Privacy Policy

Last updated: 7th January 2026

This Privacy Policy explains how Ysgol Sant Dunawd (“we”, “us”, “our”) collects, uses, and protects personal data when you use our website.

We are committed to safeguarding personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

School name: Ysgol Sant Dunawd
Our contact details can be found in the footer of this website.

Data Controller: Current Headteacher (or Acting Headteacher)

2. What Personal Data We Collect

a) Newsletter Subscriptions

When you subscribe to our newsletter, we collect:

  • Your email address

This data is collected solely for the purpose of sending school-related communications.

b) Website Usage Data

Our website may automatically collect limited technical information such as:

  • IP address (anonymised where possible)
  • Browser type and device information
  • Pages visited and time spent on the site

This data is used only for security, performance, and basic analytics.

c) Staff Accounts

Login accounts exist only for authorised staff. No students, parents, or members of the public have website login access.

3. How We Use Your Data

We use personal data to:

  • Send newsletters and school updates
  • Maintain website security and functionality
  • Respond to enquiries submitted via the website (if applicable)

We do not use personal data for advertising or profiling.

4. Newsletters

Our newsletter is managed using the MailPoet plugin on our website.

  • Subscriber data is stored locally on our website server
  • Emails are sent directly from our server
  • We do not use MailPoet’s external sending service
  • Subscriber data is not shared with MailPoet or third parties

You may unsubscribe at any time using the link included in every newsletter email.

5. Legal Basis for Processing

Under UK GDPR, our lawful bases for processing personal data are:

  • Consent – for newsletter subscriptions
  • Legitimate interests – for website security and operation
  • Legal obligation – where required by law

6. How We Store and Protect Your Data

We take appropriate technical and organisational measures to protect personal data, including:

  • Secure hosting
  • Access restrictions for staff
  • Regular software updates
  • Strong password policies

Personal data is retained only for as long as necessary for its intended purpose.

7. Sharing Your Data

We do not sell or rent personal data.

Data may be shared only:

  • Where required by law
  • With trusted service providers essential to website operation (e.g. hosting provider), under strict data protection agreements

8. Cookies

Our website may use essential cookies to ensure proper functionality.

Where non-essential cookies are used, appropriate consent mechanisms will be provided.

9. Your Rights

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request erasure of your data
  • Withdraw consent at any time
  • Object to or restrict processing

To exercise these rights, contact us using the details above.

10. Complaints

If you have concerns about how we handle your data, you may contact us directly.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

https://www.ico.org.uk

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be published on this page.