General Data Protection Regulation Policy
1.1 In order to undertake an assessment we need basic information such as name, DOB and relevant school/ work place/ home address details. We need DOB to allow for standardised tests to be scored as a candidates exact age has to be worked out (in some cases depending on the test battery used), we need address information to allow us to attend you to complete the assessment. This information is required to be on the cover sheet of the report.
1.2 Background information will be gathered from the child/ parent and school as appropriate and occasionally copies of relevant reports may be provided to inform the assessment, this may include sensitive medical information where applicable. Only relevant information will be included in reports, although information will be written down to support the assessor in determining the diagnosis.
- Sending Information
2.1 Reports are communicated electronically to the necessary people (usually school staff and/ or parents for children and the examinee personally for those 16 and over who have left school and in all cases for those 18 and over) using one drive, encrypted pen drive for local clients or email. Please note we do not have an encrypted email system and unless you let us know in writing that you do not wish us to send information via email and this is the most practical means of communication, we will communicate this way. Where we are commissioned by schools/ workplaces/ other settings we will agree communication that complied with the policy of the individual setting.
2.2 Background information is requested by email at the point of booking services, you are under no obligation to include any identifying details in this document. However it is preferable to have basic information of previous diagnosis and other information as outlined on the form in advance to allow for the assessment to be planned to meet specific needs. This will be sent as an editable word document and it can be sent back to us howsoever the client wishes, if you require an encrypted version of the document to support secure transfer by email please inform us on receipt of the document by emailing firstname.lastname@example.org and we will send you an encrypted version and the password will be sent via a separate email.
- Storage of information
3.1 All assessments and working papers for the assessment will be kept securely in line with PATOSS regulations for 6 years after a child reaches their 18th birthday, reports will be stored on a password protected computer and a back up is stored on an encrypted external hard drive, copies of papers and reports are required for this length of time under PATOSS regulations in case they are needed for any tribunal/ EHCP application/ any other purpose under law.
3.2 Reports will be stored on a password protected computer and a back up is stored on an encrypted external hard drive for the same length of time and for the same reasons.
3.3 Bearing in mind the stipulations of clause 3.1, if deletion of data from the aforementioned reports and working papers is required, a written request is required outlining the reason for the request, where such a request is upheld, reports will be deleted from our computer systems and working papers will be securely destroyed. Please note in these circumstances we would not be able to provide such information should it be required in the future and we would not have access to the necessary information should this be required under law.
- Requests for Information
4.1 All clients receive a copy of their report following assessment. At the time of assessment or at any time after receiving the report, you have the right to request sight of notes taken during the assessment, we are able to provide copies of any handwritten notes taken for you to take away, although due to regulations regarding the integrity and security of testing materials being kept by unauthorized users, we are unable to provide copies of assessment working papers. However you can request to view these papers under supervision from the Literacy Solutions team by written request.
5.2 You are not required to provide any personal data to view the website, if you wish to contact us you can do so by phone, email or by completing the contact form, by doing so you consent to us holding the information provided and allow us to use that as appropriate to contact you regarding your enquiry.
- Email communication
6.1 We do not operate a mailing list and would never include you in an irrelevant circular email. If you wish for your contact details to be removed from files following communication between us please email email@example.com and request removal.
6.2 We do not keep a client database and any contact details that are not communicated via email are not kept without consent once the assessment has taken place/ the need for any communication has been removed.
6.3 In order to ensure efficiency in our working practices, where you make contact and provide personal contact information to be used to process your enquiry, you consent to this being made available within the Literacy Solutions team to ensure efficient handling of your enquiry.
Written by Paul Graham Office Manager and person responsible for GDPR
Approved by Sara Graham Proprietor
Date 25th May 2018
Review Date- ongoing review until May 2019