Skip Ribbon Commands
Skip to main content
General Data Protection Regulations (GDPR) Privacy Notice for Students

Who processes your information?

Thomas Rotherham College is part of Inspire Trust, which also includes Sitwell Junior School and Oakwood High School.  The Trust is the data controller of the personal information you provide to us. This means the Trust determines the purposes for which, and the manner in which, any personal data relating to students is to be processed. This Privacy Notice covers both the Trust and Thomas Rotherham College.

Peter Thorpe on behalf of the Trust acts as a representative for Thomas Rotherham College with regard to its data controller responsibilities for students; Peter Thorpe can be contacted on 01709 300749  or via email at

Mrs E Whitehouse, Director of Corporate Services acts as a representative for the Trust with regard to its data controller responsibilities; she can be contacted on 01709 512222 or  

The Trust Data Protection Officers are:

  • Mr D Naisbitt, CEO, Inspire Trust
  • Mrs C Moulden, Head of School, Oakwood High School
  • Mrs J Dawson, Head of School, Sitwell Junior School

The Trust employs the services of an external advisor Mr Tim Pinto who can be contacted via the school.  Mr Pinto's role is to oversee and monitor the school's data protection procedures, and to ensure they are compliant with the GDPR.

In some cases, your data will be outsourced to a third party processor; however, this will only be done with your consent, unless the law requires the college to share your data. Where the college outsources data to a third party processor, the same data protection standards that Inspire Trust upholds are imposed on the processor.

Why do we collect and use your information?

Inspire Trust holds the legal right to collect and use personal data relating to students, and we may also receive information regarding them from their previous school, destination College or University, Local Authority and/or the Department for Education. We collect and use personal data in order to meet legal requirements and legitimate interests set out in the GDPR and UK law, including those in relation to the following:

  • Article 6 and Article 9 of the GDPR
  • Education Act 1996 (including duties under section 507B)
  • Statutory Data returns to the ESFA and DFE

In accordance with the above, the personal data of students is collected and used for the following reasons:

  • identification and security purposes
  • to support student learning
  • to monitor and report on student progress
  • to provide appropriate pastoral care
  • to assess the quality of our service
  • to comply with the law regarding data sharing
  • to Safeguard the health and wellbeing of students (including contacting the stated emergency contact person/s)
  • to celebrate student achievement.

Student personal data is held in the following systems which have been confirmed as compliant with the General Data Protection Regulations:

  • Unit-E – Student Educational and Personal Data
  • Sharepoint – Student Educational and Personal Data
  • Office 365 (One Drive) - Student Educational and Personal Data
  • Heritage – Personal Data and Learning Resource Centre Activity
  • My PC - Personal Data and Computer Booking Activity
  • PaperCut - Personal Data and Printing Activity
  • Moodle – Student Personal Data and VLE activity
  • MyDay - Student Educational and Personal Data
  • Call Parents – Student Personal Data
  • ProAchive/ProGeneral - Student Educational and Personal Data
  • Password protected network drives and email
  • SQL Server - Student Educational and Personal Data
  • College User Accounts System - Student Personal Data

Failure to provide personal data

The Trust does not need to secure your consent for the collection of your personal data as there is a legitimate need for collection (as outlined above).  However, the Trust has a duty to inform you of what data is retained, for how long and wherever possible to provide you secure access to your own data.  You can decline to provide some or all of your data, however, if a student fails to provide their personal data, there may be significant consequences. Possible consequences of not prodividign specific data are:

  • Biographical and Educational History - The College would be unable to meet our statutory data requirements and unable to enrol the student.
  • Next Of Kin Contact Details - The College would be unable to contact anyone in an emergency. This would exclude the student from college trips and parents evening.
  • Medical Records – The College would be unable to administer first aid or allow the student to go on college trips.  
  • Financial Details – The College uses financial details to offer bursary and free meals support to students. If we are unable to collect this information we cannot offer financial support.
  • Learning Difficulties or Disabilities – The College uses this information to offer support, reasonable adjustments for Examinations and funding for learners aged 19 to 25 with Educational Health Care Plans. If the Student chooses not to supply this information we could not offer support.

Which data is collected?

The personal data the college collects, holds and shares includes the following:

  • personal information; names, date of birth,  student telephone numbers, addresses, email, photo, emergency contact details
  • characteristics; gender, ethnicity, nationality, country of birth
  • Special Educational Needs, Educational Health Care Plans and disability data
  • Looked After Child (LAC), and Young Carer Information
  • support Fund, vulnerable bursary and free college meals eligibility
  • medical and first aid data
  • educational history including qualifications on entry and previous school
  • timetable and attendance data
  • student work, assessment and progression data
  • behavioural information, including incidents involving the student
  • safeguarding data (including accidents)
  • examination data
  • college trip information
  • permissions for student photo or image for publicity (via consent).
  • employment and work placement information
  • student destination information
  • criminal records
  • transport arrangements

Whilst the majority of the personal data you provide to the college is mandatory, some is provided on a voluntary basis. When collecting data, the college will inform you whether you are required to provide this data or if your consent is needed. Where consent is required, the college will provide you with specific and explicit information with regards to the reasons the data is being collected and how the data will be used.  

How long is your data stored for?

Personal data relating to students at Thomas Rotherham College is stored in line with the college's Records Management Schedule.  In accordance with the GDPR, the college does not store personal data indefinitely; data is only stored for as long as is necessary to complete the task for which it was originally collected or in line with legal requirements.

Will my information be shared?

The Trust is required to share students' data with the Department for Education (DfE) and ESFA (an executive agency of the DfE) on a statutory basis, this includes the following:

  • student personal information
  • student characteristics
  • enrolment records
  • Special Educational Needs, Educational Health Care Plans and disability data
  • Looked After Child (LAC), and Young Carer Information
  • support fund, vulnerable bursary and free college meals eligibility
  • examination data
  • employment and work placement information
  • timetable and attendance data
  • student destination information

The Trust will not share your personal information with any third parties without your consent, unless the law allows us to do so. The college routinely shares students' information with:

  • schools
  • further and higher education providers
  • the Local Authority
  • the Department for Education
  • the National Health Service
  • the Police
  • examination boards

The information that we share with these parties includes the following:

  • personal details including contact information
  • timetables and attendance
  • student destination information
  • medical

We may also share specific personal data of students with post-16 education and training providers, in order to secure appropriate services for them. The information provided includes names, addresses and dates of birth of students and any information necessary to support the services, e.g. Assessment data, school name, ethnicity or gender.  The providers include:

  • Local Authority services
  • The Universities and Colleges Admissions Service (UCAS)
  • National Apprenticeship Service
  • Post 16 Providers.


Please note, we do not need parental consent to share information which we deem appropriate to safeguard or support students. This right is provided by the Statutory guidance for schools and colleges in 'Keeping Children Safe in Education' (September 16) and the update to be applied from September 2018.

However, we do have a duty to inform you of what will be shared and who with.  For safeguarding purposes, information may be requested by and shared with a range of services and agencies who work with us to support and protect children and their families.  These include:

  • The Police
  • The Local Authority, including Social Care, Early Help
  • 0-19 Health Service
  • Other agencies as part of the multi agency approach as set out in Working Together to Safeguard Children March 2015
  • Other schools colleges and education services providers.

What are your rights?

Students have the following rights in relation to the processing of their personal data:

  • be informed about how the Trust and Thomas Rotherham College uses your personal data
  • request access to the personal data that Thomas Rotherham College holds
  • request that your personal data is amended if it is inaccurate or incomplete
  • request that your personal data is erased where there is no compelling reason for its continued processing
  • request that the processing of your data is restricted
  • object to your personal data being processed.

Where the processing of your data is based on your consent, you have the right to withdraw this consent at any time. 

If you have a concern about the way the Trust or Thomas Rotherham Colelge is collecting or using your personal data, you can raise a concern with the Data Protection Officer at the college; Shirley Brookes-Mills on 01709 300604.

You can also raise a concern with the Information Commissioner's Office (ICO), on 0303 123 1113, Monday-Friday 9am-5pm.

The Trust reserves the right to update as and when required and will post updates on our college websites.

Where can you find out more information?

If you would like to find out more information about how the Trust use and store your personal data, please visit our website