Special Educational Needs Teaching Assessment and Advice
SENTAA Ltd Data Protection Policy
SENTAA Ltd collects and uses personal information about pupils that are referred to SENTAA Ltd by schools with the permission of parents/carers.
This information is gathered in order to enable it to provide teaching, assessment and advice to ensure the child makes the best possible progress.
This policy aims to ensure that personal information is dealt with correctly and securely and in accordance with the General Data Protection Regulations 2018, Data Protection Act 1998, and other related legislation. It will apply to information regardless of the way it is collected, used, recorded, stored and destroyed, and irrespective of whether it is held in paper files or electronically.
Responsibility for Data Protection
Organisations that handle personal information have a duty to be registered, as Data Controllers, with the Information Commissioner’s Office (ICO) detailing the information held and its use. These details are then available on the ICO’s website. SENTAA Ltd is registered with the ICO – registration number ZA247976.
Julie Showell, Company Director, is the named data processor who will endeavour to ensure that all personal data is processed in compliance with this Policy and the Data Protection Act.
She will ensure both directors and any staff employed by SENTAA are aware of and understand our policies and procedures in accordance with this Policy and the Act.
Principles of Data Protection
The General Data Protection Regulations is underpinned by key principles that must be adhered to at all times by SENTAA Ltd staff:
- Personal data shall be processed lawfully, fairly and transparently;
- Personal data shall be collected for specified, explicit and legitimate purposes;
- Personal data shall be adequate, relevant and necessary;
- Personal data shall be accurate and kept up to date as is reasonably possible;
- Personal data processed for any purpose shall not be kept for longer than is necessary for that purpose or those purposes;
- Personal data shall be kept secure i.e. protected by an appropriate degree of security.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of data protection.
Rights of access to personal data “Subject access requests”
Individuals have the right under the GDPR to request a copy of all the information that is held about them and to correct or remove information they think is inaccurate. Individuals also have the right to ask SENTAA to delete the records that we hold. They may also complain about the way that we process personal data. Any individual wishing to access their personal data should put their request in writing to the DPO at email@example.com
SENTAA will endeavour to respond to any such written requests (known as “subject access requests”) as soon as is reasonably practicable and in any event within statutory time-limits.
Data Accuracy and Security
SENTAA will endeavour to check the quality and the accuracy of the information it holds. It will also ensure that information is not retained for longer than is necessary.
SENTAA will take appropriate technical and organisational steps to ensure the security of personal data about individuals. These steps include:
- Appropriate encryption of all devices.
- Use of Egress email encryption software to transfer reports to schools.
- Appropriate encryption of information at rest and whilst being communicated
- Providing appropriate secure storage including locked filing cabinets when not in use and only accessed by authorised staff
- Disposal of paper records securely
Queries and complaints
Any comments or queries on this policy should be directed to the Company Directors.
If an individual believes that the company has not complied with this policy or acted otherwise than in accordance with the Act they should contact the Company Directors in writing at firstname.lastname@example.org
Further advice and information is available from the Information Commissioner’s Office, www.ico.gov.uk or telephone 0303 123 1113
Policy updated April 2020