GDPR

At New Mills School, we are committed to protecting the personal data of our pupils, families, staff, and wider school community. This page outlines how we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 

Privacy Notices

We collect and process personal data to support learning, ensure safety, and meet legal obligations. Our full Privacy Notice for Pupils & Families includes:

  • What data we collect (e.g. names, medical info, attendance, safeguarding records)

  • Why we collect it (e.g. education, safeguarding, legal duties)

  • Who we share it with (e.g. exam boards, NHS, DfE, local authorities)

  • How long we keep it (see our Retention Schedule)

  • Your rights (access, correction, erasure, objection, etc.)

View our full Privacy Notice for Pupils & Families here.

 

Cookie Policy

Our website uses cookies to enhance user experience. Upon visiting, you will be prompted to accept or reject non-essential cookies.

  • Essential cookies: Required for site functionality.

  • Analytics cookies: Help us improve the site.

  • Marketing cookies: Only used with consent.

You can manage your cookie preferences at any time via your browser settings.

 

Data Protection Policy

Our Data Protection Framework includes:

  • Legal basis for processing data

  • Procedures for breaches, subject access requests, and data impact assessments

  • Roles and responsibilities of staff and leadership

View our Data Protection Framework at the bottom of this page.

 

Subject Access Requests (SARs)

You have the right to request access to your personal data. To make a request:

 

Consent & Marketing

We only send marketing communications (e.g. newsletters, event updates) with your explicit consent. You can withdraw consent at any time by contacting the school.

 

ICO Registration

New Mills School is registered with the Information Commissioner’s Office (ICO) under registration number Z6159224.

For more information, visit the ICO website: https://ico.org.uk/

 

IT & Cyber Security

We follow strict IT security protocols including:

  • Encrypted devices and secure cloud storage

  • Staff training on acceptable use and social media

  • Monitoring and safeguarding systems

View our Acceptable Use of IT Policy here.

 

Contact Us

If you have any concerns or questions about how we handle your data, please contact:

Data Protection Officer (DPO)

Education Data Hub – Derbyshire County Council

📧 dpforschools@derbyshire.gov.uk

📞 01629 532888

📍 County Hall, Matlock, Derbyshire DE4 3AG

You can also contact the Information Commissioner’s Office (ICO) directly at https://ico.org.uk/concerns/

 

✅ Keeping Your Data Safe

We regularly review our policies and procedures to ensure compliance and best practice. This page was last updated October 2025.

Data Protection Framework 2023