We have worked hard to make sure that this site has been designed on the basis of our school vision and values: we value every visitor to our site and respect your right to privacy. We aim to do nothing behind your back or without your active consent.
For full information about our approach to data protection in the day to day life of the school you should follow the link below to read our full GDPR policy.
Short summary of the policy
- By default, our web server processes your IP address. Processing your IP address is technically necessary to send our content to your client (i.e. computer, tablet, or phone).
- By default, we do not log your personal data.
- We do not track your browsing behaviour or anything else. We do not try to identify you. We do not collect statistics. We do not set any cookies beyond those which are strictly necessary to make the site function. We do not serve advertisements.
- To find out more about your legal rights under GDPR please visit the web site of the Information Commissioner’s Office (ICO). The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
Bayford Church of England Voluntary Controlled Primary School and Nursery is a maintained school: it is funded through the local education authority by the Department for Education, but it is partly owned and controlled by the Church of England, through the Diocese of St Albans. The server on which this site is currently hosted is physically located in Germany. If you have any questions or concerns about this policy, please use the contact page on this site to send a message to us, or you can email or telephone us. You can email our Data Protection Officer directly using the button below.
- Embedded content
- Personal data we process
- Personal data third parties process for us
- Your rights
- Latest policy revision
The GDPR includes a number of legal definitions. The most important definitions are:
Personal data means information about a particular living individual. This might be anyone, including a customer, client, employee, partner, member, supporter, business contact, public official, or member of the public. It doesn’t need to be ‘private’ information – even information which is public knowledge or is about someone’s professional life can be personal data. It doesn’t cover truly anonymous information – but if you could still identify someone from the information, or by combining it with other information, it will still count as personal data.
Almost anything you do with data counts as processing; including collecting, recording, storing, using, analysing, combining, disclosing, or deleting it.
If we talk about ‘personal data’ in the following, we mean anything that can be used to identify you. Examples are your name, e-mail address, and IP address. When we talk about ‘processing personal data’ we mean any type of processing.
It may also be helpful to know something about cookies and local storage:
Cookies are small text files which are sometimes placed on your computer when you visit a website. They are widely used in order to make websites work, or work more efficiently and securely, as well as to provide information to the operators of the site. They can also be used to target you with advertising as you move from site to site.
There are broadly two types of cookie: ‘persistent’ and ‘sessional’.
Sessional cookies are normally deleted automatically by your browser when you close it: they only remain during a single browsing session.
Persistent cookies are not deleted automatically, unless you have adjusted your browser to do so. They remain on your computer until they expire, which could be quite a long time (a year or more). Persistent cookies hold information which is passed back to servers and are widely used to track user behaviour.
Cookies of both kinds can be set by the website you are browsing, in which case they are ‘first party’ cookies; but they can also be set by other domains which are linked to the site you are browsing, for example through advertising or embedded content such as videos or social media feeds. These are ‘third party’ cookies and most modern browsers allow you to choose to block third-party cookies, which are often used for tracking.
Cookies are actually just one example of a much wider and rapidly developing area of the web, web storage (also known as DOM storage, where DOM stands for Document Object Model). Cookies can only hold a tiny amount of information, but other forms of web storage (which can also be sessional or persistent) allow for much more data to be stored on your computer (up to 1000 times more). When data is stored on your computer it is often called ‘local storage’.
You can manage web storage through your browser settings or through ‘extensions’ and ‘add-ons’ which are available to add to many browsers. Like cookies, web storage in general can be a positive thing, giving users real benefits, but there are also genuine concerns about things which are effectively happening behind your back and without any explanation or consent.
A few pages on this site may include embedded content (e.g. videos, images, articles, etc.), but currently only the home page does so. Embedded content from other websites behaves in exactly the same way as if the visitor had visited the other website.
Embedded content may be included on this site from:
This site does not set cookies to collect information about how visitors use our site. We do not carry advertising or directly or indirectly gather or share marketing information or any other data about site users. We believe that this policy is an expression of our vision and values as a school community.
The site may set sessional cookies which help our hosting server work efficiently, and help the site operate effectively. These cookies will be deleted from your computer when you close your browser. If you choose to block these cookies, the site may not work properly.
When you first visit this site you are informed about how we use, and mostly don’t use, cookies and are invited to consent to cookies being set only to make the site work properly and efficiently for you: we use a persistent cookie to record the fact that you have read the cookie statement (ironically it’s the only way we can do this at the moment!). If you delete this cookie (called cookieconsent_status) you will see the cookie banner appear every time you visit this site. If you do not delete it, the cookie will expire after 365 days and the banner will then re-appear.
Personal data we process
IP address and user agent
When you visit our website, your IP address and user-agent are automatically processed by our web server. We automatically get this data from your client (e.g. your web browser). Our web server needs your IP address to send our content back to your client. By default, we do not process any other personal data from you.
If you use any contact or other form on the site to send a message to us, the information you provide is not currently held in a database, but it is stored and retained through our email service in order for us to reply to you. Your data is not otherwise processed, analysed, added to a mailing list, or shared with any third party. If you decide to contact us, you agree that we and our email provider may process your personal data (e.g. name, e-mail address) to answer your request. We do not use your e-mail address for marketing purposes, advertising, or tracking. Bayford Primary School uses a Microsoft Exchange email service and Office 365, so emails which are sent to school addresses, and any messages sent from any contact or other form on this site, are or may be processed on behalf of the school by Microsoft. You can read about Microsoft’s approach to GDPR compliance by following this link.
Personal data third parties process for us
Web servers (and their associated processes such as firewalls) will record information about every particular client-side request to a log file. These log files are analysed to detect attack-like behaviour and to monitor and improve services. Log file entries will include at least the following personal data: your IP address and user-agent (browser), along with the resource requested and the time of the request. Both we and Contabo GmbH have a legitimate interest in retaining this information in order to detect and block attacks on the server and this site, and to improve our services. It is not straightforward to link these minimal details to any individual, and we would only attempt to do so if we believed a crime had been committed. For example, when we say ‘your IP address’, we log an IP address without knowing who is currently using it.
Bayford Primary School uses a Microsoft Exchange email service and Office 365, so emails which are sent to school addresses and any messages sent from the contact form on this site are or may be processed on behalf of the school by Microsoft. You can read about Microsoft’s approach to GDPR compliance by following this link.
Other than our contact form, online forms are not hosted on our webserver. The contact form simply sends your message to us by email and the form content is not stored in a separate database. Other forms accessed from this site by link are provided for us by Microsoft Forms, part of the Office 365 Family. Microsoft Forms data is stored on servers in the United States, with the exception of data for European-based tenants. The data for European-based tenants is stored on servers in Europe. You can find out more about Microsoft Forms, privacy and data protection by following this link.
Under the GDPR you have legal rights in respect of your personal data. Your rights include:
- The right to be informed if your personal data is being used
- The right to get copies of your data
- The right to get your data corrected
- The right to get your data deleted
- The right to limit how organisations use your data
- The right to get your personal data from an organisation in a way that is accessible
- The right to object to the use of your data
- The right to raise a concern
To find out more about your legal rights under GDPR please visit the web site of the Information Commissioner’s Office (ICO). The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
Latest policy revision
We most recently updated this policy on 19th November, 2022.
This page was last updated on 19th November 2022