Data Protection Policy

Date first adopted:
How often to be reviewed:Bi-Annually
Reviewed6TH NOVEMBER, 2013
Reviewed10th February, 2016
ReviewedMay, 2018

Statement of Data Protection Policy

This is a statement of data protection policy adopted by The Purbeck School.

The School recognises that in order to operate efficiently, it needs to collect, use and share personal data (more commonly referred to as personal information) as defined by the Data Protection Act 1998.  It also recognises that must take place in accordance with the Act.

The School regards the lawful and correct treatment of personal information as very important to its successful operation, and recognises the need to maintain confidence between those with whom it deals and the School.  It also recognises the need to ensure that it treats personal information lawfully and correctly.

What is Personal Information/ data?

Personal information or data is information which relates to a living individual who can be identified from that data, or from that data in addition to other information available to them.  Personal data includes (but is not limited to) an individual’s, name, address, date of birth, photograph, bank details and other information that identifies them.

What is Sensitive Personal Data?

Sensitive personal data includes information as to an individual’s racial or ethnic origin, their political opinions, religious beliefs or beliefs of a similar nature, whether they are a member of a trade union, their physical or mental health or condition, sexual life, the commission or alleged commission of an offence and any proceedings for an offence committed or alleged to have been committed by them, the disposal of those proceedings or the sentence of any court in such proceedings.

Data Protection Principles

The School fully endorses the Data Protection Principles as detailed in Schedule 1 of the Act.

Specifically, the Principles require that personal information will:

1. be processed fairly and lawfully:

2. only used for specified and lawful purposes and shall not be used in any manner incompatible with those purpose

3. be adequate, relevant and not excessive;

4. be accurate and, where necessary, kept up to date;

5. not be kept any longer than is necessary;;

6. be used in accordance with the rights of the individuals to whom it relates;

7. be protected against unauthorised use, theft, accidental loss, destruction or damage by the use of appropriate technical and organisational measures;

8. not be transferred to a country or territory which does not have an adequate level of legal protection for the rights of individuals in relation to the processing of their personal data.

Therefore, the School will, through appropriate management, and strict application of criteria and controls:

  • fully observe conditions regarding the fair collection and use of information;
  • meet its legal obligations to specify the purposes for which information is used;
  • collect and use appropriate information, and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements;
  • ensure the quality of information used;
  • apply strict checks to determine the length of time information is held;
  • ensure that the rights of people about whom information is held can be fully exercised under the Act. (These include: the right to be informed that processing is being undertaken: the right of access to one’s personal information; the right to prevent processing in certain circumstances; the right to correct rectify, block or erase information which is regarded as wrong information.);
  • take appropriate technical and organisational security measures to safeguard personal information;
  • ensure that personal information is not transferred abroad without suitable safeguards.

Management of Personal Information

In addition, the School will ensure that:

  • we meet our legal obligations as required by the General Data Protection Regulation (GDPR)
  • there is someone with specific responsibility for data protection in the organisation. (Currently, the Nominated Person is the Data Protection Officer, J Bruton);
  • everyone managing and handling personal information understands that they are contractually responsible for following good data protection practice;
  • everyone managing and handling personal information is appropriately trained to do so;
  • everyone managing and handling personal information is appropriately supervised;
  • where necessary additional security measures are applied to protect sensitive personal data;
  • anybody wanting to make enquiries about the use and protection personal information knows how to do so;
  • queries about handling personal information are promptly and courteously dealt with;
  • the way personal information is managed is kept under review;
  • performance with handling personal information is regularly assessed and evaluated.

Access to personal information;

Under the provisions of the Act, individuals have a general right of access to personal information which relates to them, although there are some exemptions to this right. In certain circumstances, this right may be exercised by parents (or those with parental responsibility) on behalf of the pupil.

The school may impose a charge up to the maximum permitted by law and must comply with any such request within the statutory time limit. Both of these will be governed by the associated data protection regulations in force at the time of the request.

Complaints about the school’s use of personal information:

In the first instance, all complaints relating to the collection, use and sharing of personal information should be referred to the school’s complaints process. If after exhausting this process you remain dissatisfied, you can refer your complaint to the Information Commissioner at:

Wycliffe House
Water Lane

Telephone helpline – 0303 123 1113