Privacy Notice & GDPR (General Data Protection Regulation)
You may be aware that on 25th May 2018, the EU introduced a new law called the General Data Protection Regulation, or GDPR. This new law has introduced significant enhancements to the old Data Privacy Directive. GDPR changes how we can use your personal data and keep it safe, and will also strengthen your rights over your own data.
The point of this is to make sure sensitive or private information about yourselves and your children stays safe. Whilst it is similar to the current Data Protection Act in many ways, there are a few differences, so we have made a few changes at the school in order to ensure we remain compliant.
One of these changes is that we have updated our privacy notice. A copy of this can be found below:
If you have any questions, concerns or would like more information about anything mentioned in this privacy notice, please contact our data protection officer:
The DPO Centre, 50 Liverpool Street, London, EC2M 7PY
Email: firstname.lastname@example.org Telephone: 0203 797 6340
Subject Access Requests
The General Data Protection Regulation, or GDPR, states that individuals have the right to ask organisations to confirm whether or not these organisations hold and process their Personal Data.
This Personal Data could include your name, identification number, contact details, bank details, race, gender, age, health status, email address, location, online identifier and the like.
Individuals also have the right to access their Personal Data. They may do this in order to challenge the accuracy of such data and to request rectification of any inaccurate data.
Please use the information and the form below if you wish to carry out a Subject Access Request. We require your details, and in some cases a form of identification in order to process your request. Acceptable forms of identification include passport and driving licence.
This information is only used to process your request and is not retained by the school.
There may be occasions where the identity of a subject is already known to us, so no form of ID is required.
In most cases we would not charge a fee to comply with a subject access request. However where the request is manifestly unfounded or excessive we may charge a “reasonable fee” for the administrative costs of complying with the request. We may also charge a reasonable fee if an individual requests further copies of their data following a request. You must base the fee on the administrative costs of providing further copies.
Once received we will act on the subject access request without undue delay and at the latest within one month of receipt. We will calculate the time limit from the day after the request has been received (whether the day after is a working day or not) until the corresponding calendar date in the next month.
Example An organisation receives a request on 3 September. The time limit will start from the next day (4 September). This gives the organisation until 4 October to comply with the request.
If this is not possible because the following month is shorter (and there is no corresponding calendar date), the date for response is the last day of the following month. If the corresponding date falls on a weekend or a public holiday, we have until the next working day to respond.