Your new design will be uploaded in:
...
Please contact Delivery Team on
0113 3200 750 if you have any queries.
X

The General Data Protection Regulation

Community First Academy Trust is committed to being transparent about how it collects and uses data in order to meet its data protection obligations under the General Data Protection Regulations (GDPR).

We’ve spent a lot of time reviewing our responsibilities under GDPR and like to think we’ve been thoughtful about its intent and meaning.  But the application of GDPR is highly fact-specific, and not all aspects and interpretations of GDPR are well-settled. We have undertaken a full information audit (Jan 2018) across the organisation and will continue to do so in order to maintain a record of all of our processing activities.

The Trust has appointed Craig Holden as its data protection officer (DPO). The role of the DPO is to inform and advise the Trust on its data protection obligations. The DPO can be contacted at info@cfat.org.uk. Questions about our policies, or requests for further information, should always be directed to the data protection officer in the first instance.

The Trust may however, from time to time, be required to share personal information about its employees, service users, pupils, students or its Kingsbridge trainees with other organisations, mainly the LA, Department for Education, National College, other schools / educational bodies or potentially social services etc. This is classed as lawful basis to process personal data.

The lawful basis for your processing data can also affect which rights are available to individuals. For example:

 

Right to erasure

Right to portability

Right to object

Consent

X*

Contract

X

Legal obligation

X

X

X

Vital interests

X

X

Public task

X

X

Legitimate interests

X

* but right to withdraw consent

What are the lawful bases for processing?

 The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever you process personal data:          

 (a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

 (b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.

 (c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).

 (d) Vital interests: the processing is necessary to protect someone’s life.

 (e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

 (f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)

 The trust has drafted a number of policies to ensure all staff, trustees and governors are aware of their responsibilities and outlines how the trust complies with the following core principles of the GDPR.

 The main trust policies relating to data protection are:

  1. HR Related GDPR Policy
  2. Data Protection GDPR Policy
  3. ICT Acceptable User Policy

We keep a record of when and how we got consent from the individual.

Should you wish to withdraw consent please complete the following form:

Withdraw Consent

We act on withdrawals of consent as soon as we can.

 

Trust Privacy Notices

1. Employee Privacy Notice

2. Student / Pupil Privacy Notice

 

COPYRIGHT / INTELLECTUAL PROPERTY STATEMENT

All rights reserved. No part of our policies may be reproduced, stored in a retrieval system, or be transmitted in any form or by any means, electronically, mechanic, photocopying, recording or otherwise without the prior written permission of the copyright owners – Community First Academy Trust.