Privacy Policy

Our Solutions
Central Solutions
Thinking CreativeSchool Website DesignMarketing & Communications StrategySignage and Wall Displays
View all services
Thinking TechnologyStrategic IT PlanningOn-Site & Remote IT SupportNetwork Security & Safeguarding
View all services
Thinking FinanceInterim Finance Director SupportBusiness Management ProvisionTransactional Finance Services
View all services
Thinking FacilitiesCaretaking and Cleaning ServicesReactive Maintenance and HelpdeskHealth and Safety Management
View all services
Thinking PersonnelHR Advice and GuidanceCase ManagementSafer Recruitment and Vetting
View all services
Thinking Data ProtectionNamed Data Protection Officer (DPO) ServiceData Protection Audits and Risk AssessmentsPolicy and Documentation Support
View all services
Thinking GovernanceClerking ServicesPolicy Monitoring and ComplianceAgenda Planning and Meeting Preparation
View all services
Not sure which solutions you need?
Get in touch now
Income Generation
Thinking Fitness
View all services
Thinking Lettings
View all services
Thinking Food
View all services
About us
Our vision Our partners News and Blog
Events
Contact us

TSfE Privacy Notice

Our Commitment to Your Privacy

Thinking Solutions for Education (TSfE), a subsidiary of the Thinking Schools Academy Trust, respects your rights to confidentiality and privacy and is committed to compliance with the UK General Data Protection Regulation (UK GDPR). This notice explains what personal data (information) we hold, how we collect it, how we use it, and how we may share it.

Who We Are

TSfE collects, uses, and is responsible for certain personal information about you. When we do so, we are regulated under the UK GDPR, and we are responsible as a ‘data controller’ for that personal information.

Our Data Protection Officer (DPO) can be contacted for any queries you may have about how we handle your information.

Data Protection Officer: Mrs J Coates

Address: The Thinking Schools Academy Trust, c/o Holcombe Campus, Park Crescent, Chatham, Kent, ME4 6NR

Telephone: +44 333 360 2000

Email: privacy@tsatrust.org.uk

Why We Collect and Use Your Information

We collect data to operate effectively and provide you with the best experience of our products and services. We collect and use personal data to meet legal requirements, and our legitimate interests as set out in the UK GDPR and UK law.

The information we collect will only be used for the purpose for which it was provided. All personal information is processed and stored securely and kept to a minimum. Information will only be retained for as long as is necessary to provide the requested service, after which it will be securely disposed of.

Where we need to collect special category (sensitive) personal information, we rely on reasons of substantial public interest (such as equality of opportunity). If any of our data processing relies on your consent, we will make this clear to you at the point of collection.

For more detailed information, please see our main Data Protection Policy, available at: https://www.tsatrust.org.uk/policies/.

What Personal Data Do We Collect?

The data we collect depends on the context of your interactions with us and the services you use. This can include the following:

Personal and Contact Information: Name, address, telephone numbers, email address, date of birth, nationality, and photographs or video images.
Authentication Information: Passwords, password hints, and similar security information for account access.
Payment Data: Bank account or credit card details and security codes for processing payments.
Demographic and Usage Data: IP addresses, browser type, device information, access times, location, and websites visited.
CCTV and Body-Worn Camera Images: Footage obtained when you visit one of our locations or sites.
Special Category Data: This includes information related to health (such as disabilities or allergies), gender, and biometric data (e.g., fingerprints for catering services).

How Do We Collect Your Data?

You provide some of this data directly when you sign up for our services, log in to our systems, or contact us. We also collect data automatically through:

Site Visits: Sign-in procedures and CCTV or body-worn camera systems at our locations.
Direct Communication: Information you provide during telephone calls or in emails and web forms.
Online Services: Data supplied by your computer or user account when using our websites and communication systems.

We may also obtain data from third-party sources, such as social networks (when you interact with our profiles) or partners with whom we offer co-branded services.

How We Use Your Personal Data

We process your personal data for several reasons, including:

Service Delivery: To provide you with access to the products or services you have requested.
Communication: To contact you with information about our services, respond to your enquiries, invite feedback, or send newsletters.
Business Operations: To manage payments, conduct analysis to improve our services, and report on business performance.
Legal and Safeguarding Obligations: To comply with the law, ensure the safety and security of individuals on our sites, and address any safeguarding concerns.
Security: To aid in the prevention and detection of crime and ensure network and information security.

Who We Share Your Information With

In some cases, your data may be outsourced to a third-party processor; this will only be done with your consent, unless we have another legal basis for sharing. Any processor we use is held to the same data protection standards that we uphold.

We may routinely share your information with:

Commissioned providers of Trust services.
Subsidiaries and data processors who provide essential systems under contract to the Trust.
Other public organisations where necessary, such as the police or the NHS.
Third-party service providers, such as payment processors or communication systems providers.

Information We Process About Our Community

As an Academy Trust, our core function involves the education and welfare of children. Therefore, we lawfully collect, use, and share personal data relating to:

Pupils and Alumni: To provide education, support their needs, ensure their safety, and for archiving or historical purposes. We adhere to the Age-Appropriate Design Code (Children's Code) in all relevant processing.
Parents and Carers: To communicate effectively, address safeguarding matters, and manage services related to their child's education.
Our Workforce: For employment, payroll, performance management, and to meet our legal obligations as an employer. This includes the collection of Equality, Diversity, and Inclusion (EDI) data where consent is given.
Applicants: To manage recruitment, assess suitability for roles, and conduct legally required pre-employment checks.
Visitors and Guests: To ensure site safety and security, manage access, and for safeguarding purposes.
Customers: To provide you with access to the products or services you have requested

Filtering and Monitoring of IT Systems

In line with our legal safeguarding duties under Keeping Children Safe in Education (KCSiE), the Trust uses filtering and monitoring systems on all IT devices and networks we provide. These systems are in place to safeguard children, promote the safe use of technology, and protect our IT systems. This monitoring may record information such as websites visited and search terms. Where a concern is identified, this information may be shared with designated staff or external agencies like the police where legally required. The lawful bases we rely on for this are Legal Obligation and Public Task.

Data Retention and Security

We will only hold your information for as long as is necessary for the purpose it was collected. The specific retention period depends on the type of information and is detailed in our Records Management, Retention and Disposal Policy.

We have appropriate security measures in place to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised way. We limit access to your information to those with a genuine business need to know it, and we have procedures to deal with any suspected data security breach.

Your Data Protection Rights

Under the UK GDPR, you have several rights regarding your personal data, which you can exercise free of charge. These include the right to:

Be informed about what we are doing with your information.
Access the information we hold about you.
Rectify any mistakes in your information.
Request erasure of your information in certain circumstances.
Restrict or object to how we are using your information.
Data portability (have your information transferred electronically).
Withdraw consent where our processing is based on it.

To exercise any of these rights, please contact our Data Protection Officer. Please note that we may be legally required to hold or use your information despite your request. For further details on your rights, please see the guidance from the Information Commissioner’s Office (ICO).

Concerns and Complaints

In addition to the right to lodge a complaint with the Information Commissioner's Office (ICO), Data Subjects have the right to raise a data protection complaint directly with the Trust or any of its Academies regarding how their personal information has been handled. This internal complaint process is designed to facilitate timely and appropriate resolution of data protection concerns.

Data protection complaints can be made by various means, including electronically via email to privacy@tsatrust.org.uk or via post FAO: Data Protection Officer, The Thinking Schools Academy Trust, Park Crescent, Chatham, Kent, ME4 6NR

If you are not satisfied with our response, you have the right to complain to the Information Commissioner’s Office (ICO) at https://ico.org.uk/concerns/.

- Updated 14 January 2026