the school the school the school the school the school the school the school the school the school

Data Protection

The school collects, holds and uses information about individuals, particularly pupils and adults connected with the school. Under the Regulation (EU) 2016/679 (General Data Protection Regulation), data about living individuals is known as personal data. The regulation puts in place numerous safeguards for the use of data about individuals.

Under the GDPR, the data protection principles set out the main responsibilities for organisations: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/principles/

Cranwell Primary School has a statutory duty to comply with the requirements of the GDPR as it collects data about students and adults associated with the school for school business. The school is also required to produce a privacy notice explaining how information is collected and processed. A copy of the school’s privacy notice is available below.

Information about your rights under GDPR can be found on the Information Commissioner’s website.

All of the information we hold on individuals follows the six key principles:

  1. Fair, lawful and transparent
  2. Collected for specified, explicit and legitimate purposes
  3. Adequate, relevant and limited to what is necessary
  4. Accurate, and where necessary, kept up to date
  5. Kept in a form which permits identification for no longer than is necessary
  6. Processed in a manner that ensures appropriate security

Data Protection Officer (DPO) for the school is ARK ICT solutions - Joe Lee

Privacy notice how we use school workforce information

Privacy notice how we use pupil information

Subject access request form

General Data Protection Regulation letter to parents


saafamsisICT Logobookmark awardArts Council Gold Markactive mark 2007activemark 2008 outstanding ofsted