefs and free school meal eligibility)
  • Safeguarding information (such as court orders and professional involvement)
  • School travel arrangements
  • Medical and administration (such as doctors information, child health, dental health, allergies, medication and dietary requirements)
  • Educational file
  • Special educational needs (including the needs and ranking)
  • Attendance (such as sessions attended, number of absences, absence reasons and any previous schools attended)
  • Educational performance, attainments and achievements
  • Behavioural information (such as exclusions and any relevant alternative provision put in place)
  • Fingerprints to enable you to use our library services
  • Photographs and video recordings of you and your work (such as official school photographs, classwork activities, performances or events, school trips and sports days)
  • Your image captured on our CCTV system when you are on school premises
  • Your consent preferences

We need this information to:

  • Assess your eligibility to attend our school and process your admission
  • Support your learning and help you reach your educational goals
  • Monitor and report on your progress, attainment, attendance and behaviour
  • Help us build a picture of your educational, social and health needs, so we can support you
  • Provide you with catering, library, ICT and learning resources
  • Communicate with you regarding homework and other important school matters
  • Keep you and other children safe (food allergies, emergency contacts, professional involvement)
  • Assess your eligibility for funding, bursaries and grants
  • Comply with our laws regarding data sharing
  • Help crime prevention, detection and public safety
  • Respond to complaints, grievances and discipline investigations
  • Assess the quality of our services
  • Meet our legal duties placed upon us by the Department for Education

Who we share information with

We share information with a range of organisations, companies and agencies, where it is necessary for us to carry out our legal responsibilities and duties as a school. We only share information about you where it is strictly necessary for us to do so, and the law and our policies allow us to do this. The following are examples of who we share information with:

Department for Education (DfE)
We are required to share information about our pupils with the DfE (this is known as the ‘school census’), either directly or via our local authority, so the DfE can carry out their statutory duties regarding data collections. Our duty to share this information comes under regulation 3 of The Education (Information About Individual Pupils) (England) Regulations 2013.

Find out more

  • For school census and our data collection requirements visit the DfE website here
  • Much of the data about pupils in England goes on to be held in the National Pupil Database (NPD). To find out more about the NPD, visit their website here
  • The law allows the DfE to share student data with certain third parties. For more information about the DfE’s data sharing process, visit their website here
  • To find out which organisations the DfE has provided student information to, visit their website here
  • To find out how the DfE collects and shares student data for research purposes, visit their website here

Our Local Authority – School Admission and Safeguarding Teams
We have a legal requirement to share certain information about our students, with our local authority, to ensure that they can carry out their statutory duties under the Schools Admission Code, including conducting Fair Access Panels.

We may also be required to share child protection or safeguarding information with them, so we can carry out our statutory duties under section 11 of the Children’s Act 2004 (duty to safeguard and promote the welfare of children) and to enable the local authority to carry out their duties under section 47 of the Children’s Act 1989 (duty to investigate and take action to safeguard children).

Educational Psychologists, School Nurses and Health Visitors
We may share information about a student with educational psychologists, health workers (such as the school nurse), social workers or other professionals, to ensure the student receives the appropriate health, educational or wellbeing support they need. Sharing in these instances, will usually be carried out with the consent of the parent/carer.

Other Schools when a Student leaves us
We are required to share a student’s Common Transfer File and educational record with their next school when they leave us. We are also required to share a student’s ‘curricular record’ with the student’s intended school, upon request. We are required to share this data under The Education (Pupil Information) (England) Regulations 2005.

If the school has a concern about the safety of a student, it has a duty to share relevant information with the next school, in order to safeguard that student or others. The school complies with the HM Government ‘Information Sharing Advice for Practitioners Providing Safeguarding Services to Children, Young People, Parents and Carers’ (July 2018), whenever it shares personal data. Further information about our information sharing practices can be found on our Safeguarding page at:  The King's School - Child Protection & Student Welfare

Examination Boards and Moderators
We are required to share information about our students with examination boards and moderators, so they can enter our students into exams, make accessibility arrangements for them where required, mark their work and issue their grades.

We may be required to support an Ofsted inspection, where an inspector asks to see a sample of the school’s records. These records could identify a student. Any personal information the inspector may see, will not be taken away or used in their reports.

Youth Support Services and Careers Advisors
Once our students reach the age of 13, we must share certain information with our local authority and / or provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds, under section 507B of the Education Act 1996. This enables them to provide youth support services and careers advisors.

A parent or guardian can object to any information in addition to their child’s name, address and date of birth being passed to their local authority or provider of youth support services by informing us. This right is transferred to the student once they reach the age of 16.

We must also share certain information about students aged 16+ with our local authority and / or provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996. This enables them to provide post-16 education and training providers, youth support services and careers advisers.

When a student reaches the age of 16, they can object to only their name, address and date of birth being passed to their local authority or provider of youth support services, by informing us. For more information about services for young people, please visit our local authority website at

Police and Law Enforcement Agencies
We may be required to share information about any person we hold information about, to the police or other law enforcement agencies, to assist them in an investigation or to prevent or detect a crime or safeguard individuals at risk.

Service Providers
We use companies that provide us with a service to help us run effectively as a school; the services we often receive are IT support, professional or legal advice, learning or teaching resources, communication services, catering or transport. To receive these services, we sometimes need to share personal information. Further details about our service providers can be found on our website.

Our Legal Basis

The main legal bases we rely on when we process your personal information are as follows:

  • It is necessary for us to perform a task which is in the public interest or to exercise our official duties as a school
    This broad legal basis is applicable to almost all the processing we do involving personal data.
  • It is necessary for compliance with a legal obligation
    This is applicable where a specific law requires us to collect or share personal data. This will include sharing data with the Department for Education (DfE), Her Majesty’s Revenue and Customs (HMRC) or HM Courts and Tribunal Service (e.g. following a court order).
  • The data subject has given their consent
    Consent is not required for most of the processing we do, however, there are occasions when we ask for consent. For example, if we want to publish photographs or videos of pupils/students; collect student fingerprints to provide them with access to our library systems; share data with other organisations or individuals where we are not legally required to share that data. Where we are processing your data with your consent, you have the right to withdraw that consent. If you change your mind, or if you are unhappy with our use of your personal data, please let us know by contacting the school office.
  • The processing is necessary to protect the vital interests of the data subject or someone else
    This is applicable where a person’s life could be at risk and we need to share or make available information to help them. This could involve sharing serious allergy information with staff, paramedics or other medical professionals, or other information requested by the police or social services, to assist them in their enquiries to protect that person.

When we process ‘special category’ data, we must have another legal basis. Special category data is personal data which reveals a person’s racial or ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, genetic data, biometric data (such as fingerprints), health, sex life or sexual orientation. The main legal bases we rely on when we process this type of data is as follows:

  • The data subject has given explicit consent
    This is usually applicable where we ask for health or dietary information about our pupils/students.
  • The processing is necessary for performing any right or obligation which is imposed on the school in relation to social protection law (e.g. safeguarding individuals at risk and protection against unlawful acts)
    This is usually applicable where we are performing our safeguarding duties to protect pupils/students.
  • It is necessary to protect the vital interests of any person where the data subject is physically or legally incapable of giving consent
    This could be relied upon in situations where someone has become seriously ill on our premises and we are asked by medical practitioners (such as paramedics), to share information we know about that person’s health or allergies.
  • The processing is necessary for the establishment, exercise or defence of legal claims
    We may share or use special category data where legal action is being considered or underway.
  • The processing is necessary in the substantial public interest
    This may be relied upon in circumstances such as where our processing is necessary to safeguard children or others at risk or where we respond to requests from the Police or law enforcement bodies, to assist in an investigation to prevent or detect an unlawful act.

This list is not exhaustive.

How we protect your information

We take our security responsibilities seriously in order to protect your personal data from accidental or unlawful access, disclosure, loss, damage or destruction. For example:

  • Access to our data is on a strict need to know basis
  • Our electronic records are held on encrypted servers
  • We use up to date virus and malware protection software; security patches are applied promptly and we back up our data regularly
  • Our sensitive paper files are locked away with restricted access to the keys
  • Our employees, volunteers and governors are subject to Disclosure and Barring Service (DBS) checks and employee contracts contain confidentiality clauses
  • We have policies, procedures and training around data protection, security, record disposal and confidentiality
  • We have strict visitor management security procedures in place
  • We use encrypted email or secure file sharing platforms to share personal data with external organisations
  • We carry out due diligence checks on our service providers and Data Protection Impact Assessments, where required.

Storing Personal Data
The personal information we collect and store is essential for our school’s operational use. We only keep personal information for as long as we need to, and where it is necessary to comply with any legal, contractual, accounting or reporting obligations. After this period, we delete or securely destroy personally identifiable data.
For more information about how long we keep personal data for, see our record retention schedule: The King's School - Data Protection

Overseas Transfers
We store our data in the UK or the European Economic Area (EEA), however some of our service providers may store personal data outside these areas (usually in the USA). We have a contract in place with these data processors, which ensures they process our data securely and in line with our data protection laws.

Your Data Protection Rights
You have the following rights under the data protection laws:

Your Right of Access
You have the right to ask us for copies of your personal data. Students aged 12 and over are usually considered mature enough to make their own request to access their records (unless the contrary is shown). There are some exemptions, which means you may not always receive all the information we process.

Your Right to Rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your Right to Erasure
You have the right to ask us to erase your personal information in certain circumstances.

Your Right to Restriction of Processing
You have the right to ask us to restrict the processing of your information in certain circumstances.

Your Right to Object to Processing
You have the right to object to us processing your information where we consider this is necessary for us to perform a task in the public interest. You can also object to us using your contact details to send you direct marketing or fundraising communications, which you have previously opted-in to receiving.

Your Right to Data Portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under a contract (or in talks about entering into a contract) and the processing is automated.

Your Right to Complain
We work to high standards when it comes to processing your personal information. We hope you will always be happy with the way we handle your information, however if we have not met your expectations, please let us know so we can put things right. To do this, please email the school at If you remain dissatisfied, you have the right to complain to the Information Commissioner’s Office (ICO). The ICO’s contact details are available at Further information about your data protection rights, can be found on the Information Commissioner’s Office website at

Contact Us

There are many ways you can contact us, including by phone, email and post. Our contact details are as follows:

Postal Address: The King’s (The Cathedral) School, Park Road, Peterborough, PE1 2UE

Email Address:

Telephone Number: 01733 751541

If you would like to make a request or complaint, please contact us. You are not required to pay a fee for exercising your rights and we have one month to respond to you.

Data Protection Officer

Our Data Protection Officer (DPO) is Amber Badley, an external consultant appointed under a service contract. If you have any queries about this privacy notice or any matter relating to the handling of your personal data, you can contact our DPO directly at or by writing to the school at our postal address.

Changes to this Privacy Notice

We may need to update this privacy notice periodically, so we recommend that you revisit this information from time to time. This version was last updated in September 2021.