General Data Protection Regulations
All data held by the school is compliant with the Data Protection Act of 2018.
The UK GDPR (UK General Data Protection Regulation) increases the importance of data protection and emphasises accountability. As a school we employ a ‘privacy by design’ approach – thinking about how we use and manage data securely in everything we do. The emphasis on accountability means that as a school we have increased the amount of documentation we use to record procedures and issues.
All personal data, electronic and paper copies, are stored on our secure server or in locked cabinets in locked rooms with access restricted on a 'need to know' basis.
The Information Commissioners Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
We do not store or process any biometric data.
The GDPR provides the following rights for individuals:
The "Right of access" allows you to make a subject access request regarding the information the school holds about parents, pupils and staff. Please click above for further details.
If you click here you can visit the ICO’s GDPR website to read in depth information about all aspects of GDPR.
There are 6 key principles to the GDPR that the school is accountable for:
- There must be a lawful reason for collecting personal data and it must be done in a fair and transparent way.
- Data must only be used for the reason it is initially obtained.
- No more data than is necessary should be collected.
- Data has to be accurate and there must be mechanisms in place to keep it up to date.
- Data should not be retained for longer than is necessary.
- The protection of personal data must be upheld.
Coldean has developed a comprehensive GDPR Data Protection Policy for all staff working in our school. All staff are trained annually and sign to agree full compliance. Our Data Manager is Nigel Watson.
Data Protection Education Ltd is the Data Protection Officer (DPO) on behalf of Coldean Primary. Their role is to oversee and monitor our school’s data protection procedures, and to ensure they are compliant with the UK GDPR. The data protection officer can be contacted on 0800 0862018 or via email at
Click here for a copy of our Privacy Notice for pupils and their families.
Click here for a copy of our Privacy Notice for visitors and volunteers.
Click here for a copy of our Privacy Notice for school workforce.
This is a list of the data processors used by the school with links to their GDPR compliance policies/statements.
- Arbor (Management Information System)
- Brighton & Hove City Council (Personnel / workforce management)
- Bromcom (Personnel / workforce management)
- Pearson Education - Product: Bug Club (Digital reading books with accompanying comprehension activities for children with individual pupil logins)
- CPOMS (Online pupil behaviour and child protection records)
- EVOLVE (Online portal to record details of Educational Visits made by pupils)
- Google Classroom (Online learning portal)
- Oxford University Press MyMaths (Online maths homework activities with individual pupil logins)
- Oxford University Press NELI LanguageScreen (short fun activities for children which gives useful information about children’s language skills.)
- ParentPay (Online payment account for school meals, after-school clubs and educational visits/visitors)
- PiXL Club (Individual pupil assessment information)
- 2Simple Purple Mash (Online portal to access teaching and learning resources for Computing)
- Scholarpack (Management Information System)
- Foundation Stage Forum Tapestry (Online Learning Journals for pupils in Nursery and Reception classes)
- Juniper Education Target Tracker (Individual pupil assessment information)
- Webanywhere (Website provider)