GDPR Compliance Policy

Overview

Talamo is committed to protecting the privacy and security of personal data collected through our digital dyslexia screening and cognitive profiling tool. This policy outlines our practices and compliance measures in accordance with the UK General Data Protection Regulation (UK GDPR).

Personal Data We Collect

• Student’s Name: Only first names and surnames, no other identifiers like addresses or detailed medical histories are involved.

• Date of birth: Of each student added to the platform

• Cognitive Assessment Scores: Individual and composite scores derived from responses and behaviour (such as time taken) during assessment.

• Supporting Information: Non-identifiable information on a Student (such as school performance) that helps in assessment.

• Risk Assessment Results: Outcomes from the dyslexia screening.

Legal Basis for Processing

We process this data under UK GDPR Article 6(1)(f), which relates to processing necessary for the purposes of legitimate interests pursued by Talamo or a third party, provided that these interests are not overridden by the interests or fundamental rights and freedoms of the data subjects.

Necessity and Proportionality

Data collection is minimised and strictly tailored to meet the objectives of providing accurate dyslexia screening and support. We ensure that only essential data is collected and used.

Data Subject Rights

Students and their guardians have the right to:

• Access their personal data.

• Request correction of incorrect data.

• Request deletion of their data where appropriate.

• Restrict processing and object to processing.

• Request data portability.

• Withdraw consent at any time (where applicable).

Risk Assessment and Mitigation

We recognise potential risks such as unauthorised access and data breaches. To mitigate these risks, we have implemented:

• Encryption of data during transmission and storage.

• Strict access controls and authentication procedures.

• Regular staff training on data protection.

Data Retention

Personal data is retained only as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. After this period, data is securely deleted or anonymised. For deactivated accounts, data will be deleted after a period of two years or as requested.

Accountability and Data Governance

Talamo maintains rigorous data governance policies, ensuring accountability in every aspect of data processing. We conduct regular audits to monitor and improve our data handling practices.

Sharing of Personal Data

Data is not shared with third parties except as necessary for the provision of the dyslexia screening service or as required by law.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee compliance with this policy. The DPO can be contacted with any questions or concerns regarding our data protection practices. They can be contacted via the email hello@talamo.co.uk.

Changes to This Policy

This policy may be updated periodically to reflect changes in our practices or regulatory changes. Schools will be notified of any significant changes.

Contacting Us

For further information on our data protection practices or to exercise any of your rights, please contact us at hello@talamo.co.uk.

Conclusion

Talamo is dedicated to safeguarding the personal information of all data subjects and ensuring transparency and compliance with the UK GDPR.