top of page

Tucker Baptist


Data protection


We are committed to data protection and support the data protection rights of all those with whom it works, including, but not a limit to staff, students, parents, governors and visitors. The data protection and freedom of rights policy set out the accountability and responsibilities of us all. Staff and students to comply fully with the provision of the general data protection regulations (GDPR) and the data protection act 2018. The trustees appointed a data protection officer (DPO) to monitor and advise on compliance with the GDPR information can be obtained from the DPO and from the business director and chief financial officer.


Purpose of policy

The data, protection and freedom of rights policy set out the responsibilities of the school, its staff and its students to comply with the provisions of the GDPR. 

The policy forms the framework for which everybody processing personal data should follow to ensure compliance with the data protection legislation.



Data, protection and freedom of rights policy applies to all staff and students in all cases where the trust is the data controller or the trust is a data processor of personal data.

The policy applies in these cases, regardless of who created the data and where it is held, or the ownership of the equipment used.


Status of policy

This policy does not form part of the formal contract between trust and staff, all students, but compliance with it is a condition of employment, and expectations of students to abide by our rules and policies. Any failure to follow the policy can therefore result in disciplinary proceedings.


Responsibilities under the policy

Tucker-Baptist is the data controller and has the responsibility to implement and comply with data protection legislation.

In determining the purpose is for which, and the manner in which personal data is processed, the trust must adhere to the data protection principles as set out in the legislation. Details of the principles and main requirements for compliance can be found in the data protection and freedom of rights policy.


Data security

All users of personal data must ensure that personal data is always held securely. I’m not disclosed to any unauthorised third-party either accidentally, negligently for intentionally.


Privacy notices

We provides data subject with a privacy notice to let them know how, and for what purpose their personal data is processed.

Responsibilities of data uses

Heads of schools, senior leadership team, heads of department, managers of administrative and support services have a responsibility to ensure compliance with the data protection and freedom of rights. Policy antidevelopment encourage good information handling practices within their areas of responsibility.

All day to use as a personal data have a responsibility to ensure that they process the data in accordance with the principles, and the other conditions sit down in the legislation.

The policy provides detailed guidance to assist with fulfilling these obligations.

The DPO will perform, periodic audits to ensure compliance with this policy and legislation.


Data subject rights

The GDPR contains a data subject rights. We must comply with the rights to information, subject access, to rectification, to object, to erasure, to portability, to restrict processing, and in relation to automated decision-making and profiling.


These rights can be restricted for personal data used in research.

Subject access request and the right to data portability.

Individuals have the right to request to see or receive copies of any information we hold about them, and in certain circumstances to have that data provided in a structured, commonly used machine-readable format, so it can be forwarded to another data controller. We will respond to this request within one calendar month.

It is a personal criminal offence to delete relevant. Personal data after subject access has been received.

Subject access request should be submitted in writing either by letter or email to the DPO.


They should include:

  • Name of individual

  • Contact number and email address.

  • Details of the information requested.


Right to erasure, to restrict processing, to rectification, and to object.

In certain circumstances, data subjects have the rights to have their data erased, this only applies:

  • Where the data is no longer required for the purpose, for which it was originally collected, or

  • Where the data subject, withdraws consent, or

  • Where the data has been processed unlawfully.


In some circumstances, data subjects may not wish to have their data raised, but rather have any further processing restricted

bottom of page