Wolston St Margarets Church of England Primary School

Walston St Margret's
Life at Wolston St Margarets Church of England Primary School Life at Wolston St Margarets Church of England Primary School Life at Wolston St Margarets Church of England Primary School Life at Wolston St Margarets Church of England Primary School Life at Wolston St Margarets Church of England Primary School Life at Wolston St Margarets Church of England Primary School Life at Wolston St Margarets Church of England Primary School


On 25th May 2018 Data protection regulations changed.  This page will show how Wolston St. Margaret's Primary School use and store your data.  It will also give you information about how to access and change the data we hold on you or your child and what consent you will be asked to give.
Wolston St. Margaret's Primary School is registered with the ICO.  Registration reference Z4855491




Privacy Notices


 Consent Forms


How we store Pupil Records


SIMS is our main Management Information System (MIS), which holds all the pupil and parent records. It encompasses all aspects of school management, including:

  • Pupil and parents contact information
  • Attendance and performance informatiom
  • Curricuum and SEND information
  • School meal payments

SIMS privacy notice can be accessed here


Class DoJo

ClassDojo is a communication app for the classroom. It connects teachers, parents, and students who use it to share photos, videos, and messages through the school day. They use ClassDojo to work together as a team, share in the classroom experience, and bring big ideas to life in their classrooms and homes. At Wolston St. Margaret's Primary School, Class Dojo is currently used by all year groups. Pupil details held are first name, second name and dob.

Their privacy notice can be accessed here.


Identifying our Lawful Basis for Processing Data

  • In schools we use public task as your lawful basis for most of your processing. This means that we need to process personal data to carry out your official functions in the public interest.
  • We also use consent for processing data where it's not necessary for you to fulfill your function. This is used when none of the other bases apply, as the standard for getting consent is very high and consent can be withdrawn at any time.

Six principles of Data Protection

There were 8 principles under the DPA and now there are 6. Essentially the same but condensed. Article 5 of the GDPR states that personal data must be:

1) Processed fairly, lawfully and in a transparent manner in relation to the data subject.
2) Collected for specified, explicit and legitimate purposes and not further processed for other purposes incompatible with those purposes.
3) Adequate, relevant and limited to what is necessary in relation to the purposes for which data is processed.
4) Accurate and, where necessary, kept up to date.
5) Kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
6) Processed in a way that ensures appropriate security of the personal data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.



Individuals have the following rights:
1) be informed of data processing (which is covered by the School’s Privacy Notice)
2) access information (also known as a Subject Access Request)
3) have inaccuracies corrected
4) have information erased
5) restrict processing
6) data portability (this is unlikely to ever be relevant to schools)
7) intervention in respect of automated decision making (automated decision making is rarely operated within schools)
8) Withdraw consent
9) Complain to the Information Commissioner’s Office



All Governors and staff have been made aware of the new GDPR regulations.  New staff are given this information at their induction and are expected to read the Data Protection policy.  Staff have access to the important policies and some are displayed in the staff room.


Data Security

Wolston St. Margaret's Primary School have a procedure to deal with any breach in data security.  Any breach will be reported to and dealt with by the DPO.  The breach will be recorded, investigated and steps taken to lessen any impact.  The DPO will decide if the breach is significant enough to report to the ICO.  This must be done within 72 hours of the data breach.  The DPO will evaluate the breach, risk assess and put in any changes to data security or process as required.


Subject Access Requests

You have a right to see your child’s specific records if you wish. Please ask for a 'Subject Access Request Form' at the school’s office, or download, print and fill in the details on the form below. We will need to see identification documentation to verify your request.