Parents & Pupils - General Data Protection Regulations (GDPR)

The law is changing and the General Data Protection Regulations (GDPR) came into effect on 25th May 2018.  It will bring higher standards for handling data and greater expectations for improved transparency, enhanced data security and increased accountability for processing personal data.

TMS Data Protection Policy and Privacy Notice 

This policy sets out how TMS deals with personal information correctly and securely and in accordance with the General Data Protection Regulation, and other related legislation.



TMS aims to ensure that all data collected about staff, pupils, parents is collected, stored and processed in accordance with the Data Protection Act 1998. This policy applies to all data, regardless of whether it is in paper or electronic format.

Data protection principles


The GDPR establishes six principles as well as a number of additional duties that must be adhered to at all times:

1. Personal data shall be processed lawfully, fairly and in a transparent manner

2. Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (subject to exceptions for specific archiving purposes)

3. Personal data shall be adequate, relevant and limited to what is necessary to the purposes for which they are processed and not excessive;

4. Personal data shall be accurate and where necessary, kept up to date;

5. Personal data shall be kept in a form that permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;

6. Personal data shall be processed in a manner that ensures appropriate security of the personal

Personal data shall not be transferred to a country or territory outside the European Economic Area unless the country or territory ensures an adequate level of protection for the rights and freedoms of data in relation to the processing of personal data 

Privacy notices 

Why do we collect and use personal information?


We collect and use personal information:

• to support pupil learning

• to monitor and report on pupil progress

• to provide appropriate pastoral care

• to assess the quality of our services and how well TMS is doing

• statistical forecasting and planning

• to comply with the law regarding data sharing


The categories of personal information that we collect, hold and share include:

  • Personal information (such as name, date of birth and address)

  • Characteristics (such as ethnicity, language)

  • Attendance information (such as sessions attended, number of absences and absence reasons) and exclusions

  • Assessment information

  • Modes of travel

  • Relevant medical, special educational needs and behavioural information


The General Data Protection Regulation allows us to collect and use pupil information with consent of the data subject, where we are complying with a legal requirement, where processing is necessary to protect the vital interests of a data subject or another person and where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Why we share pupil information


We do not share personal information with anyone without consent unless the law and our policies allow us to do so.

Storage of records


Paper-based records and portable electronic devices, such as laptops and hard drives, that contain personal information are kept secure when not in use

Papers containing confidential personal information should not be left on office and classroom desks, on staffroom tables or pinned to noticeboards where there is general access

Passwords that are at least 8 characters long containing letters and numbers are used to access scomputers, laptops and other electronic devices.

Staff and pupils are reminded to change their passwords at regular intervals

Software is used to protect all portable devices and removable media, such as laptops and USB devices Staff, pupils or governors who store personal information on their personal devices are expected to follow the same security procedures for TMS-owned equipment

The General Data Protection Regulation

We acknowledge that the law is changing on the rights of data subjects and that the General Data Protection Regulation is due to come into force in May 2018. We will review working practices when this new legislation takes effect and provide training to members of staff where appropriate.

Contact Details

All payments, payment queries and administration correspondence/queries should be directed to:

Advanced Education Ltd T/A The Maths Society ("TMS")

Telephone: 020 7183 4783 (Monday to Saturday 9.30am to 5.30pm)


ICO Registration number: ZA480983