for Students and Parents
How we use student and parent information.
How we use student and parent information.
The categories of parent information that we collect is limited to name and contact information (phone numbers, address and email etc). Any additional information disclosed to us is held only if it is relevant to the support of their child (16-18 olds).
We use the student and parent data:
We collect and use student and parent information under Articles 6 and 9 of the General Data Protection Regulation. In particular, we process information where that processing is (i) necessary for compliance with a legal obligation to which ELATT is subject, including the legitimate purpose of ensuring the safety and wellbeing of our students, (ii) where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in ELATT, (iii) where the data subject has given consent to the processing of his or her personal data for specific purposes or (iv) where processing is necessary in order to protect the vital interests of the data subject or of another natural person.
For special category data we collect and use student information where the processing is necessary for the reasons of substantial public interest, respects the essence of the right to data protection and provides for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
Whilst the majority of student and parent information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain student information to us or if you have a choice in this.
We hold student data for the duration of their education at ELATT and afterwards depending on the funding Page 2 of 6 contractual instructions. Parental information is held within the student information. All information is held within a secure filing cabinet or in password protected electronic files / Pro-Suite and Pro-Achieve systems. Before leaving ELATT, students have the opportunity to leave future contact information in order to become part of the Alumni database.
We do not share information about our students or parents with anyone without consent unless the law and our policies allow us to do so.
In specific circumstances, we may share student information with these organisations:
We share information with contractors and suppliers who provide the following services:
We share students’ data with the Department for Education (DfE), ESFA, Home Office, Lottery and Local Authorities on a statutory basis. This data sharing underpins ELATT funding and educational attainment policy and monitoring. We are required to share information about our students with the DfE under regulation 5 of The Education (Information About Individual Pupils) (England) Regulations 2013.
Asylum Migration and Integration Fund (AMIF) funded participants
Project Name: Community Skills 2, 1st September 2020 to 31st December 2022
Project Name: Community Skills, 1st August 2019 to 31st August 2020
Project Name: Refugee Community Makers, 1st September 2018 to 31st August 2020
We will share your data with the UKRA and their independent evaluator. We are collecting this data for for monitoring, audit and evaluation of the AMIF fund process.
Your data will not be shared with any other part of the Home Office apart from the project evaluator.
Please see this link.
Pro-Suite (Management Information System (MIS) provider)
We share student and parent personal data with Pro-Suite when necessary to correct ILR submissions.
Transport For London - TFL (for obtaining Oyster Discount Cards)
We share student personal data with TFL to enable them to obtain travel discounts, at their request.
We share student personal data with exam boards to facilitate legal obligation to provide examinations.
ELATT Enrichment Providers
We share student personal data with ELATT enrichment providers engaged in providing ELATT trips / visits in order for them to process travel arrangements and may include sensitive medical information in order to keep students safe whilst on ELATT organised trips / visits.
Suppliers of Email, Internet and IT services
We use email and IT services to enable the ELATT to administer communication both internally and externally and facilitate the smooth running of the ELATT. Where necessary external IT suppliers will access systems to provide support and fix issues. In all instances there will be a data protection agreement in place to safeguard information on the systems they are accessing.
We will also share certain information about students aged 16+ with our local authority and / or provider of youth support services as they have responsibilities in relation to the education or training of 16-19 year olds under section 507B of the Education Act 1996. This enables them to provide services as follows:
For more information about services for young people, please visit the Hackney local authority website.
The NPD is owned and managed by the Department for Education and contains information about students in England. It provides evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including ELATT, local authorities and awarding bodies. We are required by law to provide information about our students to the DfE as part of statutory data collections such as the ELATT census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.
To find out more about the NPD, go here.
The department may share information about our students from the NPD with third parties who promote the education or well-being of children in England by:
The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
To be granted access to student information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data. For more information about the department’s data sharing process, please visit this page.
For information about which organisations the department has provided student information, (and for which project), please please visit this website.
To contact DfE, click here.
Subject matter of the Processing
The subject matter is the personal data of Learners on education or training programmes administered by the ESFA that are subject to this Agreement as defined in the ESFA privacy notice and ILR specification and its appendices.
Duration of the Processing
The duration of the Processing covers the academic year data returns to the ESFA as defined in Appendix A of the ILR specification to enable funding and audit of the learning programmes defined in this Agreement.
Nature and purposes of the Processing
The nature and purposes of the processing is defined in the ESFA privacy notice.
The processor will be required to submit the data to the ESFA as set out in Clause 16 Submission of Learner Data of the Contract.
Type of personal data
The personal data to be processed is defined in the ILR specification.
Categories of data subject
The data subjects are Learners on education or training programmes administered by the ESFA that are subject to this Agreement.
Retention and destruction of the data once the processing is complete UNLESS requirement under union or member state law to preserve that type of data Information on how the data must be supplied to the ESFA is detailed in the ILR specification and its appendices.
For the purposes of the DfE as a data controller of the data, providers are required to retain the data for the funding and audit purposes 6 years from the end of the financial year in which the last payment is made under the Contract for the specific student.
For the purposes of the Department for Work & Pensions as a data controller, where Learner data is used as match on the 2007-13 ESF programme, the data must be retained securely until at least 31 December 2022 and where Learner data is used as match on the 2014-20 ESF programme, the data must be retained securely until 31st December 2030.
The Contractor (and any other data controller) is responsible for determining any further need to process the data, including its retention, prior to secure destruction.
Under data protection legislation, parents and students have the right to request access to information about themselves. To make a request for your personal information, or be given access to your child’s educational record, contact Mia Wylie, Data Protection Officer (email@example.com).
You also have the right to:
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office here.
If you would like to discuss anything in this privacy notice, please contact:
or to the address below:
This privacy notice is reviewed annually. It was last updated in September 2021.