Skip to content ↓


Cottingley Village Primary School, as part of Exceed Academies Trust is committed to being transparent about how it collects and uses data in order to meet its data protection obligations under the General Data Protection Regulations (GDPR).

Following the Data Protection Act 1998, the General Data Protection Regulation (GDPR) 2018 came into force on 25 May 2018. The GDPR only applies to personal information, ie, information about identifiable living individuals and to anyone who processes, stores or is the subject of personal data.

The Regulation lays down rules relation to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data:

  • It protects the fundamental rights and freedoms of natural persons and, in particular, their right
    to the protection of personal data.
  • Anyone who records and uses personal information (data controllers) must be open about how the information is used and must follow the six principles of ‘good information handling’.
  • All individuals (data subjects) have the right to see information that is held about them and the right to have information corrected if it is incorrect.
  • The Regulation applies to all electronic records that contain information about living and identifiable individuals and extends data protection to manual files where the personal data of a data subject is readily accessible (a structured filing system).
  • The main aim of the Regulation is to protect data from unnecessary, unauthorised or harmful use and to provide individuals with some control over the use of their personal data. Individuals have the right to take action for compensation caused by inaccurate, lost or destroyed data or unauthorised disclosure of information. They also have the right to complain to the Information Commissioner who may serve an enforcement notice and, in some circumstances, impose a financial penalty.

In collecting, using, storing and disposing of data, the Trust or an individual Academy will comply with the requirements of the GDPR that govern the processing of personal data. Under these requirements, information will be collected and used fairly, stored safely and not disclosed to any other person where to do so would be in breach of those requirements or would otherwise be unlawful.

If a request is made for information, in the majority of circumstances the issue will be resolved without reference to the GDPR. If a Data Subject specifically makes a request under this Regulation, then a formal procedure must be followed.

Click the link below to view the policies and Privacy notices linked with GDPR

Further information about the GDPR is also available on the Information Commissioner's website at

The Trust has appointed Ruth Jarvis as its Data Protection Officer (DPO). The role of the DPO is to inform and advise the Trust on its data protection obligations. The DPO can be contacted at

We keep a record of when and how we got consent from the individual to process their personal data. Should you wish to withdraw consent please contact the DPO advising of the consent you wish to withdraw -