Data Protection Policy

This Policy is applicable to all (past and present)

Governors, staff, associates, volunteers and Student Teachers,
all pupils in the School, including those in an EYFS setting,
plus any other visitors, guests and hirers of the School’s facilities.

For the purposes of Data Protection, the Cheadle Hulme School is known as the “Data Controller” and the ICO registration number is Z6044788.   

For the ordinary running of the School, certain personal information about employees; volunteers and others who work on behalf of the School; current, former and prospective pupils; parents, carers or guardians (referred to as “parents”); as well as hirers of School facilities, other visitors, website browsers, neighbours, academic collaborators and the wider community who engage with the School; needs to be collected and used ("processed").  

The School will take the privacy of personal information very seriously and this Data Protection Policy will set out the School’s approach to complying with Data Protection Laws (Data Protection Act 2018/General Data Protection Regulation).  

The Chief Operating Officer will be the member of the Senior Leadership Team responsible for the protection of data, and conducting annual information audits to ensure that information processed remains adequate, relevant and is not excessive.  Day-to-day responsibility for data protection may be delegated to the Senior Operations Manager and any representative of the Privacy Team (or Information Governance and Management group) will be contactable on

Privacy notices

To be transparent about how the School collects personal information fairly and lawfully, Privacy Notices will be published which will identify the legal basis for processing personal information about:

  1. External School Community and Alumni
  2. Pupils (prospective and current)
  3. Parents (prospective and current)
  4. Staff (prospective and current)

The Privacy Notices will be clear about how information is to be collected; the specific purpose for collecting it; who it will be shared with; and the rights these individuals have when it comes to their personal information.

From time to time, the School may need to change what information is collected or who it is shared with, and so the Privacy Notices will be kept up-to-date on the School website and any substantial changes will be notified directly to individuals as far as is reasonably practicable.

Secure storage of personal information

The School will have appropriate organisational procedures and technical security measures in place to ensure data is kept safe and secure.  These will be outlined in the E-Security Plan, Record Retention and Storage Procedures and Campus Security Plan.

The School will conduct Privacy Impact Assessments to ensure personal information will be handled according to individual data protection rights and principles.

Retention of personal information

To make sure that personal information will be not kept for no longer than is necessary, the School will have a Records Management Policy with an associate Records Retention Procedure & Schedule.

Updating personal information

It is vital to the health and wellbeing of pupils and staff that the information gathered remains accurate and up to date, including preferred contact methods. Individuals will be asked to check at regular milestones that their information is still accurate, and clear guidance will be provided on how to contact the School to update information at any other time.

Accessing personal information

The Privacy Team will deal with all requests and enquiries concerning the School’s uses of personal data and the School will have a Subject Access Request procedure in place to respond to any such requests within the time-limits.

The School will respect individual rights to access, rectify, erase, restrict and move their personal information.  All Subject Access Requests must be made in writing and to help the School recognise a formal request and manage the response, individuals will be asked to submit through an online form.

Sharing personal information with other people

For the legitimate interests of running a School, the School will need to share some personal data with third parties, external agencies or statutory/governing bodies.  The School may also have to share certain information without consent if there is a clear and legitimate reason to do so to safeguard the vital interests of an individual.  The School will have a Data Sharing Statement to accompany Privacy Notices, which will give an outline of when sharing will be done, it will be in a way that complies with the law, is fair, transparent and in line with good practice.

Staff Training

Everyone who works for the School has a responsibility for ensuring data is collected, stored and handled appropriately.  Training will be provided to help staff understand these responsibilities.

Freedom of Information Requests

Cheadle Hulme School is not a public body and therefore not subject to Freedom of Information (FOI) requests, which is different to the Data Protection laws.  However, the School will still comply with obligations to publish certain information about activities proactively.  The School will be committed to transparency and openness and will respond to reasonable requests for information.  Any requests should be put in writing to 

Guidance on Privacy

The Information Commissioner’s Office regulates data protection and privacy matters in the UK. Individuals can make a complaint at any time about the way the School uses their information. However, the School will welcome any opportunity to maximising the quality of the personal information held, and will actively encourage individuals to consider raising any issue or complaint they have directly with the School first.

   SLT member responsible:

Chief Operating Officer

supported by the Senior Operations Manager

Date of Approval:

June 2018

Date Ratified by Governors:

July 2018

Proposed Review Date:

June 2021

   Policy Procedures:

Data Sharing Procedures

External Relations Privacy Notice

Mobile Working Procedures

Parent Privacy Notice

Pupil Privacy Notice

Staff Privacy Notice

Subject Access Request Procedures

Other Related Policies and Procedures:

Equality and Diversity Policy

Records Management Policy

Records Retention Procedures & Schedule

Campus Security Plan (sign in required)

CCTV Code of Practice (pending)

e-Security Procedures (sign in required)

To view previous versions of this policy please email us on