SEND Meadow Privacy Policy

SEND Meadow – GDPR Policy

Last updated: 05 May 2025

Introduction

SEND Meadow is committed to ensuring all personal data collected about children and young people, their families, and education providers is collected, stored and processed in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018). This policy applies to all personal data, regardless of format (paper or electronic).

What is the GDPR?

The General Data Protection Regulation (GDPR), introduced in 2018 and retained in UK law following Brexit, outlines how organisations must handle personal data. The GDPR is underpinned by seven key principles:

1. Lawfulness, fairness and transparency
2. Purpose limitation
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality (security)
7. Accountability

SEND Meadow adheres to these principles in all data handling practices.

Who processes your information?

SEND Meadow is both the data controller and processor of the personal information you provide. This means we determine the purposes for which, and the manner in which, your personal data is collected and used. The business is solely run by Bryony Marketis, who also acts as the Data Protection Officer. Any queries regarding data protection can be directed to:

Email: contact@sendmeadow.co.uk

Why do we collect and use your information?

SEND Meadow collects and processes personal information for the following lawful purposes:

- To support and advise on Education, Health and Care Plan (EHCP) applications and reviews
- To offer guidance relating to SEND provision, parental rights, and documentation
- To maintain accurate case notes and records

Consent is always sought prior to collecting or sharing personal data. A copy of this policy is provided with the consent form.

What information may be collected?

SEND Meadow may collect and process the following data:

- Names and dates of birth
- Contact details
- Diagnoses or relevant medical history
- Educational background
- Family or social circumstances
- Reports or letters from professionals

Only data relevant and necessary to the service will be collected.

How long is data stored?

Personal data will be securely retained for up to one year after the case has been closed. This allows for any follow-up queries or related support. You may request deletion earlier if preferred.

After one year:
- Electronic data will be securely deleted
- Paper records will be securely shredded

How is data kept secure?

SEND Meadow ensures data security through:

- Password-protected devices
- Use of secure email and antivirus software
- Locked storage for paper files
- Restricted data sharing

Will my information be shared?

Your data will never be shared without written consent unless there is a safeguarding concern. In those cases, information may be passed to relevant safeguarding authorities.

Your rights under GDPR

You have the right to:

- Be informed about how your data is used
- Access the data held about you
- Correct any inaccurate information
- Request deletion of your data
- Withdraw consent
- Lodge a complaint with the Information Commissioner’s Office (ICO)

What is a data breach?

A data breach is any security incident where personal data is lost or accessed without authorisation. SEND Meadow will report any notifiable breach to the ICO within 72 hours and notify affected individuals without delay.

What if I have a concern?

If you are concerned about how your data is being handled, please contact Bryony Marketis at contact@sendmeadow.co.uk.

You may also contact the Information Commissioner’s Office (ICO):
Helpline: 0303 123 1113
Website: https://ico.org.uk

This policy is reviewed annually. Last reviewed: 05 May 2025. Next review due: 05 May 2026.