Talamo data policy
Last updated: 10/01/24
GDPR Compliance Policy
Overview
Talamo is committed to protecting the privacy and security of personal data collected through our digital dyslexia screening and cognitive profiling tool. This policy outlines our practices and compliance measures in accordance with the UK General Data Protection Regulation (UK GDPR).
Personal Data We Collect
Student’s Name: Only first names and surnames, no other identifiers like addresses or detailed medical histories are involved.
Date of birth: Of each student added to the platform
Cognitive Assessment Scores: Individual and composite scores derived from responses and behaviour (such as time taken) during assessment.
Supporting Information: Non-identifiable information on a Student (such as school performance) that helps in assessment.
Risk Assessment Results: Outcomes from the dyslexia screening.
Legal Basis for Processing
We process this data under UK GDPR Article 6(1)(f), which relates to processing necessary for the purposes of legitimate interests pursued by Talamo or a third party, provided that these interests are not overridden by the interests or fundamental rights and freedoms of the data subjects.
Necessity and Proportionality
Data collection is minimised and strictly tailored to meet the objectives of providing accurate dyslexia screening and support. We ensure that only essential data is collected and used.
Data Subject Rights
Students and their guardians have the right to:
Access their personal data.
Request correction of incorrect data.
Request deletion of their data where appropriate.
Restrict processing and object to processing.
Request data portability.
Withdraw consent at any time (where applicable).
Risk Assessment and Mitigation
We recognise potential risks such as unauthorised access and data breaches. To mitigate these risks, we have implemented:
Encryption of data during transmission and storage.
Strict access controls and authentication procedures.
Regular staff training on data protection.
Data Retention
Personal data is retained only as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. After this period, data is securely deleted or anonymised. For deactivated accounts, data will be deleted after a period of two years or as requested.
Data Storage Policy
All personal data processed by our platform is stored exclusively within the European Economic Area (EEA). We ensure that our data storage and processing partners are fully compliant with the General Data Protection Regulation (GDPR), maintaining strict controls to safeguard personal information. By keeping data within the EEA, we align with GDPR requirements to protect data privacy and security. Our commitment to data protection includes regular reviews of our data management practices and partnerships to ensure continued compliance with European data protection laws.
Accountability and Data Governance
Talamo maintains rigorous data governance policies, ensuring accountability in every aspect of data processing. We conduct regular audits to monitor and improve our data handling practices.
Sharing of Personal Data
Data is not shared with third parties except as necessary for the provision of the dyslexia screening service or as required by law.
Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee compliance with this policy. The DPO can be contacted with any questions or concerns regarding our data protection practices. They can be contacted via the email hello@talamo.co.uk.
Changes to This Policy
This policy may be updated periodically to reflect changes in our practices or regulatory changes. Schools will be notified of any significant changes.
Contacting Us
For further information on our data protection practices or to exercise any of your rights, please contact us at hello@talamo.co.uk.
Conclusion
Talamo is dedicated to safeguarding the personal information of all data subjects and ensuring transparency and compliance with the UK GDPR.