Heybrook Primary and Nursery

Heybrook Primary and Nursery School

General Data Protection Regulations

On the 25th May 2018 the GDPR replaced the Data Protection Act 1998 and is designed to strengthen the safety and security of all data held within an organisation, and make sure processing and storage procedures are consistent.


First and foremost, it is important that you understand your rights under the GDPR; you have the right to:

·         Be informed about how we use your personal data.

·         Request access to the personal data that the school holds.

·         Request that your personal data is amended if it is inaccurate or incomplete.

·         Request that your personal data is erased where there is no compelling reason for its continued processing.

-          Request that the processing of your data is restricted.

·         Object to your personal data being processed.


GDPR will result in some significant changes for the school, meaning that the school will have to prove their compliance with the GDPR, by having effective policies in place. There are also changes to the rights that individuals have – such as the right to have your information erased.


Privacy notices must also include new information, such as an individual’s right to complain to the Information Commissioner’s Officer (ICO). The GDPR takes into account the information of children too – parental consent is needed for children up to the age of 13, at which point, the child may be able to consent for themselves.


A data breach notification duty is applied to all schools, and those that are likely to cause damage, e.g. identity theft, have to be reported to the ICO within 72 hours – failure to do so can result in a fine. A data protection impact assessment will be completed, which will likely be carried out when using new technologies and the processing is likely to result in a high risk to the rights and freedoms of individuals.


One of the biggest changes has been in terms of consent; consent must be a ‘positive indication’, which means that it has to be opted into, clear and unambiguous. Any parental consent given to the school under the Data Protection Act 1998 has been reviewed and we have asked all our parents to complete and return a new consent form. Parental consents not covered by the new form may be requested and we will ensure that we ask for your consent as it becomes appropriate to do so.


Please read the school’s privacy notices on the school website. It is important that you read and understand the privacy notice, as the school wants to ensure that you know what we are doing with your data and that you know we are acting legally.


When relevant policies have been checked and ratified, they will be published on the school’s website.


If you have any questions about GDPR, you can contact the ICO on 0303 123 1113 or by using their live chat, or you can visit their Guide to the General Data Protection Regulation webpage.


For data protection enquiries to the school, Subject Access Requests or other GDPR concerns please email: GDPR@heybrook.org


If you need to raise a concern about our use of your personal information then please contact our Data Protection Officer at DPSchools@Rochdale.Gov.UK or Information Governance Unit, Number one Riverside, Smith Street, Rochdale, OL16 1 XU


Data Protection Policy

Privacy Notice

CCTV Policy 


What are Cookies? Cookies are very small text files that your computer downloads when you visit a website. When you return to websites (or visit other websites that use the same cookies) they recognise these cookies and therefore your computer or mobile device. You can usually control your cookie preferences via your internet browser settings.


Our Usage We use cookies to improve your browsing experience and help us improve our website. By using our website, you agree to our use of such cookies. We aim to comply with the EU ePrivacy Directive, also known as ‘the EU Cookie Law’ by getting implied consent from website visitors and aiming to make visitors aware about how we use cookies. In line with official ICO guidelines and current industry best practice, we do not proactively block cookies and the website doesn’t make your visitors take action before they can use your website. The Information Commissioner’s Office (the ICO) who enforce privacy laws in the UK have stated that getting “implied consent” for cookie use is fine (see more about the ICO below). This website does not proactively block or delete cookies. If you want to block cookies, this must be done via your internet browser settings or other means. We use software to monitor website traffic and this requires some cookies to be set. We also use page caching to speed up your browsing experience and in some cases cookies may be set to help with this.


The Cookie Bar If you click ‘Accept’ on the Cookie Bar, it will be hidden. A persistent cookie is set to do this and it is set for 365 days. It is used to remember whether the visitor has “accepted” the cookie policy (i.e. chosen to close the header).


ICO Guidelines The Information Commisioner’s Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

View the ICO’s Cookies Guidance PDF

Read more about cookies in the ICO’s guide to the Regulations