Data Protection, Privacy Notices & GDPR
Data Protection & Your Rights
At Ashleigh Primary School, we are committed to respecting your privacy and protecting the personal information we hold about our pupils, parents, staff, and visitors. We want you to be confident that your data is safe and to understand clearly how you can exercise your rights.
Your Rights
Under data protection law (UK GDPR), you have specific rights regarding the information we hold about you and your child:
-
The Right of Access (Subject Access Request): You have the right to ask for a copy of the personal information we hold about you or your child.
-
The Right to Rectification: If you think the data we hold is inaccurate or incomplete (e.g., an old phone number, wrong address, or misspelt name), you can ask us to correct it.
-
The Right to Erasure: In certain circumstances, you can ask us to delete your data (e.g., if we no longer need it). Note: We cannot delete data we are required to keep by law, such as attendance registers or safeguarding records.
-
The Right to Object: You can object to us processing your data if you feel it impacts your fundamental rights and freedoms.
How to make a request
You do not need to fill in a complicated legal form. If you wish to exercise any of these rights, simply contact us:
-
Email: office @ashleigh.blackburn.sch.uk (Please mark for the attention of the Headteacher)
-
Phone: 01254703171
-
In Person: Speak to the School Office.
-
Letter: Address your letter to the Headteacher, Mr. Ian Matthews.
How long does it take? We have one caledar month to respond to your request. In complex cases, we may need to extend this, but we will always keep you informed.
Our Privacy Notices
For full details on exactly what data we collect, why we need it, and who we share it with, please download our full Privacy Notices below:
-
📄Privacy Notice for Pupils & Parents
-
📄 Privacy Notice for Staff
-
📄 Privacy Notice for Governors & Volunteers
Questions or Concerns?
If you have any concerns about how we are handling your data, please talk to us first. We will do our best to resolve the issue.
We have also appointed a Data Protection Officer (DPO) to oversee our compliance. You can contact them directly at: Lee Gardiner [email protected]
If you remain unhappy, you have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk/complaints.
GDPR, General Data Protection Regulations
On May 25th 2018 additional rules, often called GDPR, came into force around the use and storage of data for all organisations across the UK.
Until now, the main legislation was the Data Protection Act 1998.
There are 8 principles to the Data Protection Act of 1998:
1. Personal information must be fairly and lawfully processed
2. Personal information must be processed for limited purposes
3. Personal information must be adequate, relevant and not excessive
4. Personal information must be accurate and up to date
5. Personal information must not be kept for longer than is necessary
6. Personal information must be processed in line with the data subjects' rights
7. Personal information must be secure
8. Personal information must not be transferred to other countries without adequate protection
The General Data Protection Regulations, GDPR, add to the previous Data Protection Act from 1998.
The Six Principles of GDPR
1. Processed fairly, lawfully and in a transparent manner
2. Used for specific, explicit and legitimate purposes
3. Used in a way that is adequate, relevant and limited
4. Accurate and kept up to date
5. Kept no longer than is necessary
6. Processed in a manner that ensures appropriate security of the data