Our school aims to ensure that all personal data collected about staff, pupils, parents, governors, visitors and other individuals is collected, stored and processed in accordance with UK data protection law. We believe that respecting privacy and handling data with care is fundamental to nurturing trust within our community and supporting the wellbeing of all young people in our care.
This policy applies to all personal data, regardless of whether it is in paper or electronic format.
This policy meets the requirements of the:
It is based on guidance published by the Information Commissioner’s Office (ICO) on the UK GDPR.
It also reflects the ICO’s guidance for the use of surveillance cameras and personal information, and incorporates updated regulatory guidance as of March 2025.
Personal data
Any information relating to an identified, or identifiable, living individual.
This may include the individual’s:
It may also include factors specific to the individual’s physical, physiological, genetic, mental, economic, cultural or social identity.
Special categories of personal data
Personal data, which is more sensitive and so needs more protection, including information about an individual’s:
Processing
Anything done to personal data, such as collecting, recording, organising, structuring, storing, adapting, altering, retrieving, using, disseminating, erasing or destroying.
Processing can be automated or manual.
Data subject
The identified or identifiable individual whose personal data is held or processed.
Data controller
A person or organisation that determines the purposes and the means of processing of personal data.
Data processor
A person or other body, other than an employee of the data controller, who processes personal data on behalf of the data controller.
Personal data breach
A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
Our school processes personal data relating to parents, pupils, staff, governors, visitors and others, and therefore is a data controller.
The school is registered with the ICO and has paid its data protection fee to the ICO, as legally required. Registration Number ZA931079
This policy applies to all staff employed by our school, and to external organisations or individuals working on our behalf. Staff who do not comply with this policy may face disciplinary action.
5.1 Trustee board
5.2 Data protection officer
5.3 Head of school
5.4 All staff
Want to refer a young person to our services? We welcome enquiries from education professionals, parents, carers and local authorities about 11-18 years olds who might benefit from our personalised approach to learning and development.
