GDPR - General Data Protection Regulation

General Data Protection Regulation

GDPR - This GDPR Statement explains how we collect, use, store, and protect personal data within our educational institution. We are committed to safeguarding the privacy and rights of our students, parents/guardians, staff, and all individuals whose information we process. All personal data is handled in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (or EU GDPR, depending on your region).

1. Data We Collect
We may collect and process the following categories of personal data:

  • Student information: name, date of birth, contact details, unique learner numbers, assessment records, attendance data, safeguarding records.
  • Parent/guardian information: names, contact information, relationship to student.
  • Staff information: employment records, qualifications, performance, payroll information.
  • Learning and performance data: coursework, assessments, grades, feedback.
  • Technical data: IP addresses, device information, usage logs for online learning platforms.
  • Special categories of data (where necessary): health information, disabilities, support needs, ethnicity, or other data required for statutory reporting or safeguarding.

2. Purpose of Data Processing
We process personal data to support our educational activities and legal obligations, including:

  • Delivering teaching, learning, and pastoral support
  • Monitoring progress and providing feedback
  • Ensuring student welfare and safeguarding
  • Communicating with parents and guardians
  • Managing admissions, enrolments, and timetables
  • Meeting statutory obligations (e.g., reporting to the Department for Education or Ofsted/other regulators)
  • Administering examinations, assessments, and certification
  • Supporting online and remote learning
  • Managing staff employment and payroll

3. Lawful Bases for Processing
We rely on the following lawful bases under GDPR:

  • Public Task: processing required to perform our official educational duties
  • Legal Obligation: compliance with the law (e.g., safeguarding, reporting requirements)
  • Contract: for staff employment contracts or service agreements
  • Consent: for activities requiring permission (e.g., photography, marketing)
  • Vital Interests: where necessary to protect someone’s life

Special categories of data are processed only where permitted by law and when strictly necessary.

4. Data Sharing
We may share personal data with:

  • Education regulators and government bodies
  • Examination and awarding organisations
  • Local authorities and safeguarding partners
  • IT service providers and learning platform operators
  • External service providers supporting educational delivery
  • Healthcare professionals or support agencies (where relevant)

We never sell personal data and ensure all third parties comply with GDPR requirements.

5. Data Retention
Personal data is retained only for as long as necessary in accordance with legal and regulatory guidelines. Retention periods vary by data type (e.g., safeguarding, academic records, employment information).

6. Data Security
We use appropriate technical and organisational measures to protect data, including:

  • Secure digital storage and encrypted systems
  • Access controls and staff training
  • Regular audits, monitoring, and compliance checks
  • Secure transfer and disposal of data

7. Rights of Data Subjects
Individuals have the following rights under GDPR:

  • Right of access (Subject Access Request)
  • Right to rectification
  • Right to erasure (where applicable)
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision-making and profiling

Requests can be submitted to our Data Protection Officer.

8. Contact Information
For questions about this GDPR Statement or to submit a data request, please contact:

Information icon

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.