GDPR & Privacy Notices
Data Protection Management
Introduction
Our Trust is committed to a policy of protecting the rights and privacy of individuals (including students, staff and others) in accordance with UK GDPR, Data Protection Act 2018 and Data (Use and Access) Act 2025.
The Trust gathers and processes personal information about its staff, students, and other individuals to comply with obligations as a charitable company limited by guarantee that is responsible for academies. To comply with the law, information about individuals must be collected and used fairly, stored safely and securely and not disclosed to any third party unlawfully.
Any breach of the Data Protection Act 2018 or this Trust Data Protection Policy is considered to be an offence, and in that event relevant disciplinary procedures will apply. The contents of this policy are applicable to employees, trustees and governors, other agencies and providers working with the Trust, and who have access to personal information.
The Trust is the Data Controller and is responsible for setting the overarching policy and standards for Data Protection. The Trust see compliance with these obligations as the best method to ensure that personal information is dealt with lawfully and securely and in accordance with the UK GDPR and other related legislation.
It will apply to information regardless of the way it is used, recorded and stored and whether it is held in paper files or electronically. It applies to all data held in schools as part of the Multi-Academy Trust, though the responsibility for managing data rests with each school.
All schools within the trust process personal information about staff, pupils, parents and other individuals who come into contact with each academy as part of the usual day to day business of a school. The schools are required by law to collect and use certain types of information to comply with statutory obligations related to employment, education and safeguarding, and this policy is intended to ensure that personal information is dealt with properly and securely and in accordance with the UK General Data Protection Regulation (UK GDPR) and other legislation.
This procedure will be updated as necessary to reflect best practice, or amendments made to data protection legislation.
Each school within the Trust will comply with the Trust policies, procedures and notices.
For pupils and parents/carers
There is more detail in the 'My Rights' document and within the other policy and privacy notices on the website.
Pupil and family information gathering
On joining a school within the Trust, you will be asked to complete a form giving next of kin details, emergency contact and other essential information. You will also be asked to give consent for the use of that information for other in-Trust purposes, as set out on the data collection/consent form.
The contact and consent form will be reviewed on an annual basis. It is important to inform the school/Trust if details or your decision about consent changes.
This is managed by each individual school.
Subject Access Requests
As stated in our policy, every individual has a right of access, subject to some restrictions, to data that is held about them.
If you wish to make a subject access request it is important that the request is made directly to the school that holds your data.
There is more information about this process in the policy.
Concerns and complaints
If you feel that something has gone wrong, and you want to raise a complaint or concern it is important that you are able to do so. We encourage an informal discussion about the matter first. You can access details about how we manage such issues by reference to Appendix 1 of the Complaint Policy. This covers our specific complaint procedure for Data Protection and UK GDPR matters, though ultimately you have a right to refer to the Information Commissioners Office if you remain unsatisfied.
Data Protection Officer
Our Data Protection (DPO) is Mr John Walker, whose details are as follows:
| Address | The Brutus Centre, Station Road, Totnes, Devon, TQ9 5RW |
| info@phplaw.co.uk | |
| Telephone | 0300 303 4360 |
For any specific requests or queries relating to GDPR, please contact the individual schools in the first instance.
GDPR
All staff within The Harbour Schools Partnership Trust takes their GDPR and data protection obligations very seriously.
Please find below the relevant policies and helpful documents that will inform you on how data is managed and securely kept within our schools.
| Policies | |
| 1. | Cyber Security Data Protection |
| 2. | Data Protection |
| 3. | Freedom of Information Policy |
| 4. | Freedom of Information Publication Scheme |
| 5. | Online Safety |
| 6. | Records Management |
| 7. | CCTV (template policy - please see individual school's website) |
| Procedures/informative documents | |
| 8. | My Rights - a guide for a data subject |
| 9. | My Rights - query form |
| 10. | Data Protection Complaint Process Appendix |
| 11. | Personal Data Misuse Complaint Form |
| 12. | Staff - Acceptable Use of Personnel Devices |
| 13. | Subject Access Request Procedure |
| 14. | Subject Access Request - form |
| 15. | Withdrawal of Consent - Adult |
| 16. | Withdrawal of Consent - Pupil |
PRIVACY NOTICES
We are the Harbour Schools Partnership. We are a Multi-Academy Trust of 36 schools, for mixed pupils aged 2-16. The schools within out Trust are listed on our website here. Our main registered address is Woodwater Academy, Woodwater Lane, Exeter, EX2 5AW and our company number is 7821367.
We understand our moral and legal responsibility to respect your privacy and take care of any personal data we hold about you, in compliance with the data protection legislation. The privacy notices below explain what personal data we process, why, who we share it with, how we keep it secure and your rights.
We are the data controller for the personal data set out in the privacy notices. Our Data Protection Registration Number is Z2879577.
| Privacy Notices | |
| 17. | School workforce / Employees |
| 18. | School Visitors |
| 19. | Governors & Trustees |
| 20. | Pupils |
| 21. | School Trips |
| 22. | Job Applicants |
| 23. | Privacy Notice & data sharing (Post 16)- careers & destinations |
| 24. | Filtering & Monitoring |
| 25. | AI |
| 26. | Telephone recordings & meeting transcripts |