1. Legal and Privacy Statements
1.1 graphamandduncton.w-sussex.sch.uk Introduction
Privacy matters. Data should only be used when absolutely necessary. This statement includes sections on legislation and law, how data is handled or stored, and who to contact.
1.2 This statement covers the relevant laws relating to data
Please refer to the following portal for GDPR Europe:
1.3 What data do we collect?
We collect your data by positive opt in via contact form(s). This can include you name, email and phone number and other details including address if included. We may also collect your data for the purpose of registration for a newsletter sign up. Signing up for a newsletter may include a third party marketing email service like MailChimp or iContact. These companies are covered by their own privacy statements and legislation governing email marketing companies. Any financial information, e.g. a card transaction is encrypted and data is not stored by our website.
1.4 How do we use personal information?
Information is only used through the course of usual business so we can contact you to provide a service. Your personal information is not used for any other purpose. If you have subscribed to a newsletter, then your information will be used to provide that service/information. We dislike spam as much as anyone, and will never send you inappropriate communications. You may unsubscribe at any time.
1.5 What legal basis do we have for processing your personal data?
We require your positive consent to receive and process your personal information. We only collect the minimum information to provide the service required and nothing else. You can withdraw and manage your consent for use of your personal information at any time by using the contact information at the bottom of this statement, or via the ‘unsubscribe’ link on any marketing email we send.
1.6 When do we share personal data?
We only share your personal data with designed email marketing companies like MailChimp or iContact. In addition, should this site include e-commerce functionality, then your personal information will be processed in the usual manner through payment providers, e.g. Paypal or similar. We do not share your personal information with any other company or individual.
1.7 How do we secure personal data?
Our computer systems are compliant with all the relevant legislation. We use a reputable UK based hosting company with the appropriate security measures in place. We also have back ups of any data stored securely. Access to data is also secure. The website uses encryption through a security certificate (SSL) so no data is transmitted without encryption.
1.8 How long do we keep your data for?
We only keep personal information for the duration of our service to you. If you have subscribed for a newsletter, then will annually review our policy on keeping your information and delete it if it is no longer relevant.
1.9 Your rights in relation to personal data
You have many rights under GDPR EU law. At any time you can ask us what data we hold, request correction or deletion or request restrictions on its use. Please use the contact information at the bottom of this statement.
2. Cookies and other Data
2.2 Using our blog/news section if activated
If the blog/news section of this site is active, then you may be able to comment on posts. This may/may not require you to create an account on the website. To that end we may collect your basic personal information (name/email/password) so you can participate in discussions. The use of your personal data is restricted to the blog and the website database which is secured at our hosting company.
At this time GDPR requires pseudonymisation. Put simply, this means that an identifier (code) is added to sections of personal information which links this information together. The pieces of information are then separated. Without the code, your personal information and identity cannot be linked together. As stated, we do not at this time collect or store any of your personal information through our websites. Almost all web applications using a Content Management System (CMS), e.g. WordPress (this site), Joomla, Drupal, Wix, Weebly etc do not yet comply with this part of the legislation. For example, as of 2018, there are nearly 500 million WordPress sites on the web and none of them yet meet this requirement. It will take some time for this change to be developed by the application developers. As soon as it is available, then we shall implement it on all our websites.
2.4 Our hosting company is as secure as it can be
For all our websites we use a reputable UK hosting company. The hosting company industry is largely unregulated and many of the largest companies do not use sufficient levels of diligence to prevent hacking or other data breaches. The company we use complies with the Data Protection Act 1998 and has numerous measures to prevent compromise of websites and data. Our sites are secured in a ‘container’ that includes round the clock protection from hackers using their customised WAF (Web Application Firewall). They also maintain up to date software and have closed the main routes often used by hackers. All traffic to/from our sites use encryption via https: (SSL – security certification). No website is 100% secure, but at graphamandduncton.w-sussex.sch.uk we endeavour to ensure that everything we do online is as secure as it can be.
2.5 Issue with Data (Breaches)
We will report any data breach relating to this website and any of the associated storage. We will report this breach to the appropriate authorities within 72 hours as is the requirement under the GDPR legislation.
2.6 Contact Information
If you have an questions or concerns with regard to data or this policy, then please contact:
Graffham CE Infant School Office
t: 01798 342402