Privacy Policy

Jesus said, ‘I am the Good Shepherd… I know my sheep and my sheep know me.’ John 10.14

Thank you for your interest in this site’s privacy policy. This policy contains information about how we process your personal data and about your rights under the General Data Protection Regulation (GDPR) as it applies in the UK, tailored by the Data Protection Act 2018.

References below to ‘we’ or ‘us’ refer to the operator of this website, Bayford Church of England Voluntary Controlled Primary School and Nursery, and any agent appointed by us, but do not include the owner and operator of the hardware and associated operating system on which the site is hosted. Our website and this privacy policy are provided under English law.

We have worked hard to make sure that this site has been designed on the basis of our school vision and values: we value every visitor to our site and respect your right to privacy. We aim to do nothing behind your back or without your active consent.

Scope

The following privacy policy is valid only for this site: https://bayford.herts.sch.uk

For full information about our approach to data protection in the day to day life of the school you should follow the link below to read our full GDPR policy.

Short summary of the policy

  • By default, our web server processes your IP address. Processing your IP address is technically necessary to send our content to your client (i.e. computer, tablet, or phone).
  • By default, we do not log your personal data other than your IP address.
  • We do not track your browsing behaviour or anything else. We do not try to identify you. We do not collect statistics. We do not set any cookies beyond those which are strictly necessary to make the site function. We do not serve advertisements.
  • To find out more about your legal rights under GDPR please visit the web site of the Information Commissioner’s Office (ICO). The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Contact us

Bayford Church of England Voluntary Controlled Primary School and Nursery is a maintained school: it is funded through the local education authority by the Department for Education, but it is partly owned and controlled by the Church of England, through the Diocese of St Albans. The server on which this site is currently hosted is physically located in Germany. If you have any questions or concerns about this policy, please use the contact page on this site to send a message to us, or you can email or telephone us. You can email our Data Protection Officer directly using the button below.

Contents

Definitions

The GDPR includes a number of legal definitions. The most important definitions are:

‘Personal data’:

Personal data means information about a particular living individual. This might be anyone, including a customer, client, employee, partner, member, supporter, business contact, public official, or member of the public. It doesn’t need to be ‘private’ information – even information which is public knowledge or is about someone’s professional life can be personal data. It doesn’t cover truly anonymous information – but if you could still identify someone from the information, or by combining it with other information, it will still count as personal data.

‘Processing’:

Almost anything you do with data counts as processing; including collecting, recording, storing, using, analysing, combining, disclosing, or deleting it.

If we talk about ‘personal data’ in the following, we mean anything that can be used to identify you. Examples are your name, e-mail address, and IP address. When we talk about ‘processing personal data’ we mean any type of processing.

It may also be helpful to know something about cookies and local storage:

‘Cookies’:

Cookies are small text files which are sometimes placed on your computer when you visit a website. They are widely used in order to make websites work, or work more efficiently and securely, as well as to provide information to the operators of the site. They can also be used to target you with advertising as you move from site to site.

There are broadly two types of cookie: ‘persistent’ and ‘sessional’.

Sessional cookies are normally deleted automatically by your browser when you close it: they only remain during a single browsing session.

Persistent cookies are not deleted automatically, unless you have adjusted your browser to do so. They remain on your computer until they expire, which could be quite a long time (a year or more). Persistent cookies hold information which is passed back to servers and are widely used to track user behaviour.

Cookies of both kinds can be set by the website you are browsing, in which case they are ‘first party’ cookies; but they can also be set by other domains which are linked to the site you are browsing, for example through advertising or embedded content such as videos or social media feeds. These are ‘third party’ cookies and most modern browsers allow you to choose to block third-party cookies, which are often used for tracking.

Cookies are actually just one example of a much wider and rapidly developing area of the web, web storage (also known as DOM storage, where DOM stands for Document Object Model). Cookies can only hold a tiny amount of information, but other forms of web storage (which can also be sessional or persistent) allow for much more data to be stored on your computer (up to 1000 times more). When data is stored on your computer it is often called ‘local storage’.

You can manage web storage through your browser settings or through ‘extensions’ and ‘add-ons’ which are available to add to many browsers. Like cookies, web storage in general can be a positive thing, giving users real benefits, but there are also genuine concerns about things which are effectively happening behind your back and without any explanation or consent.

Embedded content

A few pages on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in exactly the same way as if the visitor had visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. To understand the privacy issues around embedded content, you should also consult the privacy policies of the content providers.

Embedded content may be included on this site from:

Cookies

This site does not set cookies to collect information about how visitors use our site. We do not carry advertising or directly or indirectly gather or share marketing information or any other data about site users. We believe that this policy is an expression of our vision and values as a school community.

The site may set sessional cookies which help our hosting server work efficiently, and help the site operate effectively. These cookies will be deleted from your computer when you close your browser. If you choose to block these cookies, the site may not work properly.

When you first visit this site you are informed about how we use, and mostly don’t use, cookies and are invited to consent to cookies being set only to make the site work properly and efficiently for you: we use a persistent cookie to record the fact that you have read the cookie statement (ironically it’s the only way we can do this at the moment!). If you delete this cookie (called cookieconsent_status) you will see the cookie banner appear every time you visit this site. If you do not delete it, the cookie will expire after 365 days and the banner will then re-appear.

Personal data we process

IP address and user agent

When you visit our website, your IP address and user-agent are automatically processed by our web server. We automatically get this data from your client (e.g. your web browser). Our web server needs your IP address to send our content back to your client. By default, we do not process any other personal data from you.

Email data

If you use any contact or other form on the site to send a message to us, the information you provide is not currently held in a database, but it is stored and retained through our email service in order for us to reply to you. Your data is not otherwise processed, analysed, added to a mailing list, or shared with any third party. If you decide to contact us, you agree that we and our email provider may process your personal data (e.g. name, e-mail address) to answer your request. We do not use your e-mail address for marketing purposes, advertising, or tracking. Bayford Primary School uses a Microsoft Exchange email service and Office 365, so emails which are sent to school addresses, and any messages sent from any contact or other form on this site, are or may be processed on behalf of the school by Microsoft. You can read about Microsoft’s approach to GDPR compliance by following this link.

Personal data third parties process for us

This site is hosted on servers provided by Contabo GmbH, Aschauer Straße 32a, 81549 München, and for a full understanding of responsibilities under the GDPR you should also consult their privacy policy here.

Web servers (and their associated processes such as firewalls) will record to a log file information about every particular client-side request. These log files are analysed to detect attack-like behaviour and to monitor and improve services. Log file entries will include at least the following personal data: your IP address and user-agent (browser), along with the resource requested and the time of the request. Both we and Contabo GmbH have a legitimate interest in retaining this information in order to detect and block attacks on the server and this site, and to improve our services. It is not straightforward to link these minimal details to any individual, and we would only attempt to do so if we believed a crime had been committed. For example, when we say ‘your IP address’, we log an IP address without knowing who is currently using it.

This site is also protected by a web application firewall which is provided for us by Defiant Inc. , 1700 Westlake Ave N Ste 200, Seattle, WA 98109 USA and you should consult their GDPR and privacy policy here. Defiant processes the following categories of information in connection with the firewall: visitor IP address, visitor proxy IP address, URL accessed, complete HTTP header, HTTP request body, and filename if malware detected. Both we and Defiant Inc. have a legitimate interest in retaining this information in order to detect and block attacks on this site. Defiant Inc. does not collect or otherwise process personally identifiable sensitive data as defined under the GDPR.

Bayford Primary School uses a Microsoft Exchange email service and Office 365, so emails which are sent to school addresses and any messages sent from the contact form on this site are or may be processed on behalf of the school by Microsoft. You can read about Microsoft’s approach to GDPR compliance by following this link.

Other than our contact form, online forms are not hosted on our webserver. The contact form simply sends your message to us by email and the form content is not stored in a separate database. Other forms accessed from this site by link are provided for us by Microsoft Forms, part of the Office 365 Family. Microsoft Forms data is stored on servers in the United States, with the exception of data for European-based tenants. The data for European-based tenants is stored on servers in Europe. You can find out more about Microsoft Forms, privacy and data protection by following this link.

This site links to two other organisations which process data for us, Arbor and ClassDojo. However, unless the links are followed and a parent or other user logs in to one of these sites, Arbor and ClassDojo will not process data or serve cookies to users of this site. In the interests of completeness you may access information about privacy and the GDPR compliance of each by following these links:

Click here to access information about Arbor and privacy.

Click here to access information about ClassDojo and privacy.

The login page is protected by Google reCAPTCHA v3 and for a full understanding of Google’s privacy policy as it concerns that service you should follow this link.

Your rights

Under the GDPR you have legal rights in respect of your personal data. Your rights include:

To find out more about your legal rights under GDPR please visit the web site of the Information Commissioner’s Office (ICO). The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Latest policy revision

We most recently updated this policy on 13th January, 2024.

This page was last updated on  13th January, 2024