Forestdale Primary School

Life at Forestdale Primary School Life at Forestdale Primary School Life at Forestdale Primary School Life at Forestdale Primary School Life at Forestdale Primary School

Terms of Use

Forestdale Primary School  – Privacy Policy

Thank you for visiting our website (the Site). This Policy set outs the basis on which any personal data provided to us by you, or received by us from third parties, will be used by us.

Please read this Policy carefully and ensure that you understand our rights and responsibilities under it.

We are Forestdale Primary Schoo a Community School in the United Kingdom under number DFE 3062084, whose offices are at Pixton Way, Croydon CR0 9JE.  

We are the data controller of personal data provided to us and are registered as a data controller with the ICO under registration number Z6914386.

We have appointed a Data Protection Officer who is responsible for addressing data protection matters, including any questions you may have in relation to this Policy. You can contact our Data Protection Officer at


Full details are set out in the relevant sections of this Policy below, but in summary:


Importantly, this Policy does not apply to our staff, or to students, pupils or parents. We have provided or will provide information to those individuals separately to explain how we handle and use their personal information.

Our use of personal data

The section of our Policy describes:

Personal data we obtain from you 

If you correspond or communicate with us, whether through the Site, by email, by telephone or otherwise, then we may process personal data which is contained in the relevant communication (e.g. the contents of correspondence, or notes of the subject matter of telephone calls)  or which relates to the communication (e.g. your contact details or job title). All of this together is communications data. We process communications data for the purposes of communicating with you. If you have indicated your interest in our educational services or in our operations, then we may also process communications data for the purposes of addressing your enquiry and providing you with occasional news about our services (although you will be free to unsubscribe at any time).  Finally, we may use conversion tracking in relation to some of our email communications (such as newsletters and promotional emails) – this will record whether a recipient has opened an email sent by us, or whether they have clicked through to any of the links in it. 

If we deal with you or your organisation, for example as a supplier, customer, collaborator or commercial partner, then we may  process personal data such as your contact details for the purposes of setting up an account in our systems or otherwise administering our relationship with you. We may also process personal data within all related correspondence and documents such as proposals or contracts, whether created by us or provided to us. We call all of this account data, and we process it for the purposes of purchasing products and services and administering our dealings with others.

We may process personal data relating to transactions, such as bank account details, contact details or transaction data in relation to payments made by us to you or by you to us (transaction data). This may include your contact details, any bank account or sort code information provided for the purposes of making or receiving payment, and the transaction details (such as POs or invoices). We process transaction data for the purpose of making and receiving payments.  e.g. credit or debit card information being provided to ParentPay or another payment processing service provider.

We may process personal data relating to any visit you make to our premises, such as your vehicle registration number, contact details, role, the purpose of your visit or your movements around our site. We might also ask you to sign certain waivers or acknowledgements in order to access certain areas of our premises. We call all of this visitor data and we will process it for the purposes of ensuring your visit is properly recorded and is safe.

We have installed CCTV systems in some of our premises. We may process stills or footage which contain images of individuals (CCTV data). CCTV data may be processed by us for the purposes of security, safety and the prevention and detection of crime.

We may process technical data about your use of the Site, such as your browser type and version, operating system, time zone setting and location, referral source, length of visit, or navigation around the Site (for instance, which pages are viewed and how long for). This data is aggregated and anonymised in such a way that it contains no information relating to any identifiable individual at all : it’s not actually personal data but we mention it in this Policy for the sake of completeness.  We process technical data for the purpose of improving our Site.

Personal data we obtain from others

Your personal data may be provided to us by someone other than you: for example, by your employer, by an organisation with whom you and we are both dealing. Normally this data will  be communications data or account data as described above and will be processed by us for the purposes described above.

Our other processing

We may also process any of the data described above:

Our legal basis of processing

We will process personal data only on lawful bases. In particular, we will process personal data on the following lawful bases identified in Article 6 GDPR:

for the performance of a contract with you, or to take steps at your request prior to entering into a contract with you (Article 6(1)(b) GDPR). This may be our basis for processing communications data, account data, transaction data or visitor data;

for our legitimate interests (Article 6(1)(f) GDPR). This may be our basis for processing:

  1. i) correspondence, account and visitor data (as we have an interest in properly administering our business and communications, and in developing our relationships with interested parties);
  2. ii) transaction data (as we have an interest in making and receiving payments promptly and in recovering debts);
  1. iv) CCTV data (as we have an interest in the security of our premises);
  2. v) any personal data identified in this Policy in connection with backups of any element of our IT systems or databases containing that personal data (as we have an interest in ensuring the resilience of our IT systems and the integrity and recoverability of our data).

in performing our public functions (Article 6(1)(e). This may be our basis for processing any of the personal data identified above if we do so in connection with carrying out specific tasks in the public interest (for example, in our teaching or governance activities). If we process personal data in carrying out activities unrelated to our public functions then we do so on one of the bases set out above.

Disclosures of your personal data

We may disclose your personal data to our suppliers or contractors in connection with the uses described above. For example, we may disclose:

We do not allow our suppliers or contractors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions and applicable law.

We may disclose your personal data as necessary to comply with law (e.g. to Government or law enforcement).

We may disclose your personal data to our legal or professional advisors in order to take advice, but will do so under obligations of confidentiality.

If any part of our operations is sold to, transferred to, or integrated with, another organisation (or if we enter into negotiations for those purposes), your personal data may be disclosed to that organisation.

Transfers outside the EEA

Some of the third parties to whom we may transfer your personal data, discussed above, may be located outside the EEA or may transfer your personal data to their own service providers located outside the EEA. If so, then we will ensure that transfers by our appointed data processors will only be made lawfully (e.g. to countries in respect of which the European Commission has made an "adequacy decision”, or with appropriate safeguards such as the use of standard clauses approved by the European Commission or the use of the EU-US Privacy Shield . You may contact us if you would like further information about these safeguards.

Data security

We take appropriate technical and organisational security measures to prevent your personal data from being lost, used, accessed, altered or disclosed by accident or without authorisation. 

If we become aware of any personal data breach then we will notify you and the ICO as required by law.

Retention and deletion of your data

We will only process your personal data as long as is needed for the purposes for which we process it, and will be deleted afterwards. In particular:

We may retain your personal data longer where necessary to comply with law.

Your legal rights under GDPR

We have summarized below the rights that you have under data protection law. You can read guidance from the Information Commissioner’s Office at for more information. You have:

You may exercise any of your rights in relation to your personal data by written notice to us.

About cookies 

A cookie is a small file of letters and numbers stored on your browser or the hard drive of your computer, to distinguish you from other users of the Site.

We use cookies to collect technical data, and to ensure that our Site functions as intended. In particular, we use the following cookies:

You can change your browser settings to refuse and delete cookies. Further information is available at or at the support pages made available by your browser operator.

If you disable or refuse cookies, please note that some parts of the Site may not function.

Our details

                    You can contact us:

(a)             by post at Forestdale Primary School, Pixton Way, Croydon, CR0 9JE;

 (b)            by telephone at 020 8657 0924; or

(c)              by email at   

Third Parties and Security

The Site may contains links to third party websites or refer to third party service providers and other entities. If you follow a link to any third party website or deal with any third party entity referred to on the Site, then you should note that these third parties may have their own privacy and cookie policies, and that we are not responsible for their use of any personal data which you may provide to them. You should ensure that you have read and understood any relevant policies.

Although we do our best to ensure the security of personal data provided to us (and to use only reputable service providers), any transmission of data via the Internet is by its nature insecure and we cannot guarantee the security of any personal data you provide to us.

Changes to this Policy

                    We may notify you of material changes to this Policy using the contact details you have given us, and otherwise may update this Policy from time to time on our Site. You should check this Policy from time to time.

Last updated: October 2018.



This Privacy Policy is based on a template provided by Windich Legal Ltd (



Welcome to our website. If you continue to browse and use this website you are agreeing to comply with and be bound by the following terms and conditions of use.