Church of England

Tel: 01905 746800

General Data Protection Regulation (GDPR) and Privacy Notices

General Data Protection Regulation

The General Data Protection Regulation ("GDPR") is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

The GDPR forms part of the data protection regime in the UK, together with the new Data Protection Act 2018 (DPA 2018). The main provisions of this applied, like the GDPR, from 25 May 2018.

The purpose of a Privacy Notice

Providing accessible information to individuals about the use of personal information (data) is a key element of General Data Protection Regulation (GDPR) and sets a legal framework with which education settings and local authorities must comply.

All education settings and local authorities are data controllers and data processors in their own right and, as such, they have a duty to inform pupils, staff and parents how they process the data that is within their control.

  • Data controller - The organisation who (either alone or in common with other people) determine the purpose for which, and the manner in which data are processed.
  • Data Processor - A person or organisation who process data on behalf of and on the orders of a controller.

For the purposes of data protection legislation, the terms 'process', 'processed' or 'processing' apply to any activity involving the personal data, such as:

  • collecting
  • storing
  • sharing
  • destroying

Please note: this list is not exhaustive

We have provided this information through our various privacy notices for students, parents, staff and other people who may need to contact the school.

Subject Access Requests

Individuals have the right to request access to the information we hold about them.

If you want to make a subject access request, please download and complete the Subject Access Request Form.

Please email the completed Subject Access Request Form to the Data Protection Officer at:

As part of our GDPR obligations we will:

Provide the information free of charge, where possible. Printing may incur a small charge.
Comply within 1 month of the request.
Provide the information in a commonly used electronic format.

We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. You can find out more and set your own preferences here.