General Data Protection Regulation (GDPR)

Graveley School as a Data Controller ensures that all personal data of pupils, parents, staff, governors, visitors and other individuals is collected, stored and processed in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018).

We process data in order to: meet our statutory obligations as a maintained school and an employer; ensure we meet our duty of care to those on our premises; and provide additional services to pupils and parents which complement the curriculum of the school and enhance the broader education and opportunities of pupils.

  • We will share data where required in order to ensure our pupils and staff are safe, this will include with health; social care and the police as necessary.
  • We will share data, with consent, to support services provided by third parties under contract to us or by mutual agreement. This includes the provision of school meals; school trips and after school activities.

Our policy applies to all personal data, regardless of the format. Our Data Protection policy meets the requirements of the GDPR and the DPA 2018. It is based on guidance published by the Information Commissioner’s Office (ICO) on the GDPR and the ICO’s code of practice for subject access requests.

You have the following rights in respect of data we hold about you:

  • The right to access the information we hold about you.
  • Be informed about what information we hold about you and how we use it.
  • Correct any factual errors.
  • Object to us processing your data. However, our responsibilities may mean that we can’t stop processing.
  • Request that your data is deleted. However, again, we may be unable to delete your data if there’s a need for us to keep it. In this case, we’ll explain why we need to keep the data.
  • Ask us to stop using your data while we consider a request to have it corrected or deleted. There may be some circumstances where we can’t do that – we’ll explain if this is the case.
  • Request data we hold about you in a format that allows it to be transferred to another organisation (in certain circumstances).
  • Request that any decisions taken using automated processes are reviewed by a member of staff. You have the right to challenge those decisions.

If you have a concern about how we handle your data, our Data Protection Officer is Mrs E Dunnicliffe and she can be contacted at

If you remain unhappy about the way your data is handled you have the right to complain to the ICO

%d bloggers like this: