General Data Protection Regulation (GDPR)

The Harmony Trust is committed to protecting and managing the data we hold. 

Our Data Protection Promise

In May 2018 the European Union introduced the General Data Protection Regulation (the GDPR) in all of it’s member states, followed by the UK Government’s Data Protection Act (2018). These acts of law mean that as an organisation that processes and manages large amounts of personal data (such as names, dates of birth, addresses, test results, medical information etc) we have a legal duty to manage it with great care. As a Trust we can assure you that we have carefully designed processes and systems to safeguard your child’s data during their time with us. Our staff regularly undergo data management training and we are regularly reviewed and supported by our Data Protection Officer (DPO).

Our Data Protection Officer is Colin Bellis.

He can be contacted at :


T : 01704 320510

A : Illuminate Learning Ltd, 93 Lexton Drive, Southport, Merseyside, PR9 8QN.

The GDPR establishes certain rights in relation to those whose data we hold. As a Trust, these rights are applicable to those holding parental responsibility for any child who attends one of our academies. Two of the main rights are the right to (a) request a review of any data we hold on your child – a Subject Access Request - and (b) the right to have any incorrect data put ‘right’ – a Data Amendment Request. If you would like to request either of these to be undertaken, please download the relevant form below OR collect one from the school office. Once completed, you can either hand it back into the school office or send it directly to Illuminate Learning ltd. The DPO can offer help and guidance on these requests.

As the GDPR places on us a significant set of requirements, giving the full detail here is not possible. However, copies of the policies and documents we work with can be downloaded by following the links below. Here you can find a full explanation of the GDPR and how it applies to us as a school. You can also download relevant forms and guidance.


Our Data Protection Updates

When parents register their child for one of our academies, we provide them with a Data Protection Statement and Acknowledgement. This outlines all the data we process, the reason why we have it, how long we keep it for and what happens to it when we’ve finished with it.


However, as time goes by there are occasions when we need to notify parents of additional processing ‘events’. We have undertaken to publish these changes here (below), rather than to go back and get every parent / guardian to sign the agreement again.


Please remember that those with parental responsibility have the right to stop our processing of data at any time (*), so if you have any questions about these additional data notifications then please do not hesitate to contact either our DPO or your child’s academy.

(*) This does not apply to data we are legally required to hold and process

Data Sharing Notification : 23rd October 2018


In line with our published policy, we hereby notify parents / guardians of the following addition / change / amendment to our data (privacy) statement :


The addition of :


Nature of Material  Where It Appears Why We Have It Who It Can Be Accessed By Limitations
Annual School Photographs Taken By External Company

Photographs of Pupils :




In Family Groups


Posts of Responsibility


Data Shared Will Include Name, Pupil Number etc.

Posts of Responsibility Are Around School On Display Boards


Information Is Shared With Contracted Company, Who Use It To Identify Pupils In Images Taken 

To Identify Pupils With Specific Responsibilities


To Add Photographs To Pupil Records Held On Pupil Management System (SIM’s)


To Record A Child’s Time In School


Parents Are Provided With Photographs To Purchase (If Wanted)


Any Staff Member With Access To Our Pupil Management System (SIM’s)



Only Relevant Photographs Will Be Used In School


Only Relevant / Required Data Will Be Provided To External Company


GDPR Statement of Compliance Will Be Required From the Relevant company




Data Sharing Notification : 1st April 2020


In line with our published policy, we hereby notify parents / guardians of the following addition / change / amendment to our data (privacy) statement :


The addition of :



Nature of Material

Where It Appears

Why We Have It

Who It Can Be Accessed By


Contact Details for the Provision of National Meal Vouchers for Children In Receipt of Free School Meals

Pupil Names

FSM Status

E-mail Addresses

Provided To Edenred – Company Appointed By DfE To provide Vouchers During Corona Virus Pandemic

Currently Provided To Us As part of the Parent Pay Registration OR School Admission Data

Only By Edenred / DfE

Will Be Disposed Of In Accordance With UK Govt Directives (TBC)


 Our Annual Data Statement

Whilst we are not legally required to provide this information, we believe that we should be as open and as transparent as possible when it comes to managing your data. So, below you will find the Annual Data Statement for the Trust’s academies.


Updated 20th May 2019

Files to Download