Privacy Policy

Privacy Notice


(For the equivalent student version, please see the bottom of this page)

St. Augustine’s College collects data and information about parents / guardians of our students so that we can operate effectively as a school. This privacy notice explains how and why we collect parent / guardian data, what we do with it and what rights parents have.
This privacy notice also covers other members of students’ families who we may process data about from time to time, including, for example, siblings, aunts and uncles and grandparents.

Privacy Notice (How we use parent / guardian information)

St. Augustine’s College is a secondary school that is an Augustinian School.

The Data Protection Officer is Mr Adeboye Oketayo

Why do we collect and use parent / guardian information?

We collect and use parent / guardian information under the following lawful bases:
a. where we have the consent of the data subject (Article 6 (a));
b. where it is necessary for compliance with a legal obligation (Article 6 (c));
c. where processing is necessary to protect the vital interests of the data subject or another person (Article 6(d));
d. where it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Article 6 (e)).

Where the personal data we collect about parents / guardians is sensitive personal data, we will only process it where:
a. we have explicit consent;
b. processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent; and / or
c. processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, where we respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.

Please see our Data Protection Policy for a definition of sensitive personal data.
We use the parent / guardian data to support our functions of running a school, in particular:
a. to decide who to admit to the school;
b. to maintain a waiting list;
c. to support student learning;
d. to monitor and report on student progress;
e. to provide appropriate pastoral care;
f. to assess the quality of our services;
g. to comply with the law regarding data sharing;
h. for the protection and welfare of students and others in the school, including our safeguarding / child protection obligations;
i. for the safe and orderly running of the school;
j. to promote the school;
k. to send you communications that may be of interest to you which may include information about school events or activities, news, campaigns, appeals, other fundraising activities;
l. In order to respond to investigations from our regulators or to respond to complaints raised by our stakeholders;
m. In connection with any legal proceedings threatened or commenced against the school.

The categories of parent / guardian information that we collect, hold and share include:
a. Personal information (such as name, address, telephone number and email address);
b. Information relating to your identity, marital status, employment status, religion, ethnicity, language, medical conditions, nationality, country of birth and free school meal / student premium eligibility / entitlement to certain benefits, information about court orders in place affecting parenting arrangements for students);

From time to time and in certain circumstances, we might also process personal data about parents / GUARDIANS, some of which might be sensitive personal data, information about safeguarding. This information is not routinely collected about parents / guardians and is only likely to be processed by the school in specific circumstances relating to particular students,
We collect information about parents / guardians before students join the school and update it during students’ time on the roll as and when new information is acquired.

Collecting parent / guardian information

Whilst the majority of information about parents / guardians provided to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain parent / guardian information to us or if you have a choice in this..

Storing parent / guardian data

A significant amount of personal data is stored electronically, for example, on our database, SIMS.Some information may also be stored in hard copy format.
Data stored electronically may be saved on a cloud based system which may be hosted in a different country, outside of the EU.
Personal data may be transferred to other countries if, for example, we are arranging a school trip to a different country.Appropriate steps will be taken to keep the data secure.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, insurance or reporting requirements To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a parent / guardian we will retain and securely destroy your personal information in accordance with applicable laws and regulations.

Who do we share parent / guardian information with?

We routinely share parent / guardian information with:
• schools that students attend after leaving us;
From time to time, we may also share information other third parties including the following:
• our local authority Hertfordshire County Council;
• a student’s home local authority (if different);
• the Department for Education (DfE);
• school governors / trustees; the central team at The Danes Educational Trust;
• the Police and law enforcement agencies;
• NHS health professionals including the school nurse, educational psychologists,
• Education Welfare Officers;
• Courts, if ordered to do so;
• the Teaching Regulation Authority;
• Prevent teams in accordance with the Prevent Duty on schools;
• other schools, for example, if we are negotiating a managed move and we have your consent to share information in these circumstances;
• Capita school information system
• Parentpay: school payments
• Show My Homework: online homework planner
• CPOMS: Child Protection
• Capita school information management system
• School Comms: school parent communication
• Sims SchoolView: parent app

Some of the organisations referred to above are joint data controllers. This means we are all responsible to you for how we process your data.
In the event that we share personal data about parents / guardians with third parties, we will provide the minimum amount of personal data necessary to fulfil the purpose for which we are required to share the data.

Requesting access to your personal data
Under data protection legislation, parents / guardians have the right to request access to information about them that we hold (“Subject Access Request”). To make a request for your child’s personal data, or be given access to your child’s educational record, contact [setting to include details of their administrator / Data Protection Officer] although any written request for personal data will be treated as a Subject Access Request.
The legal timescales for the School to respond to a Subject Access Request is one calendar month. As the School has limited staff resources outside of term time, we encourage parents / guardians to submit Subject Access Requests during term time and to avoid sending a request during periods when the School is closed or is about to close for the holidays where possible. This will assist us in responding to your request as promptly as possible. For further information about how we handle Subject Access Requests, please see our Data Protection Policy.

No fee usually required

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
You also have the right to:
• object to processing of personal data that is likely to cause, or is causing, damage or distress;
• prevent processing for the purpose of direct marketing;
• object to decisions being taken by automated means;
• in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
• claim compensation for damages caused by a breach of the our data protection responsibilities.


In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact The Data Protection Officer. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.


We have appointed a data protection officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. You can contact the Information Commissioners Office on 0303 123 1113 or via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.


We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.