General Data Protection Regulations
All data held by the school is compliant with the Data Protection Act of 2018.
The UK GDPR (UK General Data Protection Regulation) increases the importance of data protection and emphasises accountability. As a school we employ a ‘privacy by design’ approach – thinking about how we use and manage data securely in everything we do. The emphasis on accountability means that as a school we have increased the amount of documentation we use to record procedures and issues.
All personal data, electronic and paper copies, are stored on our secure server or in locked cabinets in locked rooms with access restricted on a 'need to know' basis.
The Information Commissioners Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
We do not store or process any biometric data.
UK GDPR provides the following rights for individuals:
The "Right of access" allows you to make a subject access request regarding the information the school holds about parents, pupils and staff. Please click above for further details.
If you click here you can visit the ICO’s GDPR website to read in depth information about all aspects of GDPR.
There are 6 key principles to the GDPR that the school is accountable for:
- There must be a lawful reason for collecting personal data and it must be done in a fair and transparent way.
- Data must only be used for the reason it is initially obtained.
- No more data than is necessary should be collected.
- Data has to be accurate and there must be mechanisms in place to keep it up to date.
- Data should not be retained for longer than is necessary.
- The protection of personal data must be upheld.
Coombe Road Primary School has developed a comprehensive GDPR Data Protection Policy for all staff working in our school. All staff are trained annually and sign to agree full compliance. Our Data Manager is Mr Scrase.
Data Protection Education Ltd is the Data Protection Officer (DPO) on behalf of Coombe Road Primary School. Their role is to oversee and monitor our school’s data protection procedures, and to ensure they are compliant with the UK GDPR. The data protection officer can be contacted on 0800 0862018 or via email at firstname.lastname@example.org.
This is a list of the data processors used by the school with links to their GDPR compliance policies/statements.
- CPOMS (Online pupil behaviour and child protection records)
- EVOLVE (Online portal to record details of Educational Visits made by pupils)
- ParentPay (Online payment account for school meals, after-school clubs and educational visits/visitors)
- Purple Mash (Online portal to access teaching and learning resources for Computing)
- Arbor (Management Information System)
- Target Tracker (Individual pupil assessment information)
- Times Table Rockstars and Numbots (Digital maths resources with individual pupil logins)
- Webanywhere (Website provider)
Coombe Road Primary School takes Online Safety extremely seriously. We use the 360˚Safe e-safety self-review tool to ensure our e-safety compliance is at the forefront of national and European recommendations and regulations.
General Privacy Notice
The Brighton and Hove City Council Privacy Notice can be accessed using this link. You can access our General Privacy Notice below:
Pupil Data Privacy Notice
You can access our Pupil Data Privacy below:
Workforce Data Privacy Notice
You can access our Workforce Data Privacy below:
Data Protection Policy
You can access our Data Protection Policy below:
Freedom of Information Policy
You can access our Freedom of Information Policy below:
Freedom of Information Scheme of Publication
You can access our Freedom of Information Scheme of Publication below:
Records Management Policy
You can access our Records Management Policy below: