Data Protection

This section of our site outlines the handling of personal data at, and steps that are taken to mitigate the risk to any individual involved with our website. strives to provide and maintain policies and procedures to reflect our legal responsibilities and best practice. Please take the time to review some of the attached pages and documents. has a designated Data Protection Officer:

Mr Mitch Rankin


The term ‘data’ refers to any information collects from users of the website. This might be on paper, or in the form of digital files. has a duty to handle all data appropriately and use the information collected only for the reasons given at the time of collection.

The term ‘personal data’ refers to data that relates to a particular, identifiable person.


In May 2018 the legislation in Europe regarding data protection was renewed significantly. The General Data Protection Regulation (GDPR) ensures that individuals always have control of and access to their own data.

Data controllers have key responsibilities, ensuring that data they collect is handled securely and sensitively.


Companies and services that operate outside the EU (Eg. Microsoft, Facebook) also have responsibilities. All data relating to EU citizens is subject to the terms of the GDPR, even if the data is stored/transferred overseas.


A data controller is a person or organisation that collects and processes data. It may also provide other data processors with access to certain data, to achieve a specific purpose.

For instance, provides third party business with the information it needs to pay its staff.


The processing of data simply refers to any action performed on a particular set of data. This includes copying, analyzing, deleting, or sharing.

As an example, uses an online service to send emails to users. This service manages the email process. supplies users names and their email addresses with the service provider. No other information is shared, as this would be unnecessary for the purpose.


In the first instance, contact Data Protection Officer (named above).

In case of significant data protection issues, all data controllers in the UK are required to register with the Information Commissioner’s Office (ICO). The ICO is the authority that deals with complex or serious issues surrounding data protection.

DATA PROTECTION POLICY May 2018(link to our PDF)

Access your data

Every individual that collects data from has a right to be informed of how that data is used and stored. informs users of its intent and objective when it collects data.

Following data collection, individuals are able to request access, rectification, or removal of data. All users are also able to object to their data being used, or restrict the processing of their data. In cases where copies of data are provided, the user has a right to be supplied the data in a format that can be easily transferred to another service/data controller. will respond to requests within 30 days and for original request, there is no fee charged.

It should be noted that in some circumstances, has a right to query, validate, or refuse a data request. This may happen for various reasons - for instance if has an existing legal or safeguarding obligation to uphold, this may override the individual rights of the user.

Queries and requests regarding access and modification of user data should be referred to the Data Protection Officer at

Please also refer to Data Protection Policy for more information.

Reporting Problems is committed to maintaining the confidentiality of information held within its systems about users, staff, finances and operations. updated it's Data Protection Policy in May 2018 to reflect the importance of providing privacy and security for our students, staff, and parents.

Whilst we take all measures possible to ensure the protection of data, has put in place procedures to mitigate and reduce the impact of any data privacy issues. These are outlined below:

The Risk Register’s Risk Register lists the areas of potential data breaches, how they may occur and what steps can be taken to avoid a breach.

Definition of a data breach

A data breach can be defined as the unintended loss of personal data relating to students, parents, staff or anyone connected to whose details are held on systems. Examples of possible breach scenarios are shown below:

  • Loss or theft of equipment on which data is stored
  • Inappropriate access controls allowing unauthorised use
  • Equipment failure
  • Poor data destruction procedures
  • Human error, including accidental deletion
  • Cyber attack/hacking
  • “blagging” – where information is obtained by deception

In the event of a breach

Should a data breach occur, the Data Protection Officer and will investigate the cause, nature and severity of the breach and complete the attached three-part form. The ICO (Information Commissioner’s Office), the Police and stakeholders will be informed if deemed relevant.

You can contact Data Protection Officer via email at

The Data Protection Officer and will examine’s Risk Register and identify if any further action can be taken to prevent further data loss and recover lost or damaged data.

This procedure is designed to be read in conjunction with’s Data Protection and e-Safety Policies and the following legal framework:

Regulations that govern personal data protection

There are currently various documents covering data protection in place at the national, international, and European levels. The most important ones are the following:

  • Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealed on 25 May 2018 by Regulation (EU) 2016/679.
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
  • Charter of Fundamental Rights of the European Union (2012/C 326/02).
  • Convention for the protection of individuals with regard to the automatic processing of personal data.

The Data Protection Act 1988

The Computer Misuse Act 1990

The General Data Protection Regulations (GDPR) which come into effect from 25th May 2018.

Privacy Notices

A privacy notice is a document that outlines what personal data is collected by an organisation, and summarizes the rights of the individual.

Copies of privacy notices for students and parents can be downloaded below

(Link to STAFF PDF)

Data Retention uses the guidelines provided by the IRMS to ensure data is retained appropriately. The following examples show indicative figures as to the longevity of personal data at It is important to note that these are not rigid - has legal and safeguarding obligations to meet, which allow it to retain certain data longer than specified below.

Example Nominal retention period

Registrations Date of last login plus 3 years

You might be interested in:

What Is "Early Data"?

Hello, what does this early data mean in the sentence below? According to global CDN provider Akamai, "early data" has revealed that the number of concurrent users streaming...

Social Protection

My interest is even more strengthened because of the fact that my post graduate thesis is based, on using the framework of Social Security (Protection) as a Foundational Strategy...

Can Someone Check My Personal Data Resume?

Hi! Can someone check my personal data resume? Thanks, Iris Contact information Name : (personal information removed by moderator. It is not wise to post...

Tennis Rules And Regulations

i need full rules and regulations of tennis. i want to know the rankings of tennis players. can anyone help me. as a good friend.

Some General Questions

hi! 1) Today, I've read some new posts but they're still considered new. Is it normal? maybe do I have to refresh the page or does it refresh automatically? Just a curiosity ...