Members, Governors, Trustees Privacy Notice: 

How we use your information

For details about how we handle personal information collected for COVID19 purposes see our COVID19 Privacy Notice

This privacy notice was updated on29/06/2020


Personal information we collect

We collect the following information about you:

  • Your name, date of birth and contact details 
  • Governance details (such as your role, start and end dates and governor ID)
  • Outcome of your Disclosure and Barring Service (DBS) check and certificate number
  • Health, disability or dietary requirements you have chosen to share with us
  • Material interests arising from relationships between governors or relationships between governors and school staff (including spouses, partners and close relatives)
  • Personal statement when applying for the role and relevant training or qualifications
  • Photographs and video recordings of you (such as official school photographs, performances or events)
  • Your image captured on our CCTV system when you are on school premises
  • Your facial image captured on our electronic visitor management system
  • Your consent preferences


We need this information to:

  • Comply with our legal obligations and governance standards in relation to Member, Trustee, Governor and Clerk appointments under section 538 of the Education Act 1996
  • Build a comprehensive picture of our school governance and how it is deployed
  • Inform relevant authorities, organisations and other relevant persons of our appointments
  • Enable individuals to be kept informed of the governance training available to them, book them on the training and keep them informed about other relevant information regarding their appointment duties
  • Respond to complaints, grievances and discipline investigations
  • Assess the quality of our services
  • Assist in crime prevention, detection and public safety
  • Meet statutory duties placed upon us by the Department for Education


Who we share information with

Department for Education (DfE)

We have a legal obligation under section 538 of the Education Act 1996, to share information about governors and governance arrangements with the Secretary of State for Education, so they may publish this on their Get Information About Schools (GIAS) register. 

For information about the GIAS register, visit the DfE website at 


Our local authority

We are required to share appointment and resignation information about board members with our local authority. 

Companies House


Sections 167 & 167D of the Companies Act 2006 requires us to register anyone on the Trust Board with Companies House, as they are a Director of the Company.


The public

We are required to publish certain personal information about our Members, Governors, Trustees and Clerks on our website (as set out in the Education and Skills Funding Agency- Academies Financial Handbook).

Police and law enforcement agencies

We may be required to share information about any person we hold information about, to the police or other law enforcement agencies, to assist them in an investigation to prevent or detect a crime or safeguard individuals at risk.

Our legal basis for collecting, using and sharing information

The main legal bases we rely on when we process personal information are as follows:

  • It is necessary for us to perform a task which is in the public interest or to exercise our official duties as a school 

This broad legal basis is applicable to almost all the processing we do involving personal data.


  • It is necessary for compliance with a legal obligation

This is applicable where a specific law requires us to collect or share personal data This will include sharing data with the Department for Education (DfE) and the local authority.


  • The data subject has given their consent

Consent is not required for most of the processing we do, however, there are occasions when we ask for consent, for example, if we want to publish close up photographs. Where we are processing your data with your consent, you have the right to withdraw that consent. If you change your mind, or if you are unhappy with our use of your personal data, please let us know by contacting the school office.


  • The processing is necessary to protect the vital interests of the data subject or someone else

This is applicable where a person’s life could be at risk and we need to share or make available information to help them. This could involve sharing serious allergy information with staff, paramedics or other medical professionals, or other information requested by the police or social services, to assist them in their enquiries to protect that person.

When we process ‘special category’ data, we must have another legal basis. Special category data is personal data which reveals a person’s racial or ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, genetic data, biometric data (such as fingerprints), health, sex life or sexual orientation. The main legal bases we rely on when we process this type of data is as follows:

  • The data subject has given explicit consent

This is usually applicable where we ask for health or dietary information. 


  • The processing is necessary for performing any right or obligation which is imposed on the school in relation to employment, social security and social protection law (e.g. safeguarding individuals at risk; protection against unlawful acts; prevention against fraud)

This is usually applicable where we are performing our duties in relation to health and safety and safeguarding.

  • It is necessary to protect the vital interests of any person where the data subject is physically or legally incapable of giving consent

This could be relied upon in situations where someone has become seriously ill on our premises and we are asked by medical practitioners (such as paramedics), to share information we know about that person’s health or allergies.

  • The processing is necessary for the establishment, exercise or defence of legal claims

We may share or use special category data where legal action is being considered or underway.

  • The processing is necessary in the substantial public interest

This may be relied upon in circumstances such as where our processing is necessary to safeguard children or others at risk or where we respond to requests from the Police or law enforcement bodies, to assist in an investigation to prevent or detect an unlawful act.

This list is not exhaustive.

How we protect your information

We take our security responsibilities seriously in order to protect your personal data from accidental or unlawful access, disclosure, loss, damage or destruction. For example:

  • Access to our data is on a strict need to know basis 
  • Our electronic records are held on encrypted servers
  • We use up to date virus and malware protection software; security patches are applied promptly and we back up our data regularly
  • Our sensitive paper files are locked away with restricted access to the keys 
  • Our Members, Governors and Trustees are subject to Disclosure and Barring Service (DBS) checks and understand their duty of confidentiality
  • We have policies, procedures and training around data protection, security, record disposal and confidentiality
  • We have strict visitor management security procedures in place
  • We use encrypted email or secure file sharing platforms to share confidential personal data with external organisations
  • We carry out due diligence checks on our service providers and Data Protection Impact Assessments, where required.


Storing personal data

The personal information we collect and store is essential for our school’s operational use. We only keep personal information for as long as we need to, and where it is necessary to comply with any legal, contractual, accounting or reporting obligations. After this period, we delete or securely destroy personally identifiable data. 


For more information about how long we keep personal data for, see our record retention schedule .


Overseas transfers

We store our data in the UK or the European Economic Area (EEA), however some of our service providers may store personal data outside these areas (usually in the USA). We have a contract in place with these data processors, which ensures they process our data securely and in line with our data protection laws. To find out which service providers process data outside the EEA see Our Service Providers.



Your data protection rights


You have the following rights under the data protection laws:


Your right of access

You have the right to ask us for copies of your personal data. There are some exemptions, which means you may not always receive all the information we process. 


Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 


Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances.


Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances.


Your right to object to processing

You have the right to object to us processing your information where we consider this is necessary for us to perform a task in the public interest. You can also object to us using your contact details to send you direct marketing or fundraising communications, which you have previously opted-in to receiving.


Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under a contract (or in talks about entering into a contract) and the processing is automated.




Your right to complain

We work to high standards when it comes to processing your personal information. We hope you will always be happy with the way we handle your information, however if we have not met your expectations, please let us know so we can put things right. To do this, please email the school at If you remain dissatisfied, you have the right to complain to the Information Commissioner’s Office (ICO). The ICO’s contact details are available at Further information about your data protection rights, can be found on the Information Commissioner’s Office website at


Contact Us

There are many ways you can contact us, including by phone, email and post. Our contact details are as follows:


East-the-Water Primary School, Mines Road, Bideford, Devon. EX39 4BZ 01237 475178 or


If you would like to make a request or complaint, please contact us. You are not required to pay a fee for exercising your rights and we have one month to respond to you.  


Data Protection Officer

Our Data Protection Officer (DPO) is Amber Badley, an external consultant appointed under a service contract. If you have any queries about this privacy notice or any matter relating to the handling of your personal data, you can contact our DPO directly at or by writing to the school at


Changes to this privacy notice

We may need to update this privacy notice periodically, so we recommend that you revisit this information from time to time. This version was last updated on 29/06/2020


To optimise your experience on our website we use cookies.
Learn more.