Who we are

Little Wandle Letters and Sounds Revised is the copyright of Wandle Learning Trust (multi-academy trust). Wandle Learning Trust takes the security of the data we hold very seriously, everyone has a legal right to be informed about how our organisation uses any personal information that we hold about you or your child. To comply with this, we provide a ‘privacy notice’.

This privacy notice explains how we collect, store and use personal data.

We the Wandle Learning Trust are the ‘data controller’ for the purposes of data protection law.

Our data protection officer is Mr Hepworth (see ‘Contact us’ below).

If you have any questions about this notice please contact, Wandle Teaching School who will be happy to direct you.

In this case we are also using third parties, whose own privacy statements can be found on their websites.

  • Mime Consulting Ltd
  • WooCommerce/Wordpress
  • Communitas
  • Hubspot

The personal data we hold

The following information will be securely stored, from your use of the System:

  • The characteristics of the children at your Provider, their unique pupil numbers (UPNs) and their names.
  • Wandle TSA Letters and Sounds assessment data.
  • Name and Contact details of any one registering for further information.

Why we use this data

We use this data to meet the requirements as an education provider, including to:

  • To keep you informed about your child progress.
  • Check how you’re child is doing and work out whether they need any help
  • Track how well the school is performing
  • To offer technical support
  • To provide appropriate pastoral care
  • To keep your child safe
  • Carry out research
  • Comply with the law regarding data sharing
  • Keep you informed about the WTSA

Our legal basis for using this data

We only collect and use pupils’ personal data as permitted by law. In this case we will be using the data to

  • Perform an official task in the public interest
  • Where necessary for the performance of a contract to which you/your child are a party.
  • Consent when signing up for marketing.

How we store this data

We keep personal information about students while they are signed up. We may also keep it beyond this point or the two years stated below if this is necessary in order to comply with our legal obligations.

Unless you have already requested that we remove your data, we will securely delete all sensitive and personally identifiable children’s data from the System two years after the end of the license period. This period is set so that you are able to return to using the system within two years and still have access to the data for your children.

Data sharing

The data gathered about students via the letters and sounds website will be shared with a third party Mime Consulting limited, but remains the responsibility of WLT, who makes sure that Mime Consulting Limited have

  • Employees that have access to sensitive data are DBS checked
  • Access to sensitive information is protected by username and password. All user passwords are encrypted
  • Mime Consulting Limited adheres to a strict information security policy (available on request) which all our employees and subcontractors sign
  • Mime is registered with the Information Commissioners Office (reference: Z1059351)
  • Data is only used for the purposes specifically agreed with you, and never for marketing purposes
  • Our data is only retained for as long as is required for us to provide services to you, or where we are required to by law (see point above)

Where it is legally required, or necessary (and it complies with data protection law) the trust may share personal information about pupils with:

  • Our local authority – to meet our legal duties to share certain information with it, such as concerns about pupils’ safety and exclusions
  • The Department for Education (a government department)
  • Family and representatives selected by Parents or Guardians
  • Educators and examining bodies
  • Our regulator (the organisation or “watchdog” that supervises us), e.g. Ofsted
  • Suppliers and service providers – so that they can provide the services we have contracted them for
  • Central and local government
  • Health authorities
  • Health and social welfare organisations
  • Police forces, courts, tribunals

Transferring data internationally

Some of the third party organizations listed above do store data outside of the EU. A Standard Contractual Clauses (SCC) is in place for these third party’s, the data is stored and is some cases processed in the US.

Your rights regarding personal data

Individuals have a right to make a ‘subject access request’ to gain access to personal information that the school holds about them.

Parents/carers can make a request with respect to their child’s data where the child is not considered mature enough to understand their rights over their own data (usually under the age of 12), or where the child has provided consent.

You also have the right to make a subject access request with respect to any personal data the school holds about them.

If you make a subject access request, and if we do hold information about you or your child, we will:

  • Give you a description of it
  • Tell you why we are holding and processing it, and how long we will keep it for
  • Explain where we got it from, if not from you or your child
  • Tell you who it has been, or will be, shared with
  • Let you know whether any automated decision-making is being applied to the data, and any consequences of this
  • Give you a copy of the information in an intelligible form

Individuals also have the right for their personal information to be transmitted electronically to another organisation in certain circumstances.

If you would like to make a request, please contact our data protection officer.

Other rights

Under data protection law, individuals have certain rights regarding how their personal data is used and kept safe, including the right to:

  • Object to the use of personal data if it would cause, or is causing, damage or distress
  • Prevent it being used to send direct marketing
  • Object to decisions being taken by automated means (by a computer or machine, rather than by a person)
  • Have inaccurate personal data corrected, In certain circumstances, deleted or destroyed, or restrict processing
  • Claim compensation for damages caused by a breach of the data protection regulations

To exercise any of these rights, please contact our data protection officer.


If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance by contacting the Data Protection Officer. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/

Contact us

We take any complaints about our collection and use of personal information very seriously.

If you have any questions, concerns or would like more information about anything mentioned in this privacy notice, our data protection officer is Mr Hepworth who can be contacted via the Chestnut Grove Academy main reception on 020 8673 8737 or by emailing [email protected]

This notice is based on the Department for Education’s model privacy policy amended to reflect the way we use data in this MAT.

~ ~ ~