Turning Point Leeds Data Protection Policy
1. Introduction
1.1. At Turning Point Leeds (TPL), we are committed to protecting the privacy and security of personal data belonging to pupils, staff members, parents/carers, and other individuals associated with the TPL. This Data Protection Policy outlines our approach to data protection, including the collection, storage, processing, and sharing of personal data, in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).
2. Scope
2.1. This policy applies to all personal data processed by TPL, regardless of the format or medium in which it is stored, including electronic and paper-based records.
2.2. This policy applies to all staff members, volunteers, contractors, and other individuals who handle personal data on behalf of TPL.
3. Principles of data protection
3.1. Lawfulness, fairness, and transparency: We will process personal data lawfully, fairly, and transparently, ensuring that individuals are informed about the purposes of processing and their rights regarding their personal data.
3.2. Purpose limitation: We will only collect and process personal data for specified, explicit, and legitimate purposes, and we will not process personal data in a manner incompatible with those purposes.
3.3. Data minimisation: We will only collect and process personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
3.4. Accuracy: We will take reasonable steps to ensure that personal data is accurate, up-to-date, and relevant, and we will rectify or erase inaccurate or incomplete data without delay.
3.5. Storage Limitation: We will not keep personal data for longer than is necessary for the purposes for which it is processed, and we will implement appropriate retention periods for different categories of personal data.
3.6. Security: We will implement appropriate technical and organisational measures to ensure the security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction, or damage.
3.7. Accountability: We will be able to demonstrate compliance with data protection laws and principles, including maintaining records of processing activities, conducting data protection impact assessments where necessary, and appointing a Data Protection Officer (DPO) where required.
4. Data collection and processing
4.1. TPL will only collect and process personal data for specified purposes, such as admissions, educational administration, safeguarding, health and safety, and communication with parents/carers.
4.2. Personal data collected by TPL may include, but is not limited to, names, addresses, contact details, academic records, attendance records, medical information, and special educational needs information.
4.3. Personal data will be collected directly from the data subjects, and consent will be obtained where required. Data subjects will be informed about the purposes of processing and their rights regarding their personal data.
5. Data sharing and transfers
5.1. TPL may share personal data with third parties, such as educational authorities, government agencies, external service providers, and other organisations, where necessary for the purposes for which the data was collected. Only after consent from the host school.
6. Data subject rights
6.1. Data subjects have the right to access their personal data held by TPL, request rectification of inaccurate or incomplete data, request erasure of personal data, object to processing, and request restriction of processing where applicable.
6.2. Data subjects also have the right to withdraw consent to the processing of their personal data where consent is the legal basis for processing, without affecting the lawfulness of processing based on consent before its withdrawal.
7. Data breach management
7.1. TPL will implement procedures for detecting, reporting, and responding to data breaches, including notifying the relevant supervisory authority and affected data subjects where required by applicable data protection laws.
​
8. Review and compliance
8.1. This Data Protection Policy will be reviewed regularly to ensure its effectiveness, compliance with applicable data protection laws, and alignment with best practices in data protection.
8.2. All staff members and individuals involved in the processing of personal data at TPL will receive appropriate training on data protection principles, policies, and procedures.
9. Conclusion
The Data Protection Policy at TPL reflects our commitment to protecting the privacy and security of personal data and ensuring compliance with applicable data protection laws. By adhering to the principles and procedures outlined in this policy, we aim to maintain the trust and confidence of our pupils, staff, parents/carers, and other stakeholders in our handling of personal data.
​
Written: August 2024
Next review: August 2025
Ryan Bradshaw: Headteacher