GDPR (General Data Protection Regulations)

In line with the updated General Data Protection Regulations which came in to effect on 25th May 2018, we have adapted our Parental Consent Form to reflect the additional consent we now require for pupils. The General Data Protection Regulation replaces the Data Protection Act; which is designed to strengthen and unify the safety and security of all data held within an organisation.

Data Protection Policy

Charging and Remissions policy 

Privacy Notice Pupils and Parents

The GDPR is focused on looking after the privacy and rights of the individual and is based on the premise that we should all have knowledge of what data is held about us and how it is used.

The majority of pupil information that you provide to St Nicholas is mandatory and is required to enable us to fulfil our official function. On the few occasions when we need your consent to collect and use information, we will ensure that your consent is freely given and that it is specific, informed and unambiguous.

We also need to ensure that the data we hold on your child is always up to date; please help us to keep your child’s records current by informing us of any change of circumstances – addresses, home circumstances, mobile number etc.

We already highly value and protect all of our pupil, parent/guardian and staff data and will continue to do so in the presence of GDPR. We will continually review our practice to ensure that GDPR is central to our day-to-day culture. We will ensure that your personal data is processed fairly and lawfully, is accurate, is kept secure and is retained for no longer than is necessary at St Nicholas C of E Primary School.

Requesting access to your personal data
Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact Mrs Alecia Spike (Data Protection Lead)
You also have the right to:
  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at