Data Protection (GDPR)
Below are links to our privacy notices which explain the purposes for which personal data is collected and used, who we share data with, how long it is kept, and the legal basis for processing.
Subject Access Requests
Individuals have the right to access the personal data and supplementary information we hold about them. This allows them to be aware of and verify the lawfulness data processing. This right applies to everyone whose personal data our school holds, including staff, governors, volunteers, parents, carers and pupils.
Who deals with subject access requests?
The school’s Data Protection Officer will deal with all subject access requests received.
How we will respond to subject access requests?
On receiving a request, our Data Protection Officer will contact the individual via phone to confirm the request was made. We will then verify the identity of the person making a request using ‘reasonable means’. Generally, this means we will ask for two forms of identification.
In most cases, we will provide the information within 1 month, and free of charge. If the request is complex or numerous, we can comply within 3 months, but we will inform the individual of this within 1 month and explain why the extension is necessary.
If the request is made electronically, we will provide the information in a commonly used electronic format.
‘Unfounded or excessive’ requests
If the request is unfounded or excessive, we will either:
All complaints, suspected breaches/incidents should be reported to the School Data Protection Officer – Darrin Keeble immediately.
This will enable us to investigate and respond to any data leakage incident involving personal data.