Skip to content ↓

Data Protection

The Prospect Trust (The Trust) and Tomlinscote School recognise the importance of data protection and are committed to protecting and safeguarding personal data.  This section of the website outlines the handling of personal data at The Trust and its constituent academies and the steps that are taken to mitigate the risk to any individual involved with The Trust.  The Trust strives to provide and maintain policies and procedures to reflect its legal responsibilities and best practice.

GDPR - The Prospect Trust

The Trust has a designated Data Protection Officer:

Judicium Consulting Limited

Address: 72 Cannon Street, London, EC4N 6AE



Telephone: 0203 326 9174

Freedom of Information requests should be addressed to


what is data protection?

The term ‘data’ refers to any information the School collects from students, staff, parents and other contacts. This might be on paper, or in the form of digital files.

The School has a duty to handle all data appropriately and use the information collected only for the reasons given at the time of collection.

The term ‘personal data’ refers to data that relates to a particular, identifiable person.

Why is data protection important? 

In May 2018 the legislation in Europe regarding data protection was renewed significantly. The General Data Protection Regulation (UK GDPR) ensures that individuals always have control of and access to their own data.

Data controllers have key responsibilities, ensuring that data they collect is handled securely and sensitively.

What about outside the EU? 

Companies and services that operate outside the EU (Eg. Microsoft, Facebook) also have responsibilities. All data relating to EU citizens is subject to the terms of the GDPR, even if the data is stored/transferred overseas.

What is a data controller? 

A data controller is a person or organisation that collects and processes data. It may also provide other data processors with access to certain data, to achieve a specific purpose.

For instance, the School provides Surrey County Council with the information it needs to pay its staff.

What is data processing? 

The processing of data simply refers to any action performed on a particular set of data. This includes copying, analysing, deleting, or sharing.

As an example, the School uses an online service called Kerboodle. This service hosts textbooks and online activities for various academic subjects. In order to allow students to log in, the School supplies student names and their school-managed email addresses with the service provider. No other information is shared, as this would be unnecessary for the purpose.

What do I do if I have a query or concern? 

In the first instance, you should contact the GDPR Lead at the relevant Academy in The Trust.  For Tomlinscote School, contact Mr Major,

Contact Us

Tomlinscote Way, Frimley, Surrey, GU16 8PY

01276 70 90 50