ELATT | Data Protection Privacy Notice
 

 Current Students

Full 1
Data Protection Privacy Notice
for Students and Parents

How we use student and parent information.

The categories of student information that we collect, hold and share include

  • Personal information (such as name, unique student number and address)
  • Nominated next of kin contact information (name, phone number)
  • Characteristics (such as ethnicity, language, nationality, health and life experiences likely to affect learning, childcare needs, country of birth and free ELATT meal eligibility)
  • Attendance information (such as sessions attended, number of absences and absence reasons)
  • Educational Performance (such as reports and exam grades)
  • Destinations where students go after leaving us
  • Relevant medical information

The categories of parent information that we collect is limited to name and contact information (phone numbers, address and email etc). Any additional information disclosed to us is held only if it is relevant to the support of their child (16-18 olds). 

Why we collect and use this information

We use the student and parent data: 

  • to support student learning
  • to monitor and report on student progress
  • to safeguard our students, provide appropriate pastoral care and ensure their safety and wellbeing
  • to assess the quality of our services and ensure continuous improvement
  • to comply with the law regarding data sharing
  • to comply with the funder regulations: Education and Skills Funding Agency, an Executive Agency of the Department for Education, Cheylesmore House, Quinton Road, Coventry, CV1 2WT (“the ESFA"); Department for Education; Greater London Authority; Home Office; Local Authorities; and others; and claim the necessary funding to keep education free of charge or at a subsidised rate.

The lawful basis on which we use this information

We collect and use student and parent information under Articles 6 and 9 of the General Data Protection Regulation. In particular, we process information where that processing is (i) necessary for compliance with a legal obligation to which ELATT is subject, including the legitimate purpose of ensuring the safety and wellbeing of our students, (ii) where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in ELATT, (iii) where the data subject has given consent to the processing of his or her personal data for specific purposes or (iv) where processing is necessary in order to protect the vital interests of the data subject or of another natural person.

For special category data we collect and use student information where the processing is necessary for the reasons of substantial public interest, respects the essence of the right to data protection and provides for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.

Collecting student information

Whilst the majority of student and parent information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain student information to us or if you have a choice in this.

Storing student data

We hold student data for the duration of their education at ELATT and afterwards depending on the funding Page 2 of 6 contractual instructions. Parental information is held within the student information. All information is held within a secure filing cabinet or in password protected electronic files / Pro-Suite and Pro-Achieve systems. Before leaving ELATT, students have the opportunity to leave future contact information in order to become part of the Alumni database.  

Why we share student information

We do not share information about our students or parents with anyone without consent unless the law and our policies allow us to do so.

Who we share student information with (with students' consent)

In specific circumstances, we may share student information with these organisations:

  • Providers and Universities that the students attend after leaving us
  • Local Authorities (Hackney, Tower Hamlets, Newham and others)
  • Job Centre Plus
  • Employers and employment agencies
  • Department for Education (DfE)
  • Greater London Authority (GLA)
  • Home Office
  • HMRC
  • Exam Boards
  • Health Professionals
  • Police
  • ELATT Enrichment Programme Providers
  • Institute for Employment Studies on behalf of Youth Futures Foundation

We share information with contractors and suppliers who provide the following services:

Our Funders 
We share students’ data with the Department for Education (DfE), ESFA, Home Office, Lottery and Local Authorities on a statutory basis. This data sharing underpins ELATT funding and educational attainment policy and monitoring. We are required to share information about our students with the DfE under regulation 5 of The Education (Information About Individual Pupils) (England) Regulations 2013.

Asylum Migration and Integration Fund (AMIF) funded participants 
Project Name: Community Skills 2, 1st September 2020 to 31st December 2022
Project Name: Community Skills, 1st August 2019 to 31st August 2020
Project Name: Refugee Community Makers, 1st September 2018 to 31st August 2020
We will share your data with the UKRA and their independent evaluator. We are collecting this data for for monitoring, audit and evaluation of the AMIF fund process.
Your data will not be shared with any other part of the Home Office apart from the project evaluator.
Please see this link.

Pro-Suite (Management Information System (MIS) provider)
We share student and parent personal data with Pro-Suite when necessary to correct ILR submissions.

Transport For London - TFL (for obtaining Oyster Discount Cards) 
We share student personal data with TFL to enable them to obtain travel discounts, at their request.

Exam Boards 
We share student personal data with exam boards to facilitate legal obligation to provide examinations.

ELATT Enrichment Providers 
We share student personal data with ELATT enrichment providers engaged in providing ELATT trips / visits in order for them to process travel arrangements and may include sensitive medical information in order to keep students safe whilst on ELATT organised trips / visits.

Suppliers of Email, Internet and IT services 
We use email and IT services to enable the ELATT to administer communication both internally and externally and facilitate the smooth running of the ELATT. Where necessary external IT suppliers will access systems to provide support and fix issues. In all instances there will be a data protection agreement in place to safeguard information on the systems they are accessing.

Data collection requirements

To find out more about the data collection requirements placed on us by the Department for Education go here (16-19 year olds) and ESFA (for adult students) go here.

Youth support services

We will also share certain information about students aged 16+ with our local authority and / or provider of youth support services as they have responsibilities in relation to the education or training of 16-19 year olds under section 507B of the Education Act 1996. This enables them to provide services as follows: 

  • post-16 education and training providers
  • youth support services
  • social services
  • careers advisers
  • Institute for Employment Studies on behalf of Youth Futures Foundation

For more information about services for young people, please visit the Hackney local authority website.

The National Pupil Database (NPD) 16-18 olds

The NPD is owned and managed by the Department for Education and contains information about students in England. It provides evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including ELATT, local authorities and awarding bodies. We are required by law to provide information about our students to the DfE as part of statutory data collections such as the ELATT census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.

To find out more about the NPD, go here.

The department may share information about our students from the NPD with third parties who promote the education or well-being of children in England by:

  • conducting research or analysis 
  • producing statistics 
  • providing information, advice or guidance

The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:

  • who is requesting the data 
  • the purpose for which it is required 
  • the level and sensitivity of data requested: and 
  • the arrangements in place to store and handle the data 

To be granted access to student information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data. For more information about the department’s data sharing process, please visit this page.

For information about which organisations the department has provided student information, (and for which project), please please visit this website.

To contact DfE, click here.

ESFA Processing, Personal data and Data Subjects (THE SECRETARY OF STATE FOR EDUCATION acting through the Education and Skills Funding Agency an Executive Agency of the Department for Education of Cheylesmore House, Quinton Road, Coventry, CV1 2WT (“the ESFA"); for adult students

ESFA Description Details

Subject matter of the Processing
The subject matter is the personal data of Learners on education or training programmes administered by the ESFA that are subject to this Agreement as defined in the ESFA privacy notice and ILR specification and its appendices.

ESFA Privacy NoticeIndividualised Learner Record

Duration of the Processing 
The duration of the Processing covers the academic year data returns to the ESFA as defined in Appendix A of the ILR specification to enable funding and audit of the learning programmes defined in this Agreement.

Individualised Learner Record

Nature and purposes of the Processing 
The nature and purposes of the processing is defined in the ESFA privacy notice.

ESF Privacy Notice

The processor will be required to submit the data to the ESFA as set out in Clause 16 Submission of Learner Data of the Contract.
 
Type of personal data 
The personal data to be processed is defined in the ILR specification. 

Individualised Learner Record

Categories of data subject 
The data subjects are Learners on education or training programmes administered by the ESFA that are subject to this Agreement. 
 
Description Details 
Retention and destruction of the data once the processing is complete UNLESS requirement under union or member state law to preserve that type of data Information on how the data must be supplied to the ESFA is detailed in the ILR specification and its appendices.

Individualised Learner Record

For the purposes of the DfE as a data controller of the data, providers are required to retain the data for the funding and audit purposes 6 years from the end of the financial year in which the last payment is made under the Contract for the specific student.

For the purposes of the Department for Work & Pensions as a data controller, where Learner data is used as match on the 2007-13 ESF programme, the data must be retained securely until at least 31 December 2022 and where Learner data is used as match on the 2014-20 ESF programme, the data must be retained securely until 31st December 2030.

The Contractor (and any other data controller) is responsible for determining any further need to process the data, including its retention, prior to secure destruction.

Requesting access to your personal data

Under data protection legislation, parents and students have the right to request access to information about themselves. To make a request for your personal information, or be given access to your child’s educational record, contact Mia Wylie, Data Protection Officer  (mia@elatt.org.uk).

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing 
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations

Concerns

If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office here.

Contact

If you would like to discuss anything in this privacy notice, please contact:

Mia Wylie, Data Protection Officer

or to the address below:

260 Kingsland Road, London, E8 4DG

Review and Update

This privacy notice is reviewed annually. It was last updated in September 2021.