Data Protection
GDPR
The Ivory Federation aims to ensure that all personal data collected about staff, pupils, parents/carers, trustees, visitors and other individuals is collected, stored and processed in accordance with the Data Protection Act 2018 (DPA 2018) and the UK GDPR (2021).
Our policies and procedures meet the requirements of the GDPR and provisions of the DPA 2018. It is based on guidance published by the Information Commissioner’s Office (ICO).
You can find out more about how we are responding to this change in the law by reading our simple guide which you can download from the bottom of this page.
Data Protection Officer
We have appointed a Data Protection Officer (DPO). Their role is to help the school meet the demands of the new legislation by reviewing our procedures and policies, they will also answer any questions you may have or help you make a relevant enquiry to the school. Our school has contracted an external agency to fulfil the role of the DPO, we have done this to ensure that we are fully compliant and that any advice or guidance we receive from them is independent and impartial.You can contact our Data Protection Officer through the following:
Name : Illuminate Learning Ltd
E-mail : contact@illuminatelearning.org
Telephone : 01704 320507
You can find out more about the role of the DPO by downloading the following guide:
We want to keep you informed about what we do with your child’s data and the rights you have under the law. To help with this, we have produced a series of simple Fact-Sheets which provide information on a number of areas of data management. You can download copies as PDF’s by clicking the relevant link below :
Data Protection Policy
Everyone has rights with regard to the way in which their personal data is handled. During the course of the School’s activities it collects, stores and processes personal data about staff, pupils, their parents, suppliers and other third parties, and it is recognised that the correct and lawful treatment of this data will maintain confidence in the organisation and will provide for successful business operations. The policies below sets out the basis on which the School will process any personal data we collect from data subjects, or that is provided to us by data subjects or other sources.
Some Key Definitions
Personal Data | Any information relating to an identified, or identifiable, living individual. This may include the individual’s:
It may also include factors specific to the individual’s physical, physiological, genetic, mental, economic, cultural or social identity. _____________________________________________________________________________ |
Special Categories Of Personal Data | Personal data which is more sensitive and so needs more protection, including information about an individual’s: • Racial or ethnic origin identification purposes • Health – physical or mental _____________________________________________________________________________ |
Data Processing | Anything done to personal data, such as collecting, recording, organising, structuring, storing, adapting, altering, retrieving, using, disseminating, erasing or destroying. Processing can be automated or manual. _____________________________________________________________________________ |
Data Controller | The identified or identifiable individual whose personal data is held or processed. _____________________________________________________________________________ |
Data Protection Officer | A person whose role is to oversee data compliance, advise and recommend improvements and be the point of contact for data protection. The DPO has overall responsibility and oversight but does not carry out all duties personally. ______________________________________________________________________________ |
Data Protection Lead | A person in each school with responsibility, delegated by the DPO and Principal, for data protection compliance. Whilst the Data Protection Lead manages the day to day data protection compliance, the overall responsibility for the school remains with the Executive Headteacher. ______________________________________________________________________________ |
Data Breach | A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. ______________________________________________________________________________ |
Subject Access Requests | Under the Data Protection Act 2018 and UK GDPR legislation, individuals have a right to request access to information the school holds about them. This is known as a subject access request. Subject access requests may be submitted in any form, but The Ivory Federation and its entities will be able to respond to requests more quickly if they are made using the Subject Access Request Form provided online. Ivory Federation and its entities may not reveal information in response to subject access requests for a variety of reasons – these could include:
|
Key Contacts :
Our Data Protection Officer | The Information Commissioner’s Office |
Illuminate Education Services UK Ltd E : contact@illuminatelearning.org T : 08458621967 | Wycliffe House Water Lane, Cheshire SK9 5AF. Or via their website : www.ico.org.uk |