Our Data Protection Policies

Click the links below for our updated policies regarding data protection.

How we process our data

We comply with the Data protection Act of 1996 and the General Data Protection Regulations 2017 (GDPR). The GDPR enhances your rights to how your data is collected and used. To see how data is used in our school please click the link below.

Subject Access Request form

General Data Protection Regulation (2016/679 EU)

The General Data Protection Regulation (GDPR) allows individuals to access information from organisations that process their personal data. The process for obtaining this information is known as a subject access request (sometimes referred to as a SAR or DSAR).

Individuals can make a subject access request through any format. However, we have provided a form to assist individuals with making a request and to streamline the process for responding to a subject access request. Organisations have a positive obligation to facilitate data subject rights under the GDPR, including an individual’s right to access his or her personal data.

Organisations are not required to comply with a subject access request if they cannot identify the individual. We may therefore need to verify the individual’s identity to ensure that personal data is not inadvertently disclosed to a third party. As a result, we may need to ask for identification to check that a request is from a particular individual.

Under the GDPR, the time limit for responding to a subject access request is one month from the date of receipt. However, if a request is complex, the employer can extend the time period for response by a further two months.