pupilprotect.co.uk

Privacy Policy

How we collect, use, and protect your personal data

Last updated: December 2024

Effective date: December 2024

Introduction

Pupil Protect Limited ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us.

This policy applies to all users of our safeguarding platform and website visitors. By using our services, you consent to the data practices described in this policy.

Data Controller

Pupil Protect Limited is the data controller for the purposes of UK data protection law. You can contact us at:

Email: privacy@pupilprotect.com

Address: Pupil Protect Limited, [Address], United Kingdom

Phone: +44 20 1234 5678

Information We Collect

Personal Information You Provide

  • Account Information: Name, email address, job title, school/organization details
  • Contact Information: Phone number, postal address
  • Demo Requests: Information provided when booking demonstrations
  • Support Communications: Messages, feedback, and support requests
  • Payment Information: Billing details (processed securely by third-party providers)

Information Collected Automatically

  • Usage Data: How you interact with our platform and website
  • Device Information: IP address, browser type, operating system
  • Cookies and Tracking: See our Cookie Policy for details
  • Log Data: Server logs, error reports, performance data

Safeguarding Data

When schools use our platform, we process safeguarding data on their behalf as a data processor. This includes:

  • • Student information and safeguarding records
  • • Incident reports and case notes
  • • Staff information related to safeguarding
  • • Communication logs and documentation

Important: Schools remain the data controller for all safeguarding data. We process this data strictly according to their instructions and our Data Processing Agreement.

How We Use Your Information

Service Provision

  • • Providing and maintaining our platform
  • • Processing transactions and billing
  • • Customer support and assistance
  • • Platform updates and improvements

Communication

  • • Responding to inquiries and requests
  • • Sending important service updates
  • • Marketing communications (with consent)
  • • Demo scheduling and follow-up

Legal Compliance

  • • Meeting legal and regulatory requirements
  • • Protecting against fraud and abuse
  • • Enforcing our terms of service
  • • Responding to legal requests

Improvement

  • • Analyzing usage patterns
  • • Improving our services
  • • Developing new features
  • • Security monitoring

Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

  • Contract: To provide our services and fulfill our contractual obligations
  • Legitimate Interest: For business operations, security, and service improvement
  • Consent: For marketing communications and optional features
  • Legal Obligation: To comply with applicable laws and regulations
  • Vital Interests: To protect the safety and welfare of individuals

How We Share Your Information

Service Providers

We work with trusted third-party service providers who help us operate our business. These include hosting providers, payment processors, and support tools. All service providers are bound by strict data protection agreements.

Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety, or that of others.

What We Don't Do

  • • We never sell your personal data
  • • We don't share safeguarding data with unauthorized parties
  • • We don't use student data for marketing purposes
  • • We don't transfer data outside the UK without appropriate safeguards

Data Security

We implement industry-leading security measures to protect your data:

  • • End-to-end encryption
  • • Secure data centers in the UK
  • • Regular security audits
  • • Multi-factor authentication
  • • ISO 27001 certification
  • • SOC 2 Type II compliance
  • • Cyber Essentials Plus
  • • Regular penetration testing

Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

  • Account Data: For the duration of your account plus 7 years for legal compliance
  • Marketing Data: Until you withdraw consent or 3 years of inactivity
  • Support Data: 3 years after case closure
  • Safeguarding Data: As directed by schools in accordance with their retention policies

For detailed retention periods, please see our Data Retention Policy.

Your Rights

Under UK data protection law, you have the following rights:

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate information
  • Erasure: Request deletion of your data
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a portable format
  • Objection: Object to certain types of processing
  • Withdraw Consent: For consent-based processing
  • Complain: To the Information Commissioner's Office

To exercise these rights, contact us at privacy@pupilprotect.com.

Cookies and Tracking

We use cookies and similar technologies to improve your experience on our website. For detailed information about our use of cookies, please see our Cookie Policy.

You can control cookie settings through your browser preferences, though this may affect website functionality.

International Data Transfers

We primarily store and process data within the United Kingdom. If we need to transfer data internationally, we ensure appropriate safeguards are in place, including:

  • • Adequacy decisions by the UK government
  • • Standard Contractual Clauses
  • • Binding Corporate Rules
  • • Certification schemes

Children's Privacy

Our services are designed for use by schools and educational professionals. We do not knowingly collect personal information directly from children under 13.

When schools use our platform to manage student safeguarding data, they remain responsible for ensuring appropriate consent and legal basis for processing student information.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • • Posting the updated policy on our website
  • • Sending email notifications to registered users
  • • Displaying prominent notices on our platform

Your continued use of our services after any changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

General Inquiries

Email: privacy@pupilprotect.com

Phone: +44 20 1234 5678

Data Protection Officer

Email: dpo@pupilprotect.com

For data protection matters and rights requests

Related Policies

Terms & Conditions

Our terms of service and user agreements

Cookie Policy

How we use cookies and tracking technologies

Data Retention Policy

How long we keep different types of data