The General Data Protection Regulation (GDPR) applies to personal data. Within our Academy we process data on pupils, parents, staff and academy Councillors. We follow the six data protection principles that require that personal data shall be:
- Processed fairly, lawfully and transparently.
- Obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose(s).
- Adequate, relevant and not excessive in relation to the purpose(s) for which it is processed.
- Accurate and, where necessary, kept up to date.
- Not kept for longer than is necessary for that purpose(s).
- Kept secure, i.e. protected by an appropriate degree of security.
The following are policies, procedures and other documents linked to data protection:Document Retention Policy
Parent Privacy Notice
Pupil Privacy Notice
Subject Access Request Policy