At Woodstock CE Primary School, we are committed to protecting the privacy and security of personal data. 

What is GDPR?
GDPR is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union. It aims to enhance data protection and privacy rights.

What Personal Data Do We Collect?
We collect and process personal data for legitimate educational and administrative purposes, including but not limited to:

• Pupil information (name, date of birth, contact details, academic records, medical information, attendance records, safeguarding information)
• Parent/carer contact details
• Staff employment records
• Volunteer and governor information
• CCTV footage for security purposes
• Website usage data

How Do We Use Personal Data?

Personal data is used to:

• Provide education and support to pupils
• Manage school operations, including admissions and attendance
• Ensure the safety and well-being of pupils and staff
• Fulfill legal and regulatory obligations
• Communicate with parents and carers

Legal Basis for Processing Data
We process personal data based on the following legal grounds:

• Performance of a public task (education provision)
• Compliance with a legal obligation
• Legitimate interests of the school
• Consent (where applicable)

How Do We Protect Personal Data?
We implement strict security measures to protect personal data from unauthorised access, loss, or misuse. These include:

• Secure digital storage systems
• Restricted access to sensitive information
• Regular staff training on data protection
• Secure disposal of data when no longer needed

Sharing Personal Data
We only share personal data when necessary and in compliance with GDPR. This may include sharing with:

• Local authorities and government agencies
• Examination boards
• Health and social care providers
• Educational support services
• Law enforcement (when required by law)

Your Rights Under GDPR
Individuals have the following rights under GDPR:

• Right to access their personal data
• Right to request correction of inaccurate data
• Right to request deletion of personal data (where applicable)
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent (where applicable)

How to Make a Data Request
To exercise your GDPR rights, please contact our Data Protection Officer below. We will respond within the statutory timeframe.

Retention of Data
We only keep personal data for as long as necessary to fulfil educational, legal, and regulatory purposes. Once data is no longer needed, it is securely deleted or anonymised.

Contact Us If you have any questions about our GDPR policy or how we handle personal data, please contact:

Richard Graham
School Business Manager
Woodstock CE Primary School
Shipton Road
Woodstock,
Oxfordshire
OX20 1LL
Email: DPO@woodstock.oxon.sch.uk 
Telephone: 01993 812209