The General Data Protection Regulation or the GDPR is a European Union legal instrument ensuring the protection of individuals with regard to the processing of personal data and on the free movement of such data.

The UK GDPR is based on data protection principles that our school must comply with. The principles say that personal data must be:

    • Processed lawfully, fairly and in a transparent manner.

    • Collected for specified, explicit and legitimate purposes.

    • Adequate, relevant, and limited to what is necessary to fulfil the purposes for which it is processed.

    • Accurate and, where necessary, kept up to date.

    • Kept for no longer than is necessary for the purposes for which it is processed.

    • Processed in a way that ensures it is appropriately secure.

Below are our privacy notices and our Data Protection policy which set out how we aim to comply with these principles.

If you would like to report a data breach or make a subject access request please use the forms below

You contact our Data Protection Officer, please email dpo@ct5d.com