Version 1.1.0
This Privacy Policy explains how Rescoping Education Ltd collects, uses, and protects the personal information of our users. We are committed to protecting user privacy and being transparent about our data practices. This policy applies to our website, our interactions with the user, and our use of virtual classroom platforms.
1. Who We Are
Rescoping Education Ltd is the data controller. This means our company decides how and why the personal information of our users is collected, used, and protected.
2. The Information We Collect
We collect different types of data for specific purposes, as outlined below:
| Type of Data | Specific Data Points Collected | Purpose of Collection | Is this Personal Data? |
|---|---|---|---|
| Website Usage Data | Page views, user agent, referrer URL, geolocation (country/subdivision). A hashed identification is used to understand daily activity. | To help us understand how our website is used and improve the user experience. | Yes (Pseudonymous). |
| Website functioning | User's IP address, browser type, pages visited, and time of visit. | To enable core functionality, including routing traffic, and ensuring website security. | Yes. |
| Initial Contact Form | Name, email address, subject, academic level, availability, question or message. | To facilitate initial contact, answer user questions, arrange a consultation or sample lesson, and respond to general inquiries. | Yes. |
| User Registration and Profile | For students aged 18 or over: Student's full name, email address and phone number. For students under 18: Student's full name, parent/legal guardian's full name, email address, and phone number. For all students: Emergency contact name, number, and relationship to student. For all students: Student's age or year group, and academic information. | To identify the user and, where applicable, their child, to manage lessons and bookings, for invoicing, and to ensure appropriate safeguarding measures are in place. We also use this data to communicate with the user via email regarding these activities. The emergency contact number is collected for use in situations where the primary contact is unresponsive and there is a concern for the student's well-being. | Yes. |
| Online Tutoring | We may collect audio and video recordings, session chat logs, usernames, messages, transcripts. | To deliver our tutoring services, maintain a record of lessons, and for the purpose of safeguarding and quality assurance. | Yes. |
| Billing and Payment | Transaction details, bank transfer records, and payment processor identifiers (e.g., Stripe). | To process payments for lessons and maintain financial logs for tax and accounting purposes. | Yes. |
| Virtual Classroom Lesson Logs | Participants' names, date, time of access, duration, and lesson summaries. | To keep a record of lessons for invoicing, administrative, and safeguarding purposes. | Yes. |
a) Website Usage Data
We believe in respecting user privacy. To help us understand how our website is used and improve the user experience, we collect certain usage data. This data is collected using a privacy-focused method that does not use cookies.
We use a visitor hash created from the user's IP address, browser type, and the current date. This hash is pseudonymous. This allows us to distinguish between different visitors and understand daily activity without identifying the user as a real-world individual or tracking the user's behaviour across multiple days.
Please Note: Because this data is first-party and essential for monitoring site health, it is not disabled by 'Do Not Track' settings. Using 'Incognito' mode will not prevent the transmission of this technical usage data during the user's session. Furthermore, because this data is linked only to a temporary hash and not a name, we are generally unable to identify or delete specific usage records for a particular user.
b) Data Collected for Website Functioning
Our website is hosted on Netlify. While Netlify does not use cookies by default for standard hosting, it may use strictly necessary cookies if specific security or functional features are enabled (such as password protection). These cookies are essential for the website to operate and do not require user consent. Additionally, Netlify processes technical information, such as the user's IP address, in its server logs to ensure the website operates securely and reliably. For more details, please refer to Netlify's privacy documentation.
c) Data Collected for Online Tutoring
When a user engages with our online tutoring services, we use third-party virtual classroom platforms to conduct lessons. These platforms collect and process personal data that is essential for delivering the service.
We encourage the user to review the privacy policies of our virtual classroom providers to understand their data practices:
Lessonspace Privacy Policy: www.thelessonspace.com/legal/privacy-policy
d) Our Commitment to the User's Privacy
We are committed to being transparent about the information we collect and how we use it. We do not sell or share user data with third parties for marketing purposes. The personal information we collect is held in the strictest confidence and is used only for the purposes outlined above.
3. How We Use the User's Information
We use the user's personal information for the following purposes and with the following legal bases:
To maintain administrative and legal records (Legal Basis: Legitimate Interest & Legal Obligation): We collect logs of virtual classroom lessons (including participant names, date, time of access, duration, and lesson summaries), booking data from Netlify, and invoices. These records are necessary for internal record-keeping, billing, and accounting purposes. We also keep a record of Subject Access Requests (SARs) and related documentation to demonstrate our compliance with data protection laws. Emails are also retained for administrative and communication purposes related to our services. We maintain manual logs of lesson attendance and payments received to fulfil our legal obligations for financial record-keeping.
For initial inquiries (Legal Basis: Legitimate Interest): We process the personal data collected through our contact form, including the user's name, email, and message, to respond to the user's inquiries and facilitate potential services such as a consultation or sample lesson. This is a necessary step for our business to operate and is a legitimate interest that the user would reasonably expect.
To provide tuition services (Legal Basis: Performance of a Contract): We use the user's name, email, and payment details to provide and manage the lessons the user has booked with us.
For safeguarding investigations (Legal Basis: Legitimate Interest): We securely record lessons conducted on the LessonSpace platform. These recordings are not routinely monitored. They will only be accessed and processed if a formal safeguarding concern is raised. The logs of virtual classroom lessons, including lesson summaries and chat logs, may also be accessed for these investigations. We create and store transcripts from these recordings for the same period and purpose. In the event we receive a Subject Access Request (SAR), a copy of the recording may be downloaded, encrypted, and stored with our SAR record to fulfil our legal obligation to provide the data. To fulfil our legal obligations to respond to SARs, we may need to redact personal data. Redaction is the process of removing or obscuring personal data to protect privacy (for example, by blurring a face, muting a voice, or digitally removing other identifying information).
To ensure website security and functionality (Legal Basis: Legitimate Interest): We process technical data, such as IP addresses and browser information, to monitor the website for security threats, prevent fraudulent activity, and ensure the proper operation of our services. This is necessary for our business to operate securely and reliably and is a legitimate interest that does not unduly impact the user's privacy rights.
What is Legitimate Interest?
We process certain personal data based on our legitimate interests. This legal basis is used when we have a legitimate business need to process the user's data in a way that the user would reasonably expect, and where this processing has a minimal impact on the user's privacy. We have determined that our legitimate interests are to provide our services securely and reliably.
4. How We Protect the User's Information
We take the security of the user's data seriously. All personal information we hold is stored on secure systems and is protected by appropriate security measures to prevent unauthorised access, use, or disclosure. We have implemented appropriate physical, technical, and administrative measures to protect the information we collect.
For enhanced security, we protect all data sent to our email addresses using a two-factor verification (2FA) process. This ensures that only authorised personnel can access and handle the user's information, providing an additional layer of protection against unauthorised access.
All records and data containing user personal information are stored using industry-standard encryption. This means that even if a data storage device were compromised, the information would be unreadable without the correct decryption key. We download and encrypt records of virtual classroom lessons, booking data, invoices, and SARs and store them on our secure systems.
In addition to our own systems, we ensure that our virtual classroom platforms and payment processors and other third-party services employ robust security measures to protect user data.
5. Our Third-Party Data Processors
To provide our services and to fulfil our legal obligations, we engage with trusted third-party data processors. These processors act on our instructions and handle the user's data on our behalf for specific purposes, as outlined in this policy. They are carefully vetted to ensure they meet our high standards for data security and privacy and are compliant with UK GDPR.
Payment Processors: We use Stripe for securely processing payments.
Virtual Classroom Platforms: We use LessonSpace to host and record lessons. Lesson recordings are stored by LessonSpace in their cloud storage. We can only access a copy of the content as a screen capture or as individual video, audio, and whiteboard exports provided by LessonSpace.
Data Redaction Service: In the event that we receive an SAR for a recording, we may use a third-party redaction service or perform the redaction ourselves using a video editor. This is necessary to fulfil our legal obligation to redact the personal data of other individuals before providing it to the requester.
These third-party platforms may be based outside the UK. When data is transferred internationally, we ensure that appropriate safeguards are in place to protect the user's personal data in accordance with UK data protection laws.
6. The User's Data Rights
Under GDPR, the user has the right to request access to, correction of, or erasure of their personal data. The user also has the right to object to or restrict processing, and the right to data portability (to receive an electronic copy of their data).
We hold audio and video recordings of lessons for a limited period for safeguarding purposes. Please note that while our primary purpose for these recordings is safeguarding, the user and their child have the right to request access to them as part of an SAR.
When the user makes an SAR, we will take all reasonable steps to provide a copy of their personal data. However, we are legally required to protect the privacy of others. This means:
Tutor's Personal Data: As the data controller and lead tutor, Rebecca Clements, explicitly consents to their image and voice being included in the recordings and to the disclosure of these recordings to a parent or legal guardian upon a valid SAR. This consent is documented internally and serves as our legal basis for providing a copy of the lesson without redacting the tutor's personal data.
Other individuals' Personal Data: We will, however, redact or remove any personal data belonging to other individuals (such as other tutors, if applicable, or any other person appearing in the background) from the recordings before providing them. This is a legal requirement under the GDPR to protect the privacy of third parties.
We will respond to all SARs without undue delay and at the latest within one month of receiving the request. If the request is complex, we may extend this period by a further two months, but we will inform the user of this within the initial one-month period.
To ensure the security of the user's data, we will need to verify the user's identity before we can fulfil the request. We may ask for information to confirm the user's identity or their authority to act on behalf of their child.
To exercise any of these rights, the user can contact us at info@beccatuition.co.uk. Please note that we may need to verify the user's identity before fulfilling their request.
7. No Automated Marketing and No Data Sales
We will never sell the user's personal data. We do not operate automated marketing mailing lists or subscriptions. We may contact the user personally via email only to respond to the user's direct inquiries or to provide specific information the user has requested. If we ever intend to use the user's email for broader marketing purposes, we will seek the user's explicit consent first.
8. Data Retention
We will only keep the user's personal data for as long as is necessary to fulfil the purposes for which we collected it. Lesson recordings and their associated transcripts are stored for a period of 90 days to allow for the investigation of any immediate safeguarding concerns. In the event of a safeguarding issue that requires a longer investigation, we will retain the relevant data for as long as is legally necessary to cooperate with the relevant authorities.
We retain lesson logs, booking data, and invoices for a period of 6 years to meet our legal obligations for financial record-keeping. Records of SARs are kept for 7 years in compliance with data protection laws.
Data collected from the initial contact form is retained for a period of one year from the date of submission. This is to allow us to refer back to the inquiry for administrative, legal, and operational purposes, or until the purpose for which the data was collected has been fulfilled (for example, once a consultation or sample lesson is complete).
9. The User's Consent and Agreement
The user's explicit consent to this Privacy Policy is provided by checking the box on the booking form or by continuing to engage the service after being provided with a link to this policy (e.g., via email signature). Such continued use constitutes acceptance of our data processing practices for the purposes of delivering tutoring and maintaining financial records. This serves as the legal basis for processing the user's personal data specifically for the online tutoring service (user registration, lessons, and billing), separate from any data collected for the website's proper functioning.
10. How the User Can Complain
If the user has any concerns about our use of their personal data, they can contact us at info@beccatuition.co.uk. If the user is not satisfied with our response, they have the right to lodge a complaint with the UK data protection regulator, the Information Commissioner's Office (ICO).
This Privacy Policy may be updated from time to time to reflect changes in our practices or for legal reasons. We will notify the user of any significant changes.
Date of Policy: 27 February 2026