Privacy Notice


The Academy of Lincoln Trust, through Lincoln Castle Academy or Ermine Primary Academy, collects and uses personal information about students under Article 6 (public task) and Article 9 (public interests) of the General Data Protection Regulation (GDPR).

We collect data to:

  • support students’ learning
  • monitor and report on their progress
  • provide appropriate pastoral care
  • assess how well the school as a whole is doing
  • to comply with the law regarding data sharing

The data we collect, use and may share with other organisations include:

  • Personal information (such as name, unique pupil number and address)
  • Characteristics (such as ethnicity, language, nationality, country of birth, special educational needs and relevant medical information)
  • Free school meals eligibility
  • Attendance information (such as sessions attended, number of absences and absence reasons)
  • Assessment information, exclusions / behavioural information, post 16 learning information

Collecting student data

Most of the student information you provide us is mandatory, that is, we are allowed by law to collect it. Some information will be provided to us voluntarily. We will tell you whether you are required to provide certain information or if you have a choice in this.

Storing student data

We are required by law to store all files containing information on students until the date of the student’s 25th birthday. After that we shred the file.

Sharing information

Each Academy is a ‘data controller’ for the purposes of the Data Protection Act 1998 and the General Data Protection Regulation (GDPR), which came into force on May 25, 2018. A data controller is an organisation that is responsible for the use made of someone's personal information.

We will not give information about our students to anyone without your consent unless the law and our policies allow us to do so. We are required, by law, to pass some information about our students to the Department for Education (DfE) under regulation 5 of The Education (Information About Individual Pupils) (England) Regulations 2013. We also share information with other agencies prescribed by law, such as the Qualifications and Curriculum Authority (QCA), Ofsted, the Education and Skills Funding Agency (ESFA), the Department of Health (DH), Primary Care Trusts (PCT), and valid organisations that require access to data in the Learner Registration System. All these are data controllers in respect of the data they receive, and are subject to the same legal constraints in how they deal with the data.

For more information about the data collection requirements placed on us by the Department for Education go to

A student’s right to access data about himself or herself

Students have certain rights under the Data Protection Act and the GDPR, including a right to be given access to personal data held about them by any data controller. It is presumed that, by the age of 12, children have sufficient maturity to understand their rights and to make an access request themselves if they wish.  A parent would normally be expected to make a request on a child’s behalf if the child is younger. A parent may make a request for a child aged 12 and over with the express, written permission of the child.

Additional rights

You and/or your child also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress;
  • prevent processing for the purpose of direct marketing;
  • object to decisions being taken by automated means;
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed;
  • claim compensation for damages caused by a breach of the Data Protection regulations.

Contact details

If you would like more information on the purposes for which data are collected and the agencies to which we are required to pass on data


If you would like to receive a copy of the information about your son/daughter that we hold


If you have a concern about the way we are collecting or using your or your child’s personal data then please contact:

and asking to speak to the Data Protection Officer:

The Data Protection Officer is responsible for overseeing data protection within the Academy so if you have any questions in this regard, please do contact her:

Lindsey Smith - Data Protection Officer
Healing Multi-Academy Trust

Telephone: 01472 502402

If you feel we have not addressed any concerns you may have, you have the right to contact the Information Commissioner’s Office at