Skip to main content

{{ root_page.title }}

Privacy notice for the Pupil Support Service


This privacy notice explains what types of personal data we may hold about you, how we collect it, how we use it and who we may share information with. We are required to give you this information under data protection law. This privacy notice should be read in conjunction with the corporate privacy notice.

Achieving for Children is registered as a controller with the Information Commissioner’s Office (ICO). Registration number ZA045069

Achieving for Children’s Pupil Support Service is responsible for discharging statutory duties on behalf of Kingston and Richmond Councils in respect of children who are reported missing from education (CME), children who are at risk exclusion or have been permanently excluded from school or children who are unable to attend school due to health or other reasons.

The Pupil Support Service offers consultancy to schools In Kingston and Richmond on all aspects of inclusion including behaviour management and whole school approaches, systems and policies. The service supports schools in developing sustainable inclusion strategies and practices, as well as offering advice and guidance about children with SEN, including those with challenging behaviour and social and emotional difficulties which impact on behaviour for learning. The service also supports effective multi agency work around vulnerable children.

The service also fulfills statutory duties in respect of children who are electively home educated and those not attending school regularly. Please refer to the Education Welfare Service privacy notice for further information. 

Personal data we may collect

  • Name
  • Unique pupil reference number
  • Date of birth
  • Home address
  • School name
  • SEND status
  • Ethnicity
  • Social care information and a summary of the concerns or referral reasons
  • School exclusion details
  • Managed move notifications
  • Reduced timetable notifications

How we collect this information

We collect personal information in the following ways:

  • face to face
  • assessment or report
  • telephone
  • emails
  • referrals or notification
  • video calls via Google Meet

How we use your personal data

  • to improve the outcomes for all children, especially vulnerable children
  • to support schools on all aspects of inclusion and behaviour management
  • to arrange alternative educational provision if required
  • to monitor school attendance, managed moves and reduced timetables
  • to monitor in year school transfers
  • to fulfill statutory role
  • service improvement, planning and research (anonymised data)

Lawful basis for processing your personal data

We collect and use the information ensuring that we comply with the General Data Protection Regulation (GDPR) and Data Protection Act 2018 requirements for processing through:

  • Article 6(1)(a) – data subject has given consent to processing;
  • Article 6(1)(c) – compliance with a legal obligation
  • Article 6(1)(e) – processing is necessary to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law;

These articles under the GDPR and the DPA2018 are supported by the following specific legislation:

  • Working together to safeguard children 2018
  • School Standards and Framework Act 1998
  • Education Act 1996, 2002

Who we share your personal information with

We will only share information where it is appropriate and legal to do so. Where this is necessary, we are required to comply with all aspects of the Data Protection Act 2018.

Depending on the individual circumstances of each situation, we may have to share this information with other teams within Achieving for Children to fulfil other duties and powers to support our work.

We may also share your information with the following organisations(this list is not exhaustive):

  • Ofsted
  • Department for Education
  • Schools
  • Judicial agencies
  • Independent education providers

How long will we keep your information

We only keep your personal data for as long as is required by law and in accordance with our retention schedule.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

Achieving for Children’s email service has been configured to Government Digital Service and we encrypt and authenticate email in transit using Transport Layer Security (TLS) and Domain-based Message Authentication, Reporting and Conformance (DMARC). We will ensure that when we send emails containing your personal information they are sent using appropriate security measures to encrypt the data in transit. This may involve the use of a third party encryption tool where appropriate.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Your rights and access to information

Under data protection legislation you have the right to request access to the information that we hold about you. To request a copy of your data, please read the Individual Rights Requests page and then submit your request using your preferred method of contact.

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • redress, either through the ICO, or through the courts

If you have any questions or concerns about the way we process personal data, or would like to discuss anything in this privacy notice, please contact our Data Protection Officer: [email protected]

If you want to make a complaint about how we handle your personal data, we ask that you give our Data Protection Officer the opportunity to respond in the first instance, but you are not obliged to do this. You can make a complaint directly to the Information Commissioner’s Office at