The General Data Protection Regulation (GDPR) is a piece of legislation that determines how people's personal data is processed and kept safe, and the legal rights individuals have in relation to their own data.

For the purposes of GDPR The Elliot Foundation Multi Academy Trust is the 'data controller'. The Data Protection Officer for the trust is Jem Shuttleworth who can be contacted on

Each of our academies is a 'data processor' with a named Local Compliance Officer and their details can be found on each academy website.

Across the trust we work to identify and monitor the use of personal data, to undertake the necessary processes for auditing and assessing risk and to ensure that policies are in place to support our schools to sustain compliance.

GDPR & IT Policies

Puzzle piece

Data Protection Policy

This policy regulates the way in which The Elliot Foundation Academies Trust obtains, uses, holds, transfers and otherwise processes personal data about individuals and ensures all of its employees know the rules for protecting personal data.

Puzzle piece

IT and Internet Acceptable Use Policy 2024

Today’s schools cannot function without the internet, mobile devices and computers. But ubiquitous technology brings significant additional risks. The purpose of this policy is to keep all children and staff safe in the simplest terms possible.

Puzzle piece

Privacy and Cookie Policy 2022

The Trust is committed to protecting and preserving the privacy of visitors when using our websites or communicating electronically with us. This policy covers the use of personally identifiable information that is collected in this way.

Puzzle piece

Flick Learning Privacy Notice

This Privacy Notice tells you what to expect when Flick Learning Limited collects personal information.

Puzzle piece

Google Cloud Data Processing and Security Terms

Our data processing agreements for G Suite and Google Cloud Platform clearly articulate our privacy commitments to customers. We have evolved these terms over the years based on feedback from our customers and regulators. More recently, we have specifically updated these terms to reflect GDPR and to facilitate our customers’ compliance assessment and GDPR readiness when using Google Cloud services.

Puzzle piece

Heales Privacy Statement

Heales has reviewed internal processes and procedures to ensure they meet GDPR regulations. All internal policies/procedures comply with minor changes implemented in respect of the Occupational Health data we process on behalf of clients. This Privacy Notice outlines their position.

Puzzle piece

Hodder and Stoughton Limited Privacy Notice

This Privacy Notice sets out the ways in which HODDER & STOUGHTON LIMITED, (on behalf of its business division HODDER EDUCATION GROUP) collect, use and share your personal data (your information) in connection with our publishing business. It also explains what rights you have to access or change your personal data.

Puzzle piece

No More Marking GDPR Statement

Privacy and security are at the heart of everything we do at No More Marking. This statement explains the key measures we have put in place to ensure that a school’s data is kept secure and processed appropriately at all times.

Puzzle piece

RM Privacy Statement

RM is committed to protecting and respecting the privacy of individuals. This Privacy Policy outlines how RM collects, stores and uses personal information obtained from our schools.

Puzzle piece

ScholarPack Privacy Statement

ScholarPack is a secure cloud-based management information system (MIS) that stores and processes data for all of our schools. This Privacy Statement underpins the policies, promises and contracts that are in place relating to the education data that ScholarPack process.

Puzzle piece

Smoothwall Monitor Privacy Policy

Smoothwall acts as a processor in providing its services to Customers. We are committed to protecting and respecting privacy and complying with the principles of the GDPR.

Puzzle piece

The Safeguarding Company Privacy Policy

This Privacy Policy relates to the websites available at and the MyConcern companion app.

Puzzle piece

Valentine Occupational Health Limited Privacy Statement

Valentine Occupational Health Limited as both the Data Controller and Data Processor is committed to protecting the rights of the individual and acknowledge that any personal data of yours that we handle will be processed in accordance with the Data Protection Act 2018 (DPA) and the new General Data Protection Regulations (GDPR) 2018. In addition, our registered health professionals will adhere to their professional standards with regards to confidentiality.