Welcome to the Ecclesall Primary School Data Protection page. We take the privacy and security of our pupils, parents, and staff very seriously. This page explains how we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
What is UK GDPR?
The UK GDPR is the law that governs how we collect, use, and store your personal information. It is designed to give you more control over your data and ensures that organisations like schools act with transparency and accountability.
What data do we collect?
“Personal data” is any information that can identify a living person. For our school community, this includes:
- Pupils: Names, attendance records, progress reports, and medical information.
- Parents/Carers: Contact details and financial information for school meals/trips.
- Staff & Governors: Records required for employment and safeguarding.
Our Lawful Basis for Processing
Under UK GDPR, we must have a legal reason to use your data. As a school, we primarily rely on:
- Public Task: Most of our data processing is necessary to perform our official function as a school (providing education).
- Legal Obligation: For example, sharing data with the Department for Education (DfE).
- Consent: For optional things like using pupil photos in the local newspaper.
- Vital Interests: In rare emergencies to protect someone’s life.
How We Protect Your Data
We are committed to “Privacy by Design.” This means we:
- Minimise Data: We only collect what we absolutely need.
- Secure Storage: We use encrypted systems and locked physical storage.
- Retention: We only keep data as long as necessary, as outlined in our Retention Policy.
- Staff Training: All staff receive regular data protection training.
Your Rights
You have specific rights regarding your personal data:
- The right to be informed about how we use your data.
- The right of access (Subject Access Request).
- The right to rectification (fixing errors).
- The right to erasure (where applicable).
- The right to object to certain types of processing.
Reporting a Data Breach
If you suspect that personal data has been lost, stolen, or shared incorrectly, please notify the school immediately. We follow a strict 72-hour reporting window for the Information Commissioner’s Office (ICO).
- Joint Data Controllers: Mrs Emma Hardy (Headteacher) & Mr Raj Jahangir (Business Manager).
- Data Protection Officer (DPO): Mr Alex Miller (Governor).
Key Documents & Policies
- Acceptable Use Policy ICT – Pupils
- Acceptable Use Policy ICT – Staff
- AI Policy 2026 – EPS
- CCTV Policy 2025-26
- Data Breach Policy
- Data Protection Policy
- Data Retention Policy 2025-26
- Freedom of Information Policy
- GDPR Breach Notification – Blank Peak Edge
- ICT Password Policy
- Information Security Policy
- Privacy Notice – Governors and Volunteers
- Privacy Notice – Parents and Pupils
- Privacy Notice – Staff
Contact Us
If you have any questions about how we handle your data, please contact the School Office:
- Email: enquiries@ecclesall.sheffield.sch.uk
- Address: Ecclesall Primary School, High Storrs Road, Sheffield, S11 7LG
- Phone: 0114 2663137
- ICO Helpline: 0303 123 1113 | www.ico.org.uk