Data Protection

17th December : Statement Regarding the GDPR UK Departure from the EU


The UK is scheduled to leave the EU transition arrangements on the 1st January 2021. As such, EU law – which the GDPR is legal under – will cease to become relevant to the UK’s management of data. However, the principles and practices of the GDPR have been encompassed in the Data Protection Act (2018) – which is of course UK law and will continue to be legally binding until amended or withdrawn by the UK government in the future.

However, it is possible that some of our policies, information and materials may well still refer to the GDPR until they are formally amended / reviewed in the future. Until this time, the term GDPR used in any of our documents or materials will be taken as referring to the Data Protection Act (2018) and any subsequent legislation that arises out of the UK government and as such we will continue to comply both it’s inherent principles and requirements.

We will continue to update our materials and guidance as more information becomes available.


Data Protection Statement for School Websites Nov 2019


Our Data Protection Promise

In May 2018 the European Union introduced the General Data Protection Regulation (the GDPR) in all of it’s member states, followed by the UK Government’s Data Protection Act (2018). These acts of law mean that as an organisation that processes and manages large amounts of personal data (such as names, dates of birth, addresses, test results, medical information etc) we have a legal duty to manage it with great care. As a school we can assure you that we have carefully designed processes and systems to safeguard your child’s data during their time with us. Our staff regularly undergo data management training and we are regularly reviewed and supported by our Data Protection Officer (DPO).


Our Data Protection Officer is Colin Bellis.

He can be contacted at :


T : 01704 320510

A : Illuminate Education Services UK Ltd, 93 Lexton Drive, Southport, Merseyside, PR9 8QN.

The GDPR establishes certain rights in relation to those whose data we hold. As a Trust, these rights are applicable to those holding parental responsibility for any child who attends one of our academies. Two of the main rights are the right to (a) request a review of any data we hold on your child – a Subject Access Request – and (b) the right to have any incorrect data put ‘right’ – a Data Amendment Request. If you would like to request either of these to be undertaken, please download the relevant form below OR collect one from the school office. Once completed, you can either hand it back into the school office or send it directly to Illuminate Learning ltd. The DPO can offer help and guidance on these requests.

As the GDPR places on us a significant set of requirements, giving the full detail here is not possible. However, copies of the policies and documents we work with can be downloaded by following the links below. Here you can find a full explanation of the GDPR and how it applies to us as a school. You can also download relevant forms and guidance.


Click here to download a copy of our Data Management Guide for Parents

Click here to download a copy of our leaflet outlining the role of the Data Protection Officer

Click here to download a copy of our Data Protection (Privacy) Policy

Click here to download a copy of our Subject Access Request (SAR) Form

Click here to download a copy of our Data Amendment Request Form


Our Data Protection Updates

When parents register their child for our school, we provide them with a Data Protection Statement and Acknowledgement. This outlines all the data we process, the reason why we have it, how long we keep it for and what happens to it when we’ve finished with it.


However, as time goes by there are occasions when we need to notify parents of additional processing ‘events’. We have undertaken to publish these changes here (below), rather than to go back and get every parent / guardian to sign the agreement again.


Please remember that those with parental responsibility have the right to stop our processing of data at any time (*), so if you have any questions about these additional data notifications then please do not hesitate to contact either our DPO or your child’s academy.

(*) This does not apply to data we are legally required to hold and process


Data Sharing Notification : 23rd November 2019

In line with our published policy, we hereby notify parents / guardians of the following addition / change / amendment to our data (privacy) statement :


The addition of :


Aspect Nature of Material Where It Appears Why We Have It Who It Can Be Accessed By Limitations
Annual School Photographs Taken By External Company Photographs of Pupils :




In Family Groups


Posts of Responsibility


Data Shared Will Include Name, Pupil Number etc.

Posts of Responsibility Are Around School On Display Boards


Information Is Shared With Contracted Company, Who Use It To Identify Pupils In Images Taken

To Identify Pupils With Specific Responsibilities


To Add Photographs To Pupil Records Held On Pupil Management System (SIM’s)


To Record A Child’s Time In School

Parents Are Provided With Photographs To Purchase (If Wanted)


Any Staff Member With Access To Our Pupil Management System (SIM’s)

Only Relevant Photographs Will Be Used In School


Only Relevant / Required Data Will Be Provided To External Company


GDPR Statement of Compliance Will Be Required From the Relevant company



Updated November 2019

Comments are closed