Using Your Personal Data

At Henry Chichele Primary School, we take the use of your personal data very seriously and following the introduction of the General Data Protection Regulation (2016) in May 2018, we have reviewed our Privacy Notices and the parental consent that we hold.

Our privacy notices can be found below. These will provide you with information about how we use your data under our legal obligations, how we store it, who we share it with and how long we retain the information for.

Parent and Carer's Privacy Notice

Pupils' Privacy Notice

About Data Protection

Data Protection governs how information about people, such as pupils and staff, is collected and used.

GDPR is about personal data.  This means data which relates to an individual who can be identified from that information.  It does not affect all the records the school holds because much of it will not contain personal data.

GDPR became law on 25 May 2018.  It had a number of changes from the previous Data Protection Act.  The main new feature of data protection under the GDPR is an accountability principle, meaning that the organisation does not only have to comply, but it has to be able to demonstrate that it complies.

The Information Commissioner’s Office (ICO) is the national regulator of data protection legislation.  If there is something that we are doing that is not quite as it should be, a complaint can be made to the ICO.

N.B. the ICO website is a key place to find further information on GDPR.  Here is the link.

Privacy Notices

Privacy Notices are what we use to explain to people why we collect information and what we are going to do with it, such as if we are going to share it with anyone else.

  • Privacy policy for pupils
  • Privacy policy for parents
  • Privacy policy for staff
  • Privacy policy for volunteers and governors

Data Protection Officer (DPO)

GDPR makes it a requirement for all public authorities (including schools) and large organisations to have a designated DPO.  Our DPO details are:

Name: Ruth Hawker, Plumsun Ltd

Address: 4 Pavilion Court, 600 Pavilion Drive, Northampton Business Park, Northampton, NN4 7SL


Phone Number: 08458622684

Procedures for individuals to exercise their rights

The GDPR gives individuals various rights around their data.  The main one is being able to request a copy of the information held about them, but it also gives them the right to do things like request that information is corrected (if inaccurate).


We have the following policies for GDPR:

  • Data Protection
  • Freedom of Information Policy
  • Records Retention Policy

Find these documents in our policies page.

Rights of Individuals

Individuals have the following rights:

  • Right of access (to receive copies of their personal data);
  • Right to rectification (correcting data if inaccurate);
  • Right to erasure (to request that data is deleted);
  • Right to restrict processing (to request you do not use their data in a certain way);
  • Right to data portability;
  • Right to object;
  • Right to have explained if there will be any automated decision-making, including profiling, based on the data and that they have the right to meaningful information about the logic behind this.