Data Protection

At Evergreen Primary School we take the protection of your data and privacy very seriously. The new General Data Protection Regulation (GDPR) comes in to force on 25th May 2018. We are committed to complying with all relevant EU and Member State laws in respect of personal data, and the protection of the rights and freedoms of individuals whose information we collect and process in accordance with the GDPR.

Who is responsible for personal data?

As a school, we act as a data controller and as such define how and why personal data is collected, stored, and used. We also utilise data processors – third parties that process the data we control on our behalf. As a data controller we must comply with the new regulation, as well as ensuring any data processors we use also comply.

Complying with the GDPR

At Evergreen Primary School we achieve compliance by ensuring personal data is processed lawfully, transparently, and for a specific purpose. Once the purpose is fulfilled and the data is no longer required it will be deleted as defined within our Record Retention Schedule which can be found in the GDPR Documents section.

We are registered with the Information Commissioner's Office (ICO) as a data processor under the registration number Z9863163.

We currently have a variety of security measures in place to ensure personal data is protected, including:

  • advanced network protection, such as anti-virus and firewall solutions
  • regular data backup
  • automated suspicious activity detection and logging
  • tailored digital access permissions
  • physical protection, such as door access control and secure storage facilities

Additionally, our staff have access to certain personal data in order to carry out their duties and we therefore provide regular data protection training to ensure policies and procedures are being followed.

How you can help

As part of GDPR we have ascertained the legal bases for processing data, some of which relies on consent. It is important that you return any consent forms to us as a matter of urgency so that we can continue to run certain systems.

We respect the data rights of all our pupils but appreciate this can be a confusing subject for all. We have created a privacy notice using language tailored to meet the needs of our parents and carers, which can be found in the GDPR Documents section. 

Subject access requests

If you would like to make a subject access request please view the relevant privacy notice below detailing how you can do so.

Get in touch

If you have any further questions about how the GDPR affects you or your child, or how our school is working within the requirements of the GDPR, please don’t hesitate to contact school at

Data Protection Documents

File Size
Evergreen Record Retention Schedule v1.pdf 440.89 KB
Evergreen Privacy Notice.pdf 150.67 KB