Personal information charter

The standards you can expect from the Department for Education (DfE) when we collect, hold or use your personal information.

---

Department
for Education

We will follow all applicable UK data protection laws in how we treat your personal information.

Your rights

When DfE collects, holds, uses or processes your personal information, you have a right to be told:

• what the data is being used for
• why we’re legally able to process your data (also called the ‘lawful basis for processing’)
• how long we will keep your data
• who we will share it with
• whether it will be transferred or accessed outside the UK, and what legal protection it will have
• who our Data Protection Officer is
• about any rights you have, including the right to access your information or to object to its being used
• about your right to complain to the Information Commissioner if you feel that your personal information has been mishandled

You are also entitled to have your personal information:

• protected and kept secure
• kept accurate and up to date
• not used for purposes which are incompatible with those for which it was collected
• kept only for as long as it is needed for the purpose for which it was collected (unless it must be kept as part of the historic record)

How and why we get personal information

We collect your personal data where the law allows, or we have a legal duty to do so. We may also receive your personal data from third parties, including other government departments. Your personal data is collected to enable us to carry out our functions.

The lawful basis we often rely on for processing your personal data is to perform our public task. We may also rely on the following lawful bases:

• your consent – where this is relied upon, you can ask to remove your consent at any time - you can do this by using our online contact form
• a contractual obligation
• a legal obligation
• to protect a person’s vital interest
• legitimate interest

Make a subject access request

You have the right to ask for access to your personal information, known as a subject access request. You’re entitled to ask us, or any of our executive agencies:

• for a copy of your personal data and details of its source
• if we’re processing your personal data and how long we’ll store it for
• for a description of the data we hold about you
• the reasons we’re holding it and anyone we may share it with, for example, Ofsted
• to change the information we hold about you if it’s wrong
• to exercise your information rights
• the categories of personal data we’re processing
• the categories of recipient we may share your data with (including in third countries or international organisations)
• your right to make a complaint to the Information Commissioner’s Office or another supervisory authority
• about automated decision-making (including profiling) and information about the logic involved, as well as the significance and potential consequences of the processing for the individual
• the processes in place to protect your data if it is transferred to a third country or international organisation

Request personal information about your learning

You can request information about your learning, such as:

• further education and work-based learning data collected in the individualised learner record (ILR)
• higher education records collected by the Higher Education Statistics Authority
• pupil attainment, pupil characteristics (including address information), and some social service information held in the national pupil database

The data held within the national pupil database is from 2002 onwards. However, we hold some attainment data, which is limited in quality and quantity, for:

• Key Stage 1 (primary pupils aged 5 to 7 years) from 1998 onwards
• Key Stage 2 (primary pupils aged 7 to 11 years) from 1996 onwards

We do not cover all educational establishments and do not cover Welsh schools.

Requesting a copy of your personal learning record

Your personal learning record records general and vocational qualifications such as:

• QCF
• A levels
• GCSEs
• BTEC
• diplomas and functional skills

If you want to view a copy of your personal learning record it’s best to approach your learning provider first. It’s normally quicker to take this approach.

If your learning provider cannot help you, you can request a copy of your personal learning record. You must make this request by email.

Requests from children

Children have the same rights as adults over their data but we may have to make an assessment of competency if they are under the age of 12.

Requests from parents

If your child is under the age of 12 or is deemed not to be competent you can make a request on behalf of your child. You’ll be asked to confirm parental responsibility.

Request personal information as a teacher

If you are a teacher you can ask for any personal information that we hold on you, such as:

• your qualified teacher status (QTS)
• teacher misconduct outcomes
• teacher pensions data

Request personal information after raising a complaint

If you’ve made a complaint about a school or further education setting you can request a copy of your case file.

You can also request a copy of your case file if you’ve made a service complaint about the department or any of its executive agencies.

Request other personal information

You can also ask for personal information relating to:

• academy funding
• complaints about schools or academies
• complaints about ESFA

How to make a subject access request

To make a subject access request you can use the DfE contact form.

Alternatively, you can make a subject access request in writing. Post your request to:

Data Protection Officer
Department for Education (B2.28)
7 & 8 Wellington Place
Wellington Street
Leeds
LS1 4AW

Include as much information as you can about what information you need and the years you need the information for. If possible tell us which part of the department holds the information. You’ll also need to tell us your telephone number and address.

We may need to check your identity and your right to access the information you’re requesting. This means we might ask for a copy of the identification pages of your passport or photo driving licence and proof of your current address.

We’ll try to respond to your request within 1 month. However, if your request is complex we may extend the period by a further 2 months, but we’ll tell you if this is the case.

DfE privacy notices

For the purposes of the Data Protection Act, DfE is the data controller for any personal data you supply to us. A data controller determines how and why personal data is processed.

The DfE privacy notices explain how specific public-facing DfE services handle your information.

Privacy notices for Key Stages 1 to 4

• DfE Key Stage 1 to 4 privacy notice
• Get Information about Schools
• Maths Hubs
• National pupil database (NPD)
• Pupil parent matched data (PPMD)
• School census
• System leadership designations (school improvement and system leadership division of DfE)

Privacy notices for Key Stage 5 and adult education

• DfE Key Stage 5 and adult education privacy notice
• Individualised Learner Record (ILR)
• Learning Records Service (LRS)
• Longitudinal Education Outcomes (LEO)
• National Careers Service
• Manage apprenticeship service and apprenticeship website

Teaching privacy notices

• Apply for teacher training
• Get Into Teaching
• Get support for overseas teachers privacy notice
• Register trainee teachers
• Teach First (DfE is a Joint Controller)
• Teaching vacancies service

Other DfE privacy notices

• Intercountry adoption: information for adoption agencies

Agencies and arm’s length bodies’ privacy notices

DfE is Data Controller for these executive agencies:

• Education and Skills Funding Agency privacy notice – see the DfE Key Stage 5 and adult education privacy notice
• Standards and Testing Agency (STA) - who have the following privacy notices:
  • Primary assessment gateway
  • STA markers and coders
  • Expert review survey
• Teaching Regulation Agency - who have the following privacy notices:
  • Teacher misconduct privacy notice for teachers
  • Teacher misconduct privacy notice for witnesses
  • TRA helpdesk privacy notice

These DfE arm’s length bodies are data controllers in their own right, their personal information charters or privacy notices set out the reasons for holding the personal data:

• Construction Industry Training Board
• Engineering Construction Industry Training Board
• Independent Review Mechanism
• Institute for Apprenticeships and Technical Education
• LocatED
• Office for Students
• Office of the Children’s Commissioner
• Office of the Schools Adjudicator
• Ofsted
• Ofqual
• Social Work England
• Student Loans Company

How to contact us

Contact the DfE Data Protection Team if you:

• have any questions about anything in this document
• think that your personal data has been misused or mishandled

The role of the Data Protection Officer is to make sure we’re compliant with data protection laws.

You can contact the Data Protection team and the Data Protection Officer at:

Data Protection Officer
Department for Education (B2.28)
7 & 8 Wellington Place
Wellington Street
Leeds
LS1 4AW

Email: dataprotection.office@education.gov.uk

If you need to contact us for anything else, use the DfE contact form.

If you are unable to complete the contact form, please write to:

Department for Education
Piccadilly Gate
Store Street
Manchester
M1 2WD
United Kingdom

Independent advice on data protection and privacy

Contact the Information Commissioner for independent advice about data protection, privacy and data-sharing issues.

Information Commissioner’s Office

Email icocasework@ico.org.uk

ICO contact form

Telephone 0303 123 1113

Textphone 01625 545 860