Privacy Policy for Elevated Futures

This Privacy Policy explains how Elevated Futures ("we," "us," or "our"), a specialist educational provision, collects, uses, shares, and protects the personal data of our pupils, parents, visitors to our website, and staff. As a UK-based school handling sensitive personal data, we are committed to compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

1. Our Role and Identity

Elevated Futures is the Data Controller for the personal information we process, meaning we determine the purposes and means of processing that data.

Website Address: https://elevatedfutures.education
Contact for Data Protection: doreen@elevatedmindscoaching.com

2. Information We Collect

We collect and process various types of personal data, which we categorize as follows:

A. Pupil Data (Sensitive & Non-Sensitive)

This is the most sensitive category and includes information necessary for providing education and support under the Dynamic Development Plan (DDP).

Category	Examples of Data Collected
Identity & Contact	Name, date of birth, year group, address, photographs/videos (for DDP/website with consent).
Sensitive Educational Data	Special Educational Needs (SEN) information, Education Health and Care (EHC) Plans, medical conditions, psychological reports, speech and language assessment results, and data used in the Dynamic Development Plan (DDP).
Progress & Achievement	Attendance records, academic results, work samples, behavior records, and pastoral notes.

B. Parent/Carer and Family Data

Name, address, telephone numbers, email addresses, relationship to the pupil, financial information (for invoicing/funding), and documentation related to legal parental responsibility.

C. Website Visitor Data

When you visit our website, we may automatically collect:

Technical Data: IP address, browser type, operating system, and geographic location.
Usage Data: Information about how you use our website, including pages viewed, links clicked, and time spent on pages.
Cookies: Our website uses cookies to distinguish you from other users. We use this data to improve website functionality and analyze usage patterns.

3. How We Use Your Information

We use personal data for the following purposes, all linked to the effective running of our school and the implementation of our specialist curriculum:

Purpose	Description of Use
Educational Provision (DDP)	To deliver the curriculum, measure pupil progress, track targets in the Dynamic Development Plan (DDP), provide therapeutic support (SaLT, OT), and manage transitions (post-16).
Pastoral & Safeguarding	To protect pupils' welfare, manage behavior, provide therapeutic de-escalation support, and comply with our legal duties under Keeping Children Safe in Education (KCSIE).
Administration	Managing admissions, handling referrals, setting fees, communicating with Local Authorities (LAs) regarding funding and EHC plans.
Communication	Sending newsletters, updating parents on school events, and contacting emergency contacts.
Website & Marketing	Analyzing website traffic to improve design and content. Using pupil photos/videos for promotional purposes only with explicit, documented parental consent.
Legal Compliance	Fulfilling obligations to the Department for Education (DfE), Ofsted, and the Health & Safety Executive (HSE).

4. Legal Basis for Processing

Under GDPR, we must have a lawful basis to process your personal data. For a specialist school, our main bases are:

Legal Obligation: Necessary to comply with a legal duty (e.g., safeguarding, statutory reporting to the DfE).
Public Interest/Task: Processing is necessary for the performance of a task carried out in the public interest, namely the provision of education and care.
Contractual Necessity: Necessary for performance of a contract (e.g., an employment contract, or the contract for providing education).
Vital Interests: Necessary to protect a pupil's life or physical integrity.
Consent: Where required for certain activities, such as using identifiable photos for marketing/publicity. Consent can be withdrawn at any time.

For Sensitive Data (Special Category Data like health or SEN information), we rely on: Substantial Public Interest (statutory and government purposes) and Health and Social Care (assessment of working capacity or medical diagnosis).

5. Data Sharing and Disclosure

We may share personal data with third parties where necessary and lawful. These parties include:

Local Authorities (LAs): For statutory reporting, EHC plan reviews, and funding purposes.
External Support: Speech and Language Therapists (SaLT), Occupational Therapists (OT), educational psychologists, or other specialists directly involved in a pupil's DDP.
Regulatory Bodies: Ofsted and the Department for Education (DfE).
Health Services: GPs, NHS services, or mental health providers, particularly in emergencies or for ongoing care.
IT Providers: Secure cloud storage and educational software providers (who act as Data Processors under strict contract).

We do not share personal data with third parties for marketing purposes.

6. Data Security and Retention

Data Security

We have implemented robust technical and organizational measures to ensure your personal data is secure, including password protection, encryption, secure file transfer protocols, and role-based access controls to ensure only relevant staff can view sensitive DDP information.

Data Retention

We retain personal data only for as long as necessary. Educational records are retained in line with statutory guidelines published by the Information and Records Management Society (IRMS). For instance, basic pupil records are typically retained until a pupil reaches age 25 to support post-16 transitions and future needs.

7. Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

Right of Access: The right to request a copy of the personal data we hold about you (a Subject Access Request, or SAR).
Right to Rectification: The right to have inaccurate or incomplete data corrected.
Right to Erasure ('Right to be Forgotten'): The right to request the deletion of your personal data where there is no longer a necessary legal basis for us to hold it.
Right to Restriction of Processing: The right to ask us to stop processing your personal data in certain circumstances.
Right to Object: The right to object to processing based on legitimate interests or public task.

If you wish to exercise any of these rights, please contact the Data Protection Lead (see Section 8).

8. Contact Information and Complaints

Data Protection Lead

If you have any questions or requests regarding this policy or how we use your personal data, please contact:

Email: doreen@elevatedmindscoaching.com
Address: [Insert School Address]

Supervisory Authority

If you are dissatisfied with our response to any data protection issue, you have the right to lodge a complaint with the UK supervisory authority:

The Information Commissioner’s Office (ICO)

Website: https://ico.org.uk
Helpline: 0303 123 1113