GDPR policy – how your personal data is used and stored
Personal information that this website collects and why we collect it
This website collects and uses personal information for the following reasons:
Tracking site visits
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor.
For your information our website uses the analytics.js implementation of GA.
Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.
Contact forms and email links
Should you choose to contact us using the contact form on our contact us page or an email link, none of the data that you supply will be stored by this website or passed to / be processed by any third party data processor.
Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet.
The email content is then decrypted by our local computers and devices.
We retain emails on our local computers containing the information you provide us with on our contact forms or email links indefinately unless the removal of the data is resquested. Emails may also be kept on our mail servers online and accessed using web mail. Google mail using Google Apps is an example of this.
We do this in order to reply to your enquiry. We may also send you emails using this information for the purposes of ,marketing or keeping you informed of matters relating to you.
If you do not want us to keep any of your details on file locally or on our mail servers you can contact us and request this data to be removed. We will need to know which email address to remove data for. We will remove your data within 48 hours.
We do not exchange, sell, rent or give away your email address or any other details we hold about you to other companies.
Third party data processors
We use the following third parties to process personal data on our behalf. Any third parties we use have been carefully chosen . These third parties are based in the USA and are EU-U.S Privacy Shield compliant.
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
The data controller of this website is Ysgol Sant Elfod and Mr Gwynne Vaughan should be contacted at using our contact page here if you wish any / all of your data to be removed
All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS
Contact us to ask us anything else about our data protection systems.