Data Protection Policy
This Policy is applicable to all (past and present)
Governors, staff, associates, volunteers and Student Teachers,
For the purposes of Data Protection, the Cheadle Hulme School is known as the “Data Controller” and the ICO registration number is Z6044788.
For the ordinary running of the School, certain personal information about employees; volunteers and others who work on behalf of the School; current, former and prospective pupils; parents, carers or guardians (referred to as “parents”); as well as hirers of School facilities, other visitors, website browsers, neighbours, academic collaborators and the wider community who engage with the School; needs to be collected and used ("processed").
The School will take the privacy of personal information very seriously and this Data Protection Policy will set out the School’s approach to complying with Data Protection Laws (Data Protection Act 2018/General Data Protection Regulation).
The Chief Operating Officer will be the member of the Senior Leadership Team responsible for the protection of data, and conducting annual information audits to ensure that information processed remains adequate, relevant and is not excessive. Day-to-day responsibility for data protection may be delegated to the Senior Operations Manager and any representative of the Privacy Team (or Information Governance and Management group) will be contactable on email@example.com.
To be transparent about how the School collects personal information fairly and lawfully, Privacy Notices will be published which will identify the legal basis for processing personal information about:
The Privacy Notices will be clear about how information is to be collected; the specific purpose for collecting it; who it will be shared with; and the rights these individuals have when it comes to their personal information.
From time to time, the School may need to change what information is collected or who it is shared with, and so the Privacy Notices will be kept up-to-date on the School website and any substantial changes will be notified directly to individuals as far as is reasonably practicable.
Secure storage of personal information
The School will have appropriate organisational procedures and technical security measures in place to ensure data is kept safe and secure. These will be outlined in the E-Security Plan, Record Retention and Storage Procedures and Campus Security Plan.
The School will conduct Privacy Impact Assessments to ensure personal information will be handled according to individual data protection rights and principles.
Retention of personal information
To make sure that personal information will be not kept for no longer than is necessary, the School will have a Records Management Policy with an associate Records Retention Procedure & Schedule.
Updating personal information
It is vital to the health and wellbeing of pupils and staff that the information gathered remains accurate and up to date, including preferred contact methods. Individuals will be asked to check at regular milestones that their information is still accurate, and clear guidance will be provided on how to contact the School to update information at any other time.
Accessing personal information
The Privacy Team will deal with all requests and enquiries concerning the School’s uses of personal data and the School will have a Subject Access Request procedure in place to respond to any such requests within the time-limits.
The School will respect individual rights to access, rectify, erase, restrict and move their personal information. All Subject Access Requests must be made in writing and to help the School recognise a formal request and manage the response, individuals will be asked to submit through an online form.
Sharing personal information with other people
For the legitimate interests of running a School, the School will need to share some personal data with third parties, external agencies or statutory/governing bodies. The School may also have to share certain information without consent if there is a clear and legitimate reason to do so to safeguard the vital interests of an individual. The School will have a Data Sharing Statement to accompany Privacy Notices, which will give an outline of when sharing will be done, it will be in a way that complies with the law, is fair, transparent and in line with good practice.
Everyone who works for the School has a responsibility for ensuring data is collected, stored and handled appropriately. Training will be provided to help staff understand these responsibilities.
Freedom of Information Requests
Cheadle Hulme School is not a public body and therefore not subject to Freedom of Information (FOI) requests, which is different to the Data Protection laws. However, the School will still comply with obligations to publish certain information about activities proactively. The School will be committed to transparency and openness and will respond to reasonable requests for information. Any requests should be put in writing to firstname.lastname@example.org.
Guidance on Privacy
The Information Commissioner’s Office regulates data protection and privacy matters in the UK. Individuals can make a complaint at any time about the way the School uses their information. However, the School will welcome any opportunity to maximising the quality of the personal information held, and will actively encourage individuals to consider raising any issue or complaint they have directly with the School first.
SLT member responsible:
Chief Operating Officer
supported by the Senior Operations Manager
Date of Approval:
Date Ratified by Governors:
Proposed Review Date:
Other Related Policies and Procedures:
Campus Security Plan (sign in required)
CCTV Code of Practice (pending)
e-Security Procedures (sign in required)
To view previous versions of this policy please email us on email@example.com