GDPR Policy

At BJS Nursery and Primary School, we are committed to protecting the privacy and personal data of our students, parents, employees, and other individuals associated with our school. We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Collection and Purpose: a. We collect and process personal data for specific and legitimate purposes, such as educational administration, communication, and providing quality educational services. b. The types of personal data we collect may include but are not limited to names, contact details, academic records, health information, and other relevant information required for educational purposes.
2. Lawful Basis for Processing: a. We ensure that the processing of personal data is based on a lawful basis as defined by the GDPR, such as the necessity of processing for the performance of a contract, compliance with legal obligations, protection of vital interests, consent, or legitimate interests pursued by the school. b. Where applicable, we obtain consent from individuals before processing their personal data.
3. Data Security and Confidentiality: a. We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, alteration, or disclosure. b. Access to personal data is restricted to authorized personnel who need the information to fulfill their duties, and they are bound by confidentiality obligations.
4. Data Retention: a. We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. b. Upon expiration of the applicable retention period, we securely delete or anonymize personal data.
5. Data Sharing and Third-Party Processors: a. We may share personal data with third parties such as educational partners, service providers, or government authorities when necessary to fulfill our educational and legal obligations. b. We ensure that any third parties with whom we share personal data have appropriate safeguards in place to protect the data.
6. Individual Rights: a. Individuals have certain rights regarding their personal data under the GDPR, including the right to access, rectify, erase, restrict processing, object to processing, and data portability. b. Individuals can exercise their rights by contacting us using the contact information provided in this GDPR statement.
7. Data Transfers: a. If personal data is transferred to countries outside the European Economic Area (EEA), we ensure that adequate safeguards are in place, such as the use of standard contractual clauses or relying on the recipient’s Privacy Shield certification (where applicable).
8. Data Breach Notification: In the event of a data breach that poses a risk to individuals’ rights and freedoms, we will promptly notify the affected individuals and the relevant supervisory authorities in accordance with our legal obligations.
9. Updates to the GDPR Statement: We may update this GDPR Statement from time to time to reflect changes in our data practices or legal requirements. Individuals are encouraged to review this statement periodically for any updates.

If you have any questions or concerns regarding our data practices or this GDPR Statement, please contact us using the contact information provided on our website.

Effective Date: [October 6, 2022]