top of page

Privacy and Data Policy 

Prepped Academy


Data Protection Policy

 

Version: 1.0

Effective Date: September 2025

Review Date: September 2026

Approved By: George Bradley

This Data Protection Policy sets out how Prepped Academy manages personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and other applicable legislation. It applies to all employees, tutors, contractors, volunteers and anyone handling personal information on behalf of Prepped Academy.

1. Purpose

 

This policy explains how personal information must be collected, used, stored, shared and disposed of. It supports compliance with legal obligations and helps protect the privacy of students, parents, staff and partner organisations.

2. Scope

 

This policy applies to all personal data processed by Prepped Academy, whether held electronically, on paper or verbally. It covers information relating to students, parents, carers, schools, local authorities, staff, contractors and suppliers.

3. Data Protection Principles

 

Prepped Academy will ensure that personal data is:

• Processed lawfully, fairly and transparently.

• Collected for specified purposes only.

• Adequate, relevant and limited to what is necessary.

• Accurate and kept up to date.

• Retained only as long as necessary.

• Kept secure using appropriate technical and organisational measures.

• Managed in a way that demonstrates accountability.

 

4. Roles and Responsibilities

 

The organisation is responsible for ensuring compliance with UK GDPR.

Data Protection Lead: George Bradley

All staff, tutors and contractors must:

• Follow this policy.

• Protect confidential information.

• Report suspected data breaches immediately.

• Complete required training.

 

5. Lawful Basis for Processing

 

Personal data will only be processed where there is a lawful basis, including consent, contract, legal obligation, legitimate interests or another applicable lawful basis.

 

6. Special Category Data

 

Where necessary, Prepped Academy may process SEND information, medical information or safeguarding information. Additional safeguards will always be applied.

 

7. Children's Data

 

We recognise that children's personal data requires additional protection. Information will only be collected where necessary for educational provision, safeguarding or legal obligations.

 

8. Collecting Personal Information

 

Personal information may be obtained directly from parents, carers, students, schools, local authorities, referral agencies or through our website and secure forms.

 

9. Using Personal Information

 

Information may be used to:

• Deliver educational services.

• Communicate with parents and schools.

• Monitor attendance and progress.

• Meet safeguarding responsibilities.

• Comply with legal obligations.

• Improve our services.

 

10. Data Sharing

 

Personal information will only be shared where there is a lawful basis. This may include schools, local authorities, safeguarding agencies, professional advisers and trusted IT providers.

 

11. Information Security

 

Prepped Academy will:

• Restrict access to those with a business need.

• Use password-protected devices.

• Keep software up to date.

• Store paper records securely.

• Encrypt devices where possible.

 

12. Passwords and IT Security

 

Strong passwords, multi-factor authentication where available, secure networks and approved systems must be used. Passwords must never be shared.


 

13. Email and Electronic Communications

 

Personal data should only be sent using approved email systems. Sensitive information should be encrypted or password protected where appropriate. Staff must check recipients before sending emails.

 

14. Paper Records

 

Paper records containing personal information must be stored securely and shredded using confidential waste when no longer required.

 

15. Remote Working

 

Staff working remotely must ensure devices are secure, avoid public Wi-Fi unless protected, keep paperwork secure and report any loss immediately.

 

16. Data Retention

 

Records will be retained only for as long as necessary in accordance with legal, contractual and safeguarding requirements. A separate retention schedule should be maintained.

 

17. Individual Rights

 

Individuals have rights including access, rectification, erasure, restriction, objection and data portability where applicable. Requests should be forwarded promptly to the Data Protection Lead.

 

18. Subject Access Requests

 

Requests for access to personal data should be acknowledged promptly and managed in accordance with UK GDPR timescales.

 

19. Data Breaches

 

Any actual or suspected data breach must be reported immediately to the Data Protection Lead. Breaches will be investigated, documented and reported to the ICO where required.

 

20. Staff Training

 

All staff, tutors and contractors handling personal information should receive appropriate data protection and information security training.

 

21. Monitoring and Compliance

 

Compliance with this policy will be monitored periodically. Failure to comply may result in disciplinary action or termination of engagement.

 

22. Policy Review

 

This policy will be reviewed annually or sooner where legislation, guidance or organisational changes require.



 

23. Complaints

 

Prepped Academy is committed to handling personal information responsibly and in accordance with UK data protection legislation.

If you have any concerns about how we have collected, used or protected your personal information, please contact us in the first instance so that we have the opportunity to investigate and resolve your concerns..

 

24. Contact Details

Email: hello@preppedacademy.co.uk

Data Protection Lead: George Bradley, Managing Director

If you remain dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent authority for data protection.

Further information about making a complaint can be found on the ICO website: https://ico.org.uk/make-a-complaint/


 

Document Control

 

Policy Owner: George Bradley


Approved By: George Bradley


Version: 1.0


Effective Date: September 2025

Review Date: September 2026

bottom of page