Data Protection

Personal data: your rights

All schools need to handle confidential information about individual people, and at Bayford we work hard to do so in accordance with both our school vision and values and with the law. This page gives outline information about how we process your personal data, and about your rights under the General Data Protection Regulation (GDPR) as it applies in the UK, tailored by the Data Protection Act 2018. For full information you should read our current Data Protection Policy, which you can download using the link below.

To find out more about all your legal rights under GDPR please visit the web site of the Information Commissioner’s Office (ICO). The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

To make sure that we work as transparently as possible, we provide information about processing personal data in a privacy notice which sets out important information about what we do with personal data. You can download below a copy of any of the four notices we provide to different groups of people within our school community.

Data we hold and process

The type of information that we may be required to hold and process includes details of job applicants, current, past, and prospective employees, volunteers, pupils, parents, carers and other members of pupils’ families, governors, suppliers, and any other individuals with whom we communicate. In some cases the information we hold may be particularly confidential and sensitive and we recognise that the law states that this type of data needs even more protection. The information, which may be held on paper or on a computer or other media, is subject to legal safeguards specified in the GDPR and other legislation. The GDPR imposes restrictions on how we may use that information and we recognise that we need to treat it in an appropriate and lawful manner.

We will ensure that the personal data which is collected is adequate to enable us to perform our functions and that the information is relevant and limited to what is strictly necessary.

We implement measures to ensure that personal data is processed on a ‘need to know’ basis. This means that only members of staff or governors who need to know personal data about someone will be given access to it, and no one will have access to more information than is necessary for any relevant purpose.

Data Protection Officer

The Data Protection Officer (DPO) is responsible for ensuring the school is compliant with the GDPR and with our own policy. This role is currently held by Fiona Smith, a member of the governing body. The DPO reports directly to the highest management level in the school, the governing body. Any questions or concerns about the operation of this policy in general, or about your own personal data, or about data security, should be referred in the first instance to the DPO, rather than a member of staff. You can contact the DPO via the school, if you write a letter, or you can email the DPO directly using the button below.


Fiona Smith, Data Protection Officer

Your right of access to your data

You have a right of access to your own personal data. If you think we may hold information about you, you can ask us to provide you with a copy of everything we hold. Please make your request in writing. We will not charge you for providing the information, and we will reply to you, with a copy of any data we hold, within one calendar month of the day on which we receive your written request.

Parental requests for educational records are covered by different regulations, and do not need to follow the GDPR procedure. Under the Education (Pupil Information) (England) Regulations 2005, parents can ask us at any time for a copy of their child’s educational records. In this case we will provide a copy within 15 school days, subject to any exemptions or court orders which may apply. The Regulations allow us to charge a fee for providing a copy of the educational record, depending on the number of pages, but we may waive the fee.

Privacy and this website

This website is owned and operated by Bayford School and is covered by the GDPR and our own data protection policy. You can find out more about our approach to data protection in connection with the site by reading the site’s privacy policy page. The page gives details about our, very limited, use of cookies; about material hosted by third parties which may be embedded on some of our site’s pages (typically only videos); and about where and by whom the site is physically hosted. If you have any technical questions about the website, please contact our webmaster using the link below. Any more general GDPR questions should be referred to the DPO.

This page was last updated on 9th June 2022