Bushmead Primary School
Contact Us Contact Us
Lunch Menu Lunch Menu
School Payment School Payment
Prospectus Prospectus
Attendance Attendance
Bushmead TV Bushmead TV
You may be aware that from May 2018, the rules around data protection changed. The ‘General Data Protection Regulation’ (GDPR) changed how we can use personal data relating to you and your child and keep it safe. It will also strengthen your rights over this personal data.
The point of this is to make sure sensitive or private information about you and your child stays safe. Whilst it is similar to the current Data Protection Act in many ways, there are a few differences, so we have made a few changes at school in order to ensure we remain compliant.
This area of our website informs you about the implementation of The General Data Protection Regulations.
How we process, use and store personal data
Data protection
This policy is intended to ensure the safety and security of any material of a personal or sensitive nature we collect and store.
In accordance with the Data Protection Act 1998, it is our duty to advise parents and carers of pupils attending our school about the information we collect relating to their child, in both paper and electronic formats.
Our privacy notice provides you with this information.
Freedom of information
Freedom of information: publication scheme
All public authorities, including schools, are required under the Freedom of Information Act to adopt a publication scheme that has been approved by the Information Commissioner.
There is currently one approved model publication scheme, which has been produced by the Information Commissioner’s Office (ICO).
Schools must adopt the ICO’s model scheme and make it publicly available.
Published guide to information
Schools should publish a guide to information alongside the publication scheme.
The guide should specify:
What are subject access requests?
Individuals have the right to access the personal data and supplementary information we hold about them. This allows them to be aware of, and verify the lawfulness of, you processing this data.
This right applies to everyone whose personal data our school holds, including staff, governors, volunteers, parents, carers and pupils.
The law
Under the General Data Protection Regulation (GDPR), we:
Subject Access Requests
Who deals with subject access requests?
The school’s Data Protection Officer will deal with all subject access requests received. This is based on advice from the Information Commissioner’s Office’s guidance.
How we will respond to subject access requests
On receiving a request, our Data Protection Officer will contact the individual via phone to confirm the request was made. We will then verify the identity of the person making a request using ‘reasonable means’. Generally, this means we will ask for two forms of identification.
In most cases, we will provide the information within 1 month, and free of change. If the request is complex or numerous, we can comply within 3 months, but we will inform the individual of this within 1 month and explain why the extension is necessary.
If the request is made electronically, we will provide the information in a commonly used electronic format.
We recognise that school holidays are counted in the response time and if we receive a request in the school holidays, we will still respond within the same time frame.
‘Unfounded or excessive’ requests
If the request is unfounded or excessive, we will either:
Usually, ‘unfounded or excessive’ means that the request is repetitive, or asks for further copies of the same information.
Refusing a request
When we refuse a request, we will: