Data Protection (GDPR)

Privacy Notices
Below are links to our privacy notices which explain the purposes for which personal data is collected and used, who we share data with, how long it is kept, and the legal basis for processing.

Please click the buttons below to read the policies. Paper copies of the policies on the website can be requested from the School Office free of charge.

Acceptable Personal Use of Resources & Assets 2023

Curriculum Privacy Notice 2023

Data Breach Policy 2023

Data Handling Security Policy 2023

Data Protection Policy 2023

Employment Privacy Notice 2023

Freedom of Information Publication Scheme 2023

Governors Privacy Notice 2023

Information Governance 2023

Lettings Privacy Notice 2023

Main Privacy Notice 2023

Privacy Notice Ex-Students 2023

Privacy Notice - SEND 2023

Records Management Policy 2023

Security Measures 2023

Statutory Request Policy 2023

Subject Access Requests
Individuals have the right to access the personal data and supplementary information we hold about them. This allows them to be aware of and verify the lawfulness data processing. This right applies to everyone whose personal data our school holds, including staff, governors, volunteers, parents, carers and pupils.

Who deals with subject access requests?
The school’s Data Protection Officer (Anita Sparrow) will deal with all subject access requests received.

How we will respond to subject access requests?
On receiving a request, our Data Protection Officer will contact the individual via phone to confirm the request was made. We will then verify the identity of the person making a request using ‘reasonable means’. Generally, this means we will ask for two forms of identification.

In most cases, we will provide the information within 1 month, and free of charge. If the request is complex or numerous, we can comply within 3 months, but we will inform the individual of this within 1 month and explain why the extension is necessary.

If the request is made electronically, we will provide the information in a commonly used electronic format.

‘Unfounded or excessive’ requests
If the request is unfounded or excessive, we will either:

Charge a reasonable fee for you to comply, based on the administrative cost of providing the information.
Refuse to respond.
Comply within 3 months, rather than the usual deadline of 1 month; however, we will always inform the individual of this and will explain why.
Usually, ‘unfounded or excessive’ means that the request is repetitive, or asks for further copies of the same information.

Refusing a request
When we refuse a request, we will:

respond within 1 month
explain why we are refusing the request
inform the individual that they have the right to complain to the Information Commissioner’s Office
inform the individual of their right to seek to enforce the right of access through a judicial remedy

Subject Access Request Form

Breach Reporting
All complaints, suspected breaches/incidents should be reported to the School Data Protection Officer at anitasparrow@millfields.essex.sch.uk immediately.

This will enable us to investigate and respond to any data leakage incident involving personal data.

Data Protection (GDPR)

Inspired, Connected and Prepared to be Our Best

Compassion - Collaboration - Community - Respect - Resilience - Responsibility