 Online learning platformFull or part-time homeschooling packages available for primary to college |  Live lessonsAll courses are run through live lessons and an online platform |  Attending online primary schoolOur online primary school is available for students aged 5 to 11. |  Planning to switch to online school |
|---|---|---|---|
 Attending online primary classes |  Attending online lessons from home |  Children attending online school |  Student attending online college class |
 Students attending online lesson from home |
Privacy Policy
Introduction
We are Eureka Learning Online School, an independent school for students aged 5 to 18. Our registered address is:
Building 1000
Lakeside North Harbour
Western Road
Portsmouth
PO6 3EZ
As the data controller, we are responsible for protecting the personal information we hold about you. Our Data Protection Registration Number is ZA898955.
​
We respect your privacy and take our legal responsibilities seriously. This notice explains:
1. How we collect personal information
2. What personal data we collect and why
3. Who we share information with
4. Our legal basis for processing
5. How we keep your data secure
6. How long we retain your data
7. Oversees data transfers
8. Your data protection rights
9. Contact us
​
How we collect personal information
We collect personal data directly when you:
• Register your child with us
• Apply for a job, volunteer
• Visit our website
• Make an enquiry, request or complaint
We also receive personal data indirectly, for example from:
• Previous schools when a student transfers
• External professionals (e.g. health or social care)
• Parents/employees providing emergency contacts
• Public authorities (eg local authority, police, courts)
• Referees for job applicants, volunteers and governors
​
What personal data we collect and why
We collect and use personal information about the people who interact with us. This helps us run our
school effectively and ensure we meet our legal obligations. The following is a summary of the type of
personal data we hold about key groups of people and how we use it:
Students
We collect and process the following information about students to support their education, safety,
and wellbeing, and to meet our statutory obligations:
• Identifiers and contact details – name, date of birth, home address, unique student number,
examination/candidate number.
• Characteristics – gender, ethnicity, nationality, English as an Additional Language (EAL),
Special Educational Needs and Disabilities (SEND) status, eligibility for free school meals and
Looked-After Child (LAC) status.
• Faith and beliefs – religion or belief (including “no religion” or none declared).
• Education – attainment, progress, assessments, reports and feedback, transition records
when a student joins or leaves, curriculum records, predicted grades, exam results.
• Attendance – daily registers, absence communications, attendance statistics.
• Health – medical conditions, disabilities and accidents.
• Behaviour and welfare – behaviour logs, rewards, sanctions, exclusions, pastoral records, and
relevant family circumstances
• Safeguarding – concerns, referrals, interventions and protection measures.
• Special educational needs – Education Health and Care Plans (EHCPs), Individualised
Education Plans (IEPs) and records of specialist involvement.
• Images – photographs and videos of classes.
• Consents – permissions for image use.
• Work experience and careers - work experience records and references, careers advice notes,
post-16/18 destination information.
We use this information to identify students, keep them safe, and support their learning, development,
and wellbeing. It also enables us to deliver high-quality teaching and care, meet statutory data
collection and reporting requirements, monitor equality, manage admissions fairly, and work in
partnership with families to provide effective pastoral care. Work experience and careers information
further helps us prepare students for transition, progression, and future opportunities.
Class recordings are captured to allow students to view the class in their own time or repeat a lesson.
These may also be processed for crime prevention and detection, safeguarding, and the safety of
individuals. They may also be used as evidence in relation to incidents, investigations, or complaints.
Other images may be used for identification and administration, celebrating school life, or promotional
purposes where appropriate consents have been obtained.
Parents and carers
We collect and process the following information about parents and carers in order to support the
education, safety, and wellbeing of students, and to meet our statutory and operational obligations:
• Identifiers and contact details – Name, home address, telephone number, email address, and
work contact details.
• Family circumstances – parental responsibility, guardianship, court orders,
separation/divorce details, and any other information relevant to the student’s welfare and
safeguarding.
• Faith and beliefs – religion or beliefs (including “no religion” or none declared).
• Financial – payment details for school fees, eligibility for bursaries, grants and scholarships.
• Armed forces – whether the parent/carer is a serving member of the armed forces
• Images – class recordings should the parent / guardian be visible in these.
We use this information to communicate effectively with parents and carers, support student learning,
promote wellbeing, and act in each child’s best interests. It helps us to understand family
circumstances, manage admissions fairly, and respect faith or beliefs.
We also process this information to administer payments, determine eligibility for financial support,
record consents and fulfil reporting requirements.
Employees
We collect and process the following information about employees to manage employment
relationships fairly, safely, and lawfully, and to meet our statutory and contractual obligations:
• Identifiers and contact details – Name, date of birth, employee or teacher number, National
Insurance Number, home address, telephone number, email address and emergency contact
details.
• Characteristics – gender, age and ethnicity.
• Recruitment – job application records, qualifications, training, right to work documentation,
references, Disclosure and Barring Service (DBS) and Barred List results (where required).
• Employment records – start date, role, contract, salary, working hours, appraisal and
performance, professional development, disciplinary and grievance records.
• Payroll and pensions – bank account details, salary, tax, pension contributions, payroll
records.
• Health and dietary – medical conditions, disabilities, occupational health assessments,
dietary needs and accident/first aid records.
• Absence – records of sickness, maternity/paternity, parental and adoption leave records,
compassionate leave, fit notes and return-to-work forms.
• Faith and beliefs – religious affiliation, observance of religious festivals or prayer times,
expressions of philosophical or other beliefs.
• Images – staff ID photographs, class recordings, photographs for promotional purposes.
• Consent – preferences relating to optional uses of personal data (e.g. wellbeing surveys,
promotional photography).
We use this information to recruit, train, and appraise staff, administer payroll and pensions, and
comply with tax and reporting obligations. Employee records support the monitoring of equality and
diversity, delivery of safeguarding and safer recruitment duties, and provision of reasonable
adjustments to support health, wellbeing and faith needs.
Employment records, absence data, and emergency contacts enable us to plan workforce capacity,
manage attendance, and respond effectively in emergencies.
Class recordings are captured to allow students to view the class in their own time or repeat a lesson.
These may also be processed for crime prevention and detection, safeguarding, and the safety of
individuals. They may also be used as evidence in relation to incidents, investigations, or complaints.
Other images may be used for identification and administration, celebrating school life, or promotional
purposes.
Temporary workers, contractors, trainee/student teachers
We collect and process the following information to manage temporary and agency staff, contractors,
and trainee or student teachers fairly, safely, and lawfully, and to meet our statutory and contractual
obligations:
• Identifiers and contact details – name, teacher number, home address, telephone number,
and email address.
• Characteristics - gender, age and ethnicity.
• Recruitment – qualifications, training, right-to-work documentation, references, and
Disclosure and Barring Service (DBS) and Barred List results (where required).
• Contract information – start date, role, hours of work, bank/payment details, and pension/tax
details.
• Health and dietary – medical conditions, disabilities, dietary needs, and accident/first aid
records.
• Faith and beliefs – religious affiliation, observance of religious festivals or prayer times, and
expressions of philosophical or other beliefs.
• Images – ID photographs, class recordings, and photographs or videos taken for training, or for
promotional purposes.
• Consent – preferences relating to optional uses of personal data (e.g. use of images for
promotional materials).
We use this information to recruit appropriately, confirm suitability to work with children, administer
contracts, make salary or fee payments, and meet tax, pension, and reporting obligations. We also use
it to monitor equality and diversity, fulfil safeguarding and safer recruitment requirements, and make
reasonable adjustments to support health, wellbeing, and faith needs. Contract and attendance
information supports effective workforce planning, while emergency contact details ensure we can
respond quickly in urgent situations.
Class recordings are captured to allow students to view the class in their own time or repeat a lesson.
These may also be processed for crime prevention and detection, safeguarding, and the safety of
individuals. They may also be used as evidence in relation to incidents, investigations, or complaints.
Other images may be used for identification and administration, celebrating school life, or promotional
purposes.
Job applicants
We collect and process the following information about job applicants in order to manage recruitment
fairly, transparently, and in line with statutory safeguarding obligations:
• Identifiers and contact details – name (including former names), date of birth, home and
previous addresses, telephone number, email address, and National Insurance number.
• Application details – position applied for, personal statement, employment history (including
reasons for leaving previous or current roles), and referee details. Shortlisted applicants are
also required to provide self-declarations relating to criminal records, prohibition from
teaching, involvement with the police or social care, disqualifications, and relevant overseas
information.
• Education and experience – qualifications, academic achievements, training, professional
development, and employment history relevant to skills, knowledge, and experience.
We use this information to communicate with applicants, assess their suitability for the role, and
evaluate their skills, knowledge, and experience. This ensures that appointments are made on merit, in
line with safer recruitment principles, and in compliance with our legal and safeguarding obligations
under the Department for Education’s Keeping Children Safe in Education (KCSIE) 2025.
As required by KCSIE 2025, we also carry out a range of pre-employment checks before any
appointment is confirmed. These include verification of identity, right to work in the UK where
applicable, qualifications, references, and criminal record checks (including enhanced DBS and Barred
List checks where applicable).
In addition, for shortlisted candidates we conduct proportionate online searches of publicly available
information. These searches are undertaken after shortlisting and before interview and are carried out
solely to help identify any issues that may be relevant to an applicant’s suitability to work with children
and young people.
Emergency contacts (for students and employees)
We collect and process the following information about emergency contacts in order to act quickly and
safely in urgent situations, and to support the welfare of students and employees:
• Identifiers and contact details – name, address, telephone number, and email address.
• Relationship – the individual’s relationship to the student or employee (e.g. grandparent,
neighbour, partner).
• Authorisation details – passwords or agreed student arrangements.
We use this information to ensure that, in the event of an emergency, we can contact the right person
without delay. Authorisation details, such as passwords or agreed arrangements, help us to maintain
student safety in classes and during emergencies.
Referees (for job applicants, volunteers, governors)
We collect and process the following information about referees in order to support recruitment,
volunteering, and governance appointments, and to meet our safer recruitment and safeguarding
responsibilities:
• Identifiers and contact details – name, address, telephone number, and email address.
• Relationship – the referee’s relationship to the applicant (e.g. previous employer, colleague,
mentor).
• Reference – the information you provide about the applicant’s suitability, character, skills, and
experience.
We use this information to verify the background and suitability of individuals applying to work,
volunteer, or serve as governors within the school. Contact details and the stated relationship to the
applicant allow us to confirm the context of the reference, while the content of the reference provides
an informed assessment of the applicant’s character, competence, and overall suitability for the role.
This process forms an essential part of our safer recruitment practices and helps us to discharge our
statutory safeguarding duties in line with the Department for Education’s Keeping Children Safe in
Education (KCSIE) 2025.
People who make a complaint, request or enquiry
We collect and process the following information from individuals who contact us with a complaint,
request, or enquiry:
• Identifiers and contact details – name, address, telephone number, and email address.
• Case details – description of the complaint, request, or enquiry, records of correspondence,
and the case outcome.
We use this information to identify you, respond to your enquiry or complaint, and maintain accurate
records of the outcome. Keeping case details and correspondence allows us to manage follow-up
enquiries, appeals, or tribunal proceedings where necessary.
This processing also ensures we can meet our legal and administrative responsibilities, demonstrate
accountability in decision-making, and provide a fair and transparent process when handling
complaints or requests.
Website users
When you visit our website, we collect standard internet log information and details about how the
service is used. This may include data such as websites or pages visited, length of time on pages,
navigation paths, and connection details. Collecting this information helps us to understand how our
services are being used, identify which areas are most frequently accessed, and improve both content
and usability.
This information is processed in an anonymised and aggregated form so that it does not identify
individual users. We do not attempt to discover the identities of those who use our website, and we do
not link the information collected with any personally identifiable data from other sources.
For further details about the cookies we use and how you can manage them, please see our Cookie Policy
Who we share information with
We only share information where it is necessary, lawful and proportionate. Examples include:
Department for Education (DfE):
We have a legal duty to share certain information about students, employees and staff with the
Department for Education (DfE), so it can carry out its statutory responsibilities. This information is
shared with authorised representatives for the purpose of obtaining accreditation for the School.
Data is not sent to third parties in this case, but accessed by authorised representatives through the
School IT system.
Local Authority:
We are legally required to share certain information with our local authority so that both organisations
can discharge their statutory duties effectively:
• Students and parents – information may be shared to support admissions under the School
Admissions Code We are also required to share safeguarding information under Section 11 of
the Children Act 2004 (duty to safeguard and promote welfare) and Section 47 of the Children
Act 1989 (duty to investigate and take action to protect children).
• Employees – workforce information must be shared under Regulation 5 of the Education
(Supply of Information about the School Workforce) (England) Regulations 2007 (as amended).
• Concerns or allegations – under the Department for Education’s Keeping Children Safe in
Education 2025, the school is required to share information about anyone working in the school
who provides education to students under the age of 18, where there are concerns or
allegations of harm. This includes teachers, supply teachers, volunteers and contractors.
Health professionals:
We may share student information with relevant health professionals (such as educational
psychologists, school nurses, or health visitors) to support students’ education, wellbeing, and
pastoral care. Wherever possible, this will be done with parental consent. However, information may
also be shared without consent where necessary to fulfil our statutory duties or to safeguard a child.
Other schools:
When a student transfers to another school, we inform the council local to the student where this is
within the UK unless parents object.
Where we have concerns about a student’s safety, we are also legally obliged to share relevant
safeguarding information with the receiving school, in line with the Department for Education’s Keeping
Children Safe in Education (KCSIE) 2025. This ensures continuity of safeguarding and welfare support
for the child. Further information about our safeguarding practices can be found on our website.
Examination boards and moderators:
We are required to share information about our students with examination boards and moderators, so
they can enter those students into exams, make accessibility arrangements for them where required,
mark their work and issue their grades.
Youth support services and careers advisors:
We are required to share certain information about pupils aged 13–19 with the local authority and/or
youth support services where these are located within the UK, under Section 507B of the Education Act
1996. This helps them provide education, training, careers advice and other support.
• From age 13, we must provide basic student details. Parents/guardians can object to any
information beyond a student’s name, address and date of birth being shared.
• From age 16, this right transfers to the student. They can object to even their basic details being
passed on.
For more information about local youth support services, please visit your local authority’s website.
Independent Schools Inspectorate:
During inspections, we may be required to provide inspectors with access to a sample of the school’s
records. These records may contain identifiable personal information. Inspectors will only view this
information for the purposes of the inspection. Any personal data seen by inspectors will not be taken
away, retained, or used in their reports.
Law enforcement and courts:
We may be required to share personal information with the police, other law enforcement agencies, or
the courts. Such disclosures may be necessary in order to assist with investigations, comply with a
court order, prevent or detect crime, or protect and safeguard individuals who may be at risk.
Research:
From time to time, we may be asked to contribute to local or national research projects that involve the
use of student data and are endorsed by the Department for Education (DfE). These projects are
designed to improve understanding of education, outcomes, and the wellbeing of children and young
people.
If identifiable personal data is required for a research project, we will inform parents and carers in
advance and provide the opportunity to opt out of their child’s data being included. Where possible,
data will be anonymised or aggregated so that individuals cannot be identified.
Service providers:
We use a range of external companies and organisations to support the effective running of the school.
These include providers of IT support, online learning and communication platforms, payroll and
finance services, professional advisers and training providers.
These organisations act as our ‘data processors’. Where personal information needs to be shared or
stored using their systems, this is done under contract and in compliance with the UK GDPR, ensuring
that personal data is protected and individuals’ rights are upheld.
We also work with providers who deliver services directly to students or parents, such as tutors or extra-
curricular clubs. Where consent is required, we will seek this in advance unless it is reasonable to
expect us to act on your behalf.
Our service providers may change from time to time. For details of the current companies or individuals
we work with, please contact us at proprietor@bolandcompanies.co.uk
1. Our legal basis for processing
We process personal information when we have a lawful basis to do so under the UK GDPR and Data
Protection Act 2018. The main legal bases we rely on are:
• Legal obligation: where processing is required by law (e.g. sharing information with the
Department for Education, HMRC, the courts, or the local authority).
• Contract: where processing is necessary to meet contractual obligations (e.g. for employees,
agency staff, school fee payers, or agreements with service providers).
• Consent: In limited circumstances where we cannot rely on another lawful basis, we will rely
on consent (eg using photographs or videos for publicity, marketing communications, or
providing access to optional third-party services).
• Vital interests: where processing is necessary to protect life or prevent serious harm (e.g. in
medical emergencies or safeguarding situations).
• Legitimate interests: where there is a clear benefit to the school or individuals, the impact on
privacy is minimal, and data subjects have a reasonable expectation that their data will be
processed in this way.
When processing special category data (such as racial or ethnic origin, political opinions, religious or
philosophical beliefs, genetic or biometric data, health information, or data relating to sex life or
orientation), we must also rely on an additional lawful basis. The main ones we use are:
• Explicit consent – eg when collecting facial recognition data.
• Employment, social security or social protection law – eg safeguarding, health and safety,
equality monitoring and tax compliance.
• Vital interests – eg sharing health details with emergency services when someone’s life is at
risk and they are unable to consent.
• Not-for-profit bodies – eg processing personal data by religious or charitable organisations
about their members.
• Legal claims – eg establishing, exercising or defending legal claims.
• Substantial public interest – eg safeguarding children or assisting law enforcement.
• Assessment of working capacity – eg occupational health reviews to determine whether an
employee is fit to return to work after illness or injury.
This list is not exhaustive. For further details about how we handle special category data and criminal
offence data, please see our Appropriate Policy Document.
2. How we keep your data secure
We take the security of personal data very seriously and use a range of technical and organisational
measures to protect it from loss, misuse, unauthorised access, disclosure, alteration, or destruction.
These measures include:
• Access controls – only authorised staff can access personal data, with permissions based on
role and responsibility.
• Secure systems – encrypted servers for digital records, and secure locked storage for paper
files.
• Site and visitor security – Being an online school, there are no visitors to the main office.
• Staff responsibilities – all staff are subject to appropriate DBS checks, confidentiality
obligations, and mandatory training on data protection and information security, supported by
clear school policies.
• Secure communications – encrypted email and secure file-sharing platforms for external
transfers of information.
• Service providers – due diligence on third-party suppliers, data processing contracts, and the
use of secure systems for handling data.
• Risk management – Data Protection Impact Assessments (DPIAs) where required, to identify
and mitigate risks before new systems or processes are introduced.
• System resilience – regular data backups, timely security updates, and anti-virus/malware
protection across our IT systems.
These safeguards are designed to ensure that personal data is handled safely, securely, and in
compliance with the UK GDPR and Data Protection Act 2018.
3. How long we retain your data
We only keep personal information for as long as it is needed to fulfil operational purposes or to meet
our legal, contractual, accounting, reporting, or archiving obligations. Once the relevant retention
period has expired, data is securely deleted, shredded, or otherwise destroyed in a safe and
confidential manner.
For full details of how long different categories of information are retained, please see our Record Retention Schedule.
4. Overseas data transfers
All of our data is stored in the UK or the European Economic Area (EEA), however some of our teachers
may process personal data outside these areas. Where this occurs, we ensure that only minimal data
is transferred and that appropriate safeguards are in place, such as the use of UK International Data
Transfer Agreements or other recognised lawful transfer mechanisms. These safeguards ensure that
your personal information is protected and handled securely in accordance with UK data protection
laws.
5. Your data protection rights
Under the UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your
personal data:
• Right to be informed – to know how your personal data is collected, used and shared.
• Right of access – to request a copy of the personal data we hold about you.
• Right to rectification – to ask us to correct data that is inaccurate or incomplete.
• Right to erasure – to request deletion of your personal data in certain circumstances.
• Right to restrict processing – to limit how we use your personal data in certain circumstances.
• Right to object – to object to your data being processed for public interest tasks or direct marketing.
• Right to data portability – to request that your data is transferred to another organisation or provided to you, where applicable.
• Rights related to automated decision-making – to prevent decisions being made about you solely by automated means (including profiling).
• Right to complain – to raise a concern with the school if you are unhappy with how your data has been handled. If the issue remains unresolved, you have the right to escalate your complaint to the Information Commissioner’s Office (ICO) at www.ico.org.uk
6. Contact us
Exercising your rights
If you have any queries regarding this privacy notice, or want to exercise any of your data protection
rights, contact us at:
1000 Lakeside
North Harbour
Western Road
Portsmouth
PO6 3EZ
Proprietor@bolandcompanies.co.uk
You will not usually need to pay a fee, and we will respond within one calendar month. For more details
about your data protection rights, visit www.ico.gov.uk
Complaints
If you are unhappy with how your information has been managed and want to make a complaint, please
follow our Complaints Procedure. If you remain dissatisfied with the outcome of your complaint, you
can refer the matter to the Information Commission at www.ico.org.uk
Data Protection Officer
Our school’s Data Protection Officer is Firebird Data Protection Consultancy Limited, who oversee our data protection compliance. You can contact them directly at DPO@firebirdltd.co.uk
Changes to this notice
We may update this notice from time to time. The latest version will always be available on our website.
Last updated: March 2026