UK GDPR Compliance
St. Andrews Educational Institution, Shifnal is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR). This page explains how we comply with your rights under UK GDPR and the data we may process through our website.
Scope and Applicability
This compliance page applies to all visitors of our website, st-andrews-shifnal.co.uk. While we do not maintain a user registration system or store personal data in a database, we may collect limited information automatically through website analytics, server logs, and cookies for operational and security purposes. This data is processed solely in compliance with UK GDPR.
Your Rights Under UK GDPR
Under the UK GDPR, you have the following rights:
- Right of access – to request confirmation of whether we process your personal data and to receive a copy of it.
- Right to rectification – to correct inaccurate or incomplete personal data.
- Right to erasure – to request deletion of your personal data, where applicable.
- Right to restrict processing – to limit how we use your data under certain conditions.
- Right to data portability – to receive your data in a structured, commonly used format.
- Right to object – to object to processing based on legitimate interests, including profiling.
- Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection.
How We Comply
We do not collect or store personal data for marketing, profiling, or commercial purposes. Any data collected automatically (e.g., IP addresses, browser type, page views) is used solely for website functionality, security monitoring, and statistical analysis. We use anonymised analytics tools and do not link this data to identifiable individuals. Cookies used are strictly necessary or analytical and do not track users across sites.
Data We Process
Our website may automatically collect the following types of data:
- IP address (anonymised where possible)
- Browser type and version
- Operating system
- Pages visited and time spent on site
- Referral source
- Cookie identifiers (for functionality and analytics)
No names, email addresses, phone numbers, or other personally identifiable information are collected unless voluntarily submitted via our contact form.
Legal Basis for Processing
Our processing of website data is based on the following lawful grounds under UK GDPR:
- Legitimate interests – for website security, performance monitoring, and improving user experience.
- Contractual necessity – for processing data submitted through our contact form to respond to inquiries.
We do not rely on consent for analytics cookies that are strictly necessary for website operation.
How to Exercise Your Rights
To exercise any of your rights under UK GDPR, please contact us directly by email at [email protected]. Include your full name, the right you wish to exercise, and any relevant details (e.g., date of visit, IP address if known). We will respond without undue delay and within one month.
Response Timeframes
We are required by UK GDPR to respond to your requests within one month of receipt. In complex cases, this may be extended by two further months, and we will notify you if this occurs.
No Discrimination Policy
We will never deny services, charge different prices, or provide a lower quality of experience to anyone who exercises their rights under UK GDPR.
Updates and Changes
We may update this page periodically to reflect changes in law or our practices. The most recent version will always be available on this page, and the effective date will be clearly indicated.
Contact Information
If you have any questions about this compliance page or wish to exercise your rights under UK GDPR, please contact our data protection contact:
Aurora Winslow
100 Willis Street, Te Aro, Wellington 6011, New Zealand
[email protected]
Last updated: 2024-06-15
Write a comment