Data Protection (GDPR)

Privacy Notices
Below are links to our privacy notices which explain the purposes for which personal data is collected and used, who we share data with, how long it is kept, and the legal basis for processing.

Please click the buttons below to read the policies. Paper copies of the policies on the website can be requested from the School Office free of charge.

Acceptable Personal Use of Resources & Assets

Curriculum Privacy Notice

Data Breach Policy

Data Handling Security Policy

Data Protection Policy

Ex-Students Privacy Notice

Freedom of Information Publication Scheme

GDPR Rights Guidance for Parents & Carers

Generative Artifical Intelligence Policy

Information Governance Strategy

Managing Employment Privacy Notice

Managing School Governors/Trustrees Privacy Notice

Managing Volunteers Privacy Notice

Marketing Activities

Privacy Notice

Privacy Notice - SEND

Records Management Policy

Security Measures

Statutory Request Policy

Subject Access Requests
Individuals have the right to access the personal data and supplementary information we hold about them. This allows them to be aware of and verify the lawfulness data processing. This right applies to everyone whose personal data our school holds, including staff, governors, volunteers, parents, carers and pupils.

Who deals with subject access requests?
The school’s Data Protection Officer (Anita Sparrow) will deal with all subject access requests received.

How we will respond to subject access requests?
On receiving a request, our Data Protection Officer will contact the individual via phone to confirm the request was made. We will then verify the identity of the person making a request using ‘reasonable means’. Generally, this means we will ask for two forms of identification.

In most cases, we will provide the information within 1 month, and free of charge. If the request is complex or numerous, we can comply within 3 months, but we will inform the individual of this within 1 month and explain why the extension is necessary.

If the request is made electronically, we will provide the information in a commonly used electronic format.

‘Unfounded or excessive’ requests
If the request is unfounded or excessive, we will either:
- Charge a reasonable fee for you to comply, based on the administrative cost of providing the information.
- Refuse to respond.
- Comply within 3 months, rather than the usual deadline of 1 month; however, we will always inform the individual of this and will explain why.
- Usually, ‘unfounded or excessive’ means that the request is repetitive, or asks for further copies of the same information.

Refusing a request
When we refuse a request, we will:
- respond within 1 month
- explain why we are refusing the request
- inform the individual that they have the right to complain to the Information Commissioner’s Office
- inform the individual of their right to seek to enforce the right of access through a judicial remedy

Subject Access Request Form

Breach Reporting
All complaints, suspected breaches/incidents should be reported to the School Data Protection Officer at anitasparrow@millfields.essex.sch.uk immediately.

This will enable us to investigate and respond to any data leakage incident involving personal data.

Data Protection (GDPR)

Inspired, Connected and Prepared to be Our Best

Compassion - Collaboration - Community - Respect - Resilience - Responsibility