The General Data Protection Regulation (GDPR) is a piece of legislation that determines how people's personal data is processed and kept safe, and the legal rights individuals have in relation to their own data.

For the purposes of GDPR The Elliot Foundation Multi Academy Trust is the 'data controller'. The Data Protection Officer for the trust is Jem Shuttleworth who can be contacted on

Each of our academies is a 'data processor' with a named Local Compliance Officer and their details can be found on each academy website.

Across the trust we work to identify and monitor the use of personal data, to undertake the necessary processes for auditing and assessing risk and to ensure that policies are in place to support our schools to sustain compliance.

GDPR & IT Policies

Puzzle piece

Data Protection Policy

This policy regulates the way in which The Elliot Foundation Academies Trust obtains, uses, holds, transfers and otherwise processes personal data about individuals and ensures all of its employees know the rules for protecting personal data.

Puzzle piece

ScholarPack Privacy Statement

ScholarPack is a secure cloud-based management information system (MIS) that stores and processes data for all of our schools. This Privacy Statement underpins the policies, promises and contracts that are in place relating to the education data that ScholarPack process.

Puzzle piece

RM Privacy Statement

RM is committed to protecting and respecting the privacy of individuals. This Privacy Policy outlines how RM collects, stores and uses personal information obtained from our schools.

Puzzle piece

Heales Privacy Statement

Heales has reviewed internal processes and procedures to ensure they meet GDPR regulations. All internal policies/procedures comply with minor changes implemented in respect of the Occupational Health data we process on behalf of clients. This Privacy Notice outlines their position.

Puzzle piece

Google Cloud Data Processing and Security Terms

Our data processing agreements for G Suite and Google Cloud Platform clearly articulate our privacy commitments to customers. We have evolved these terms over the years based on feedback from our customers and regulators. More recently, we have specifically updated these terms to reflect GDPR and to facilitate our customers’ compliance assessment and GDPR readiness when using Google Cloud services.

Puzzle piece

The Key Privacy Statement

The Key is committed to protecting your personal information when you are using The Key services. We want our services to be safe and useful environments for our audience. This Privacy Statement applies to information held about you and individuals connected to your school by The Key as data controllers and processors.

Puzzle piece

EPM Customer Data Privacy Notice

EPM Limited holds personal data on its Customers, and their staff, to provide its services. This Customer Data Privacy Notice details the personal data EPM may retain, process and share with third parties relating to your organisation and its staff. EPM is committed to ensuring that your information is secure, accurate and relevant.

Puzzle piece

IT and Internet Acceptable Use Policy

Today’s schools cannot function without the internet, mobile devices and computers. But ubiquitous technology brings significant additional risks. The purpose of this policy is to keep all children and staff safe in the simplest terms possible.