Privacy Notice – Trustees, Members & Governors

Updated:  18th May 2021

Under the data data protection law (the General Data Protection Regulation), individuals have a right to be informed about how the Trust uses any personal data that we hold about them. We comply with this right by providing ‘privacy notices’ (sometimes called ‘fair processing notices’) to individuals where we are processing their personal data.

This privacy notice explains how we collect, store and use personal data about our Trustees, Members and Governors.

We, John Taylor Multi Academy Trust, are the ‘data controller’ for the purposes of data protection law.

You can contact our data protection officer (DPO) here.

The personal data we hold

Personal data that we may collect, use, store and share (when appropriate) about students includes, but is not restricted to:

We collect many different categories of information, for example:

  • Personal details
  • Contact details
  • Professional details
  • Relevant business and pecuniary interests details
  • Role application details
  • Selection records
  • References
  • Identity verification records
  • Meeting attendance records
  • Records of communications
  • Records of visits to academies
  • Photographs of you or images on CCTV
  • Information to identify you in the Trust and its academies
  • Records of work you do in conjunction with our staff or students
  • Notes of meetings you may have attended
  • A biography/profile that may be published on our websites

We also are required to collect and use information that is given additional protection under the GDPR, for example;

  • Demographic information required for monitoring equal opportunities

We may also hold data that we have received from other organisations, including other schools or academies, local authorities and the Department for Education.

Why we use this data

We use this data to:

  • To enable you to work with us
  • To maintain a safe environment for our pupils
  • To enable you to take part in appropriate training and professional development
  • To meet the statutory duties placed upon us
  • To ensure your health and safety
  • To keep you up to date with news about the Trust and its academies

Our legal basis for using this data

Depending on the purpose, our use of your information will be legal due to one of the following:

  • To meet the terms of a contract
    For example:Recording your personal and contact details
  • To meet a legal requirement [Article 6(1)(c)]
    For example: Providing information to DfE
  • To protect the vital interests of you or someone else [Article 6(1)(d)]
    For example: Giving your contact details to emergency services
  • Delivering a public task [Article 6(1)(b)]
    For example: Keeping records of your meetings with governors

Academy trusts, under the Academies Financial Handbook have a legal duty to provide the governance information as detailed above.

Where we use special category personal data we process this under the following exemptions from Section 9 of GDPR:

  • Information used in the field of employment [Article 9(2)(b)]
    For example: Using information about ethnic origin for equality monitoring purposes

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

We may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Collecting this information

While the majority of information we collect about you is mandatory, there is some information that can be provided voluntarily.

Whenever we seek to collect information from you, we make it clear whether providing it is mandatory or optional. If it is mandatory, we will explain the possible consequences of not complying and our legal basis for doing so.

How we store this data

We keep personal information about students while they are attending academies within our trust . We may also keep it beyond their attendance at our trust if this is necessary in order to comply with our legal obligations. Our Records Management Policy sets out how long we keep information about students.

Data sharing

We do not share information about Trustees, Members or Governors with any third party without consent unless the law and our policies or internal procedures allow us to do so.

We routinely share this information with:

  • our schools via the governance platform
  • our local authority (where applicable)
  • the Department for Education (DfE)

Transferring data internationally

Where we transfer personal data to a country or territory outside the European Economic Area, we will do so in accordance with data protection law.

Department for Education

The Department for Education (DfE) collects personal data from educational settings and local authorities. We are required to share information about individuals in governance roles with the Department for Education (DfE). We are required to share information about individuals in governance roles with the (DfE) under the requirements set out in the Academies Financial Handbook

All data is entered manually on the GIAS system and held by DfE under a combination of software and hardware controls which meet the current government security policy framework.

For more information, please see ‘How Government uses your data’ section.

Rights regarding personal data

Individuals have a right to make a ‘subject access request’ to gain access to personal information that the Trust holds about them.

If you make a subject access request, and if we do hold information about you, we will:

  • Give you a description of it
  • Tell you why we are holding and processing it, and how long we will keep it for
  • Explain where we got it from
  • Tell you who it has been, or will be, shared with
  • Let you know whether any automated decision-making is being applied to the data, and any consequences of this
  • Give you a copy of the information in an intelligible form

Individuals also have the right for their personal information to be transmitted electronically to another organisation in certain circumstances.

If you would like to make a request click here to find all the information you require.

Other rights

Under data protection law, individuals have certain rights regarding how their personal data is used and kept safe, including the right to:

  • Object to the use of personal data if it would cause, or is causing, damage or distress
  • Prevent it being used to send direct marketing
  • Object to decisions being taken by automated means (by a computer or machine, without any human intervention)
  • In certain circumstances, have inaccurate personal data corrected, deleted or destroyed, or restrict processing

To exercise any of these rights, please contact our data protection officer.


If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance. To make a complaint, please follow our complaints procedure.

Contact us

If you have any questions, concerns or would like more information about anything mentioned in this privacy notice, please contact our data protection officer.

How Government uses your data

The governance data that we lawfully share with the DfE via GIAS:

  • will increase the transparency of governance arrangements
  • will enable maintained schools and academy trusts and the department to identify more quickly and accurately individuals who are involved in governance and who govern in more than one context
  • allows the department to be able to uniquely identify an individual and in a small number of cases conduct checks to confirm their suitability for this important and influential role

Data collection requirements

To find out more about the requirements placed on us by the Department for Education including the data that we share with them, go to

Note: Some of these personal data items are not publically available and are encrypted within the GIAS system. Access is restricted to a small number of DfE staff who need to see it in order to fulfil their official duties. The information is for internal purposes only and not shared beyond the department, unless the law allows it.

How to find out what personal information DfE hold about you

Under the terms of the Data Protection Act 2018, you’re entitled to ask the Department:

  • if they are processing your personal data
  • for a description of the data they hold about you
  • the reasons they’re holding it and any recipient it may be disclosed to
  • for a copy of your personal data and any details of its source

If you want to see the personal data held about you by the Department, you should make a ‘subject access request’.  Further information on how to do this can be found within the Department’s personal information charter that is published at the address below:

To contact DfE: