SGS Academy Trust Privacy Statement

SGS Academy Trust is the Data Controller for the use of pupil information and personal data in your school (Forest High School / Berkeley Green UTC / SGS Pegagus).

The Data Controller collects and processes personal data about prospective, current and former pupils, their parents and other people connected to or visiting the school.

The categories of pupil information that we process include:

  • personal and contact details (such as name, unique pupil number, address and telephone number)
  • personal characteristics (such as ethnicity, language, and free school meal eligibility)
  • safeguarding information (such as court orders and professional involvement)
  • special educational needs (including difficulties, disabilities and ranking)
  • medical and administration information (such as doctors information, child health, dental health, allergies, medication and dietary requirements)
  • attendance (such as sessions attended, number of absences, absence reasons and any previous schools attended)
  • assessment and attainment (such as key stage 1 and phonics results, pre and post 16 subjectsenrolled on, references and relevant results, including examination results)
  • behavioural information (such as exclusions and any relevant alternative provision put in place)
  • images, audio and video recordings, including CCTV records;
  • financial information (including for bursary assessment or for educational funding); and
  • courses, meetings or events attended.

This list is not exhaustive, to access the current list of categories of information we process please see our Data Privacy & Protection Policy.


Why we collect and use pupil information

The personal data we collect is essential, for the school to fulfil its official functions and to meet legal requirements.

We collect and use pupil information, for the following purposes:

  1. the recruitment, selection and enrolment of pupils;
  2. the provision of education to pupils, including the administration of the curriculum and the timetable
  3. to support pupil learning
  4. to monitor and report on pupil attainment and progress
  5. to provide appropriate pastoral care
  6. to assess the quality of our services
  7. to keep children safe (food allergies, or emergency contact details)
  8. to meet the statutory duties placed upon us by the Department for Education

Under the General Data Protection Regulation (GDPR), the lawful basis we rely on for processing pupil information are:

The SGS Academy Trust’s lawful basis for processing personal data in respect of employee information is that the processing is necessary to fulfil contractual and HMRC obligations, and those within the ‘keeping children safe in education’ statutory guidance.

The lawful basis for processing personal data in respect of enrolment, funding, awarding body registration, teaching, pupil support, performance monitoring and research is that the processing is necessary for the organisation to perform a task in the public interest and for its official functions; these tasks and functions have a clear basis in law.

The lawful basis for processing personal data in respect of alumni relations, internal events, fundraising purposes, direct marketing and marketing research is the pursuit of the Academy Trust’s legitimate interests. (This includes the intra-SGS Group transfer of data for administrative purposes, where those purposes are not detrimental to the rights of the data subject.) SGS Group and its subsidiaries have a lawful basis for further processing, where that processing assists the Trust in achieving its mission and is compatible with the purpose for which the data was initially collected.

SGS Academy Trust and its schools will further process personal data for archiving purposes in the public interest and for research and statistical purposes. The processing of personal data in respect of keeping children safe in education is a legal obligation under the Education Act 2002.

The lawful basis for processing and using photographs is consent. Before we take or use any photographs we will ask pupils (if they are old enough) or a parent or guardian to give permission for us to take and use photographs. When we ask for consent we always explain why we want it and what we will do with it but you do not have to give consent, that is your choice. If you give consent we may use photographs, for example, on display boards or on the school’s website.

When undertaking any major project concerning the processing of personal data, or considering processing that is likely to result in a high risk to individuals’ interests, SGS Academy Trust will undertake a Data Protection Impact Assessment (DPIA).

In addition, when we process personal information concerning any special category data, processing will only be carried out where in line with Regulation 9 of GDPR.

Collecting pupil information

We collect pupil information through our registration forms at the start of the school year or via the Common Transfer File (CTF) from previous schools.

Pupil data is essential for the schools’ operational use. Whilst the majority of pupil information you provide to us is mandatory, some of it is requested on a voluntary basis. In order to comply with the data protection legislation, we will inform you at the point of collection, whether you are required to provide certain pupil information to us or if you have a choice in this and we will tell you what you need to do if you do not want to share this information with us.

Storing pupil data

We hold pupil data securely for the set amount of time shown in our data retention schedule. For more information on our data retention schedule and how we keep your data safe, please see:

Our Data Privacy & Protection Policy

We have physical, electronic and managerial procedures in place to safeguard and secure the information we collect.

But please remember:

  • You provide personal data at your own risk; unfortunately no data transmission is guaranteed to be 100% secure.
  • When using school systems, you are responsible for your username and password; please ensure you keep them safe and secret!
  • If you believe your privacy has been breached, please contact us immediately by emailing

SGS Academy Trust has a clear process to address and potential personal data breach:

Our Data Privacy & Protection Policy

Who we share pupil information with

We routinely share pupil information with:

  • schools
  • local authorities
  • youth support services (for pupils aged 13+)
  • the Department for Education (DfE)

We will also share information with the other schools that form part of the SGS Academy Trust and with external organisations when required to do so by law or when it is in the best interests of pupils, for example we may share personal information with the NHS or with providers of educational services, such as Hegartymaths who provide services and tools to help you develop your numeracy and maths (for further details click here) use this link:

We will share ordinary personal data with the parents [or guardians] of learners under the age of 18 for the purposes of keeping parents [or guardians] informed about pupil activities, progress, behaviour and attainment; and in the interests of a pupil welfare, unless, in our opinion, there is a good reason not to.

Why we regularly share pupil information

We do not share information about our pupils with anyone unless we are required to do so by law or where doing so would be in the pupils interest.

Youth support services

Pupils aged 13+

Once pupils reach the age of 13, we also pass pupil information to our local authority or provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996.

This includes:

  • youth support services
  • careers advice

A parent or guardian can object to any information in addition to their child’s name, address and date of birth being passed to their local authority or provider of youth support services by informing us. This right is transferred to the pupil once they reach the age 16

Data is securely transferred to the youth support service via secure file transfer.

Pupils aged 16+

We will also share certain information about pupils aged 16+ with our local authority or provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996.

This includes:

  • post-16 education and training
  • youth support services
  • careers advisers

Once a pupil reaches the age of 16 they can object to their name, address and date of birth being passed to their local authority or provider of youth support services by informing us.

Data is securely transferred to the youth support service via secure file transfer.

For more information about services for young people, please visit our local authority website.

Department for Education

The Department for Education (DfE) collects personal data from schools and local authorities via various statutory data collections. We are required to share information about our pupils with the Department for Education (DfE) either directly or via our local authority for the purpose of those data collections, under:

  • Section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013.
  • Regulation 5 of The Education (Information About Individual Pupils) (England) Regulations 2013.

All data is transferred securely and held by DfE under a combination of software and hardware controls, which meet the current government security policy framework.

For more information, please see ‘How Government uses your data’ section.

Local Authorities

We may be required to share information about our pupils with the local authority to ensure that they can conduct their statutory duties under

Requesting access to your personal data

Pupils and their parents or guardians have the right to request access to the information we hold about them. To make a request for your personal information, or be given access to your child’s educational record, please contact the Designated Data Controller for the relevant school as below:

John Whitehead
HeadteacherSGS Forest High School, Causeway Road, Cinderford, Gloucestershire, GL14 2AZ
Louise Davies
HeadteacherSGS Berkeley Green UTC, Gloucestershire Science and Technology Park, Berkeley, GL13 9FB
Dominic Broad
HeadteacherSGS Pegasus School, Hempton Lane, South Gloucestershire, BS32 4AJ

Depending on the lawful basis above, you may also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • a right to seek redress, either through the ICO, or through the courts

If you would like to excerise any of your rights or you are concerned about the way we are collecting or using your personal data, you should raise your concern with us in the first instance by contacting the SGS Data Protection Officer at or by writing to:

Data Protection Office
SGS Multi Academy Trust
Stratford Road, Stroud
Gloucestershire, GL5 4AH
0800 0567 253 / 0117 931 2121 / 01453 763 424

Alternatively, you can raise your concern with the Information Commissioner’s Office at:

For further information on how to request access to personal information held centrally by DfE, please see the ‘How Government uses your data’ section of this notice.

Changes of details: The SGS Academy Trust takes all reasonable steps to ensure that personal data, held in relation to pupils, is as up to date and accurate as possible. However the Academy Trust expects that individual pupils will notify their school of any significant changes to important information, such as contact details.

Cookies and Other Tracking Technologies

We may use cookies or other technologies to help provide an effective online presence, offer you a more personalised user experience and market products and services to you.

How Government uses your data

The pupil data that we lawfully share with the DfE through data collections:

  • underpins school funding, which is calculated based upon the numbers of children and their characteristics in each school.
  • informs ‘short term’ education policy monitoring and school accountability and intervention (for example, school GCSE results or Pupil Progress measures).
  • supports ‘longer term’ research and monitoring of educational policy (for example how certain subject choices go on to affect education or earnings beyond school)

Data collection requirements

To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to

The National Pupil Database (NPD)

Much of the data about pupils in England goes on to be held in the National Pupil Database (NPD).

The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the department.

It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.

To find out more about the NPD, go to

Sharing by the Department

The law allows the Department to share pupils’ personal data with certain third parties, including:

  • schools
  • local authorities
  • researchers
  • organisations connected with promoting the education or wellbeing of children in England
  • other government departments and agencies
  • organisations fighting or identifying crime

For more information about the Department’s NPD data sharing process, please visit:

Organisations fighting or identifying crime may use their legal powers to contact DfE to request access to individual level information relevant to detecting that crime. Whilst numbers fluctuate slightly over time, DfE typically supplies data on around 600 pupils per year to the Home Office and roughly 1 per year to the Police.

For information about which organisations the Department has provided pupil information, (and for which project) or to access a monthly breakdown of data share volumes with Home Office and the Police please visit the following website:

How to find out what personal information DfE hold about you

Under the terms of the Data Protection Act 2018, you are entitled to ask the Department:

  • if they are processing your personal data
  • for a description of the data they hold about you
  • the reasons they’re holding it and any recipient it may be disclosed to
  • for a copy of your personal data and any details of its source

If you want to see the personal data held about you by the Department, you should make a ‘subject access request’. Further information on how to do this can be found within the Department’s personal information charter that is published at the address below:

To contact DfE:

Help us make this good statement great

We designed this privacy notice to be as transparent, useful and informative as possible and we would love to hear any feedback on how we can make it even better. Please contact us at,uk, and please don’t let this be the last time you read this notice. We may make changes to it from time to time and in response to your feedback – remember, it’s your data and your privacy that we’re trying to protect!

This version was last updated in March 2020


If you would like to discuss anything in this privacy notice, please contact