Privacy Notice – Trustees, Members & Governors

Updated:  1st June 2020

Under the data data protection law (the General Data Protection Regulation), individuals have a right to be informed about how the Trust uses any personal data that we hold about them. We comply with this right by providing ‘privacy notices’ (sometimes called ‘fair processing notices’) to individuals where we are processing their personal data.

This privacy notice explains how we collect, store and use personal data about our Trustees, Members and Governors.

We, John Taylor Multi Academy Trust, are the ‘data controller’ for the purposes of data protection law.

You can contact our data protection officer (DPO) here.

The personal data we hold

Personal data that we may collect, use, store and share (when appropriate) about students includes, but is not restricted to:

We collect many different categories of information, for example:

  • Personal details
  • Contact details
  • Professional details
  • Relevant business and pecuniary interests details
  • Role application details
  • Selection records
  • References
  • Identity verification records
  • Meeting attendance records
  • Records of communications
  • Records of visits to academies
  • Photographs of you or images on CCTV
  • Information to identify you in the Trust and its academies
  • Records of work you do in conjunction with our staff or students
  • Notes of meetings you may have attended
  • A biography/profile that may be published on our websites

We also are required to collect and use information that is given additional protection under the GDPR, for example;

  • Demographic information required for monitoring equal opportunities

We may also hold data that we have received from other organisations, including other schools or academies, local authorities and the Department for Education.

Why we use this data

We use this data to:

To enable you to work with us

  • To maintain a safe environment for our pupils
  • To enable you to take part in appropriate training and professional development
  • To comply with our legal obligations to share information
  • To ensure your health and safety
  • To keep you up to date with news about the Trust and its academies

Our legal basis for using this data

Depending on the purpose, our use of your information will be legal due to one of the following:

  • To meet the terms of a contract
    For example:Recording your personal and contact details
  • To meet a legal requirement [Article 6(1)(c)]
    For example: Providing information to DfE
  • To protect the vital interests of you or someone else [Article 6(1)(d)]
    For example: Giving your contact details to emergency services
  • Delivering a public task [Article 6(1)(b)]
    For example: Keeping records of your meetings with governors

Academy trusts, under the Academies Financial Handbook have a legal duty to provide the governance information as detailed above.

Where we use special category personal data we process this under the following exemptions from Section 9 of GDPR:

  • Information used in the field of employment [Article 9(2)(b)]
    For example: Using information about ethnic origin for equality monitoring purposes

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

We may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Collecting this information

While the majority of information we collect about students is mandatory, there is some information that can be provided voluntarily.

Whenever we seek to collect information from you, we make it clear whether providing it is mandatory or optional. If it is mandatory, we will explain the possible consequences of not complying.

How we store this data

We keep personal information about students while they are attending academies within our trust . We may also keep it beyond their attendance at our trust if this is necessary in order to comply with our legal obligations. Our Records Management Policy sets out how long we keep information about students.

Data sharing

We do not share information about Trustees, Members or Governors with any third party without consent unless the law and our policies or internal procedures allow us to do so.

We routinely share this information with:

  • our schools via the governance platform
  • our local authority (where applicable)
  • the Department for Education (DfE)

Transferring data internationally

Where we transfer personal data to a country or territory outside the European Economic Area, we will do so in accordance with data protection law.

Rights regarding personal data

Individuals have a right to make a ‘subject access request’ to gain access to personal information that the Trust holds about them.

If you make a subject access request, and if we do hold information about you, we will:

  • Give you a description of it
  • Tell you why we are holding and processing it, and how long we will keep it for
  • Explain where we got it from
  • Tell you who it has been, or will be, shared with
  • Let you know whether any automated decision-making is being applied to the data, and any consequences of this
  • Give you a copy of the information in an intelligible form

Individuals also have the right for their personal information to be transmitted electronically to another organisation in certain circumstances.

If you would like to make a request click here to find all the information you require.

Other rights

Under data protection law, individuals have certain rights regarding how their personal data is used and kept safe, including the right to:

  • Object to the use of personal data if it would cause, or is causing, damage or distress
  • Prevent it being used to send direct marketing
  • Object to decisions being taken by automated means (by a computer or machine, without any human intervention)
  • In certain circumstances, have inaccurate personal data corrected, deleted or destroyed, or restrict processing

To exercise any of these rights, please contact our data protection officer.


If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance. To make a complaint, please follow our complaints procedure.

Contact us

If you have any questions, concerns or would like more information about anything mentioned in this privacy notice, please contact our data protection officer.