top of page

​General Data Protection Regulations (GDPR) came into effect on 25th May 2018.  It means higher standards for handling data and greater expectations for improved transparency, enhanced data security and increased accountability for processing personal data.

TMS Data Protection Policy and Privacy Notice 

This policy sets out how TMS deals with personal information correctly and securely and in accordance with the General Data Protection Regulation, and other related legislation.



TMS aims to ensure that all data collected about staff, pupils, parents is collected, stored and processed in accordance with the Data Protection Act 1998. This policy applies to all data, regardless of whether it is in paper or electronic format.

Data protection principles


The GDPR establishes six principles as well as a number of additional duties that must be adhered to at all times:

1. Personal data shall be processed lawfully, fairly and in a transparent manner

2. Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (subject to exceptions for specific archiving purposes)

3. Personal data shall be adequate, relevant and limited to what is necessary to the purposes for which they are processed and not excessive;

4. Personal data shall be accurate and where necessary, kept up to date;

5. Personal data shall be kept in a form that permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;

6. Personal data shall be processed in a manner that ensures appropriate security of the personal

Personal data shall not be transferred to a country or territory outside the European Economic Area unless the country or territory ensures an adequate level of protection for the rights and freedoms of data in relation to the processing of personal data 

Privacy notice


Who we are


We’re TMS Youth and Arts, a charity on a mission to improve the lives of young people by challenging them to become the best they can be. In order to make our work happen, we work with and collect personal data about young people, youth workers, parents, and all those who make what we do possible.


We’d like to tell you about what we do which will help you understand why we collect your data, how we use it, what we do to keep it safe and your rights about how we process your data. If you have any further information about it, please contact us at s s c @ – we’d be delighted to help.


TMS Youth and Arts is the data controller of the personal information you provide to us. This means TMS Youth and Arts determines the purposes for which, and the manner in which, any personal data relating to students and their families is to be processed.


Why do we collect and use your information?


  • The personal data of students and their families is collected and used for the following reasons:

  • To support student learning

  • To monitor and report on student progress

  • To communicate with parents and carers

  • To communicate with students

  • To assess the quality of our service


Which data is collected?


We process personal data relating to TMS Youth and Arts students, volunteers, tutors, staff, trustees, funders and business partners, in order to run the TMS Youth and Arts and keep people informed about any work that we are completing.


The categories of personal data that TMS Youth and Arts collects, holds and shares include the following:


  • Personal information, e.g. names, gender

  • Characteristics, e.g. language, free school meal eligibility, pupil premium status

  • Attendance information, e.g. number of absences and absence reasons

  • Assessment information, e.g. National Curriculum assessment results, student progress test data at school


  • Information relating to SEND

  • Photographs and videos

  • Contact information of students, e.g. mobile numbers and emails

  • Contact information of parents and carers, e.g. mobile numbers


Whilst the majority of the personal data you provide to TMS Youth and Arts is mandatory, some is provided on a voluntary basis. When collecting data, TMS Youth and Arts will inform you whether you are required to provide this data or if your consent is needed. Where consent is required, TMS Youth and Arts will provide you with specific and explicit information with regards to the reasons the data is being collected and how the data will be used.




During the course of your use of the website you may be requested to enter your email address and/or mobile phone number to use a service we provide. This information will only be used in accordance with the terms of this Privacy notice. If you do not want to provide this information, you will not be able to use some of our services.




Our site uses cookies and other tracking technologies. To read how cookies and tracking technologies work and what they are used for on this site and to see a list of the companies that use these cookies and technologies and how they use them please read our Wix Cookie policy. Please continue to use this website as normal if you are happy with the current cookie settings. You can change your cookies preferences or disable cookies via your browser.


How long is your data stored for?


Personal data relating to students and their families is stored in line with TMS Youth and Arts GDPR Data Protection Policy. Data is stored for as long as is necessary to complete the task for which it was originally collected.


Will my information be shared?


TMS Youth and Arts does not share personal data.


We do share student performance, attendance information and progress data with the school, funder, donors, evaluation partners (as relevant and necessary. Anonymised data is shared sometimes provided to third parties for purposes of statistical analysis to enable us to assess the impact of our work.


We use a third party service providers, such as Wix, Google Workplace, Classroom and Zoho apps.



What are your rights?


  • Your rights and your personal data

  • You have rights regarding your personal data. You can:

  • Request a copy of your data that we hold

  • Request that we correct any personal data that is incorrect or out of date

  • Request your personal data is deleted if it is no longer necessary for us to process it

  • Withdraw your consent to the processing at any time

  • Request your personal data is transferred to another data controller (this is called data portability)

  • Request a restriction is placed on further processing your data

  • Object to how your personal data is processed.


If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us or directly to the Information Commissioner’s Office or another relevant supervisory authority.


We won’t do anything with your information you wouldn’t reasonably expect. If you have any queries regarding how we process your data, please contact us at

s s c @ 

This policy was last updated in January 2024

bottom of page