Version 1.0.0
This Privacy Policy explains how Rescoping Education Ltd collects, uses, and protects the personal information of our users. We are committed to protecting user privacy and being transparent about our data practices. This policy applies to our website, our interactions with the user, and our use of virtual classroom platforms.
1. Who We Are
Rescoping Education Ltd is the data controller. This means our company decides how and why the personal information of our users is collected, used, and protected.
2. The Information We Collect
We collect different types of data for specific purposes, as outlined below:
| Type of Data | Specific Data Points Collected | Purpose of Collection | Is this Personal Data? |
|---|---|---|---|
| Website Usage Data | Page views, session duration, browser type. | To help us understand how our website is used and improve the user experience. | No. All data is anonymous and cannot be used to identify the user. |
| Website functioning | IP address, browser type, pages visited, time of visit. | To ensure the proper security of the website. | Yes. |
| Initial Contact Form | Name, email address, subject, academic level, availability, question or message. | To facilitate initial contact, answer user questions, arrange a consultation or sample lesson, and respond to general inquiries. | Yes. |
| User Registration and Profile | For students aged 18 or over: Student's full name, email address and phone number. For students under 18: Student's full name, parent/legal guardian's full name, email address, and phone number. For all students: Emergency contact name, number, and relationship to student. For all students: Student's age or year group, academic information, emergency contact number. | To identify the user and, where applicable, their child, to manage lessons and bookings, for invoicing, and to ensure appropriate safeguarding measures are in place. We also use this data to communicate with the user via email regarding these activities. The emergency contact number is collected for use in situations where the primary contact is unresponsive and there is a concern for the student's well-being. | Yes. |
| Online Tutoring | Audio and video recordings, sessions chat logs, usernames, messages, transcripts. | To deliver our tutoring services, maintain a record of lessons, and ensure appropriate safeguarding measures are in place. | Yes. |
| Billing and Payment | Transaction details, billing address, direct debit information, payment processor identifiers (e.g., Stripe, PayPal, GoCardless). | To process payments for lessons and manage billing. Note: We do not store full payment card details on our servers. While payments are processed by our third-party payment processors, the sales receipt and booking confirmation are sent by the company to the payer's email address. | Yes. |
| Virtual Classroom Lesson Logs | Participants' names, date, time of access, duration, and lesson summaries. | To keep a record of lessons for invoicing, administrative, and safeguarding purposes. | Yes. |
a) Website Usage Data
We believe in respecting user privacy. To help us understand how our website is used and improve the user experience, we collect certain usage data. This data is collected using a privacy-focused analytics service and does not use cookies or other tracking methods that store information on a user's device. The data we collect is fully anonymous and cannot be used to identify the user as an individual.
Since the anonymous data we collect cannot be linked back to the user, we do not have the ability to provide access to, or delete, this data on an individual basis. However, the user can use their browser settings to block all data collection if they choose to do so.
b) Data Collected for Website Functioning
Our website is hosted on Netlify. Netlify uses strictly necessary cookies for the website's proper functioning and security. These cookies collect technical information, such as the user's IP address, to ensure the website operates securely and reliably. They are essential and do not require user consent. For more details on the cookies Netlify uses, please refer to their privacy and cookies policies.
c) Data Collected for Online Tutoring
When a user engages with our online tutoring services, we use third-party virtual classroom platforms to conduct lessons. These platforms collect and process personal data that is essential for delivering the service.
We encourage the user to review the privacy policies of our virtual classroom providers to understand their data practices:
Lessonspace Privacy Policy: www.thelessonspace.com/legal/privacy-policy
d) Our Commitment to the User's Privacy
We are committed to being transparent about the information we collect and how we use it. We do not sell or share user data with third parties for marketing purposes. The personal information we collect is held in the strictest confidence and is used only for the purposes outlined above.
3. How We Use the User's Information
We use the user's personal information for the following purposes and with the following legal bases: To maintain administrative and legal records (Legal Basis: Legitimate Interest & Legal Obligation): We collect logs of virtual classroom lessons (including participant names, date, time of access, duration, and lesson summaries), booking data from Netlify, and invoices. These records are necessary for internal record-keeping, billing, and accounting purposes. We also keep a record of Subject Access Requests (SARs) and related documentation to demonstrate our compliance with data protection laws. Emails are also retained for administrative and communication purposes related to our services.
For initial inquiries (Legal Basis: Legitimate Interest): We process the personal data collected through our contact form, including the user's name, email, and message, to respond to the user's inquiries and facilitate potential services such as a consultation or sample lesson. This is a necessary step for our business to operate and is a legitimate interest that the user would reasonably expect.
To provide tuition services (Legal Basis: Performance of a Contract): We use the user's name, email, and payment details to provide and manage the lessons the user has booked with us.
For safeguarding investigations (Legal Basis: Legitimate Interest): We securely record lessons conducted on the LessonSpace platform. These recordings are not routinely monitored. They will only be accessed and processed if a formal safeguarding concern is raised. The logs of virtual classroom lessons, including lesson summaries and chat logs, may also be accessed for these investigations. We create and store transcripts from these recordings for the same period and purpose. In the event we receive a Subject Access Request (SAR), a copy of the recording may be downloaded, encrypted, and stored with our SAR record to fulfil our legal obligation to provide the data. To fulfil our legal obligations to respond to SARs, we may need to redact personal data. Redaction is the process of removing or obscuring personal data to protect privacy (for example, by blurring a face, muting a voice, or digitally removing other identifying information).
To ensure website security and functionality (Legal Basis: Legitimate Interest): We process technical data, such as IP addresses and browser information, to monitor the website for security threats, prevent fraudulent activity, and ensure the proper operation of our services. This is necessary for our business to operate securely and reliably and is a legitimate interest that does not unduly impact the user's privacy rights.
What is Legitimate Interest?
We process certain personal data based on our legitimate interests. This legal basis is used when we have a legitimate business need to process the user's data in a way that the user would reasonably expect, and where this processing has a minimal impact on the user's privacy. We have determined that our legitimate interests are to provide our services securely and reliably.
4. How We Protect the User's Information
We take the security of the user's data seriously. All personal information we hold is stored on secure systems and is protected by appropriate security measures to prevent unauthorised access, use, or disclosure. We have implemented appropriate physical, technical, and administrative measures to protect the information we collect.
For enhanced security, we protect all data sent to our email addresses using a two-factor verification (2FA) process. This ensures that only authorised personnel can access and handle the user's information, providing an additional layer of protection against unauthorised access.
All records and data containing user personal information are stored using industry-standard encryption. This means that even if a data storage device were compromised, the information would be unreadable without the correct decryption key. We download and encrypt records of virtual classroom lessons, booking data, invoices, and SARs and store them on our secure systems.
In addition to our own systems, we ensure that our virtual classroom platforms and payment processors and other third-party services employ robust security measures to protect user data.
5. Our Third-Party Data Processors
To provide our services and to fulfil our legal obligations, we engage with trusted third-party data processors. These processors act on our instructions and handle the user's data on our behalf for specific purposes, as outlined in this policy. They are carefully vetted to ensure they meet our high standards for data security and privacy and are compliant with UK GDPR.
Payment Processors: We use Stripe and PayPal for securely processing payments.
Virtual Classroom Platforms: We use LessonSpace to host and record lessons. Lesson recordings are stored by LessonSpace in their cloud storage. We can only access a copy of the content as a screen capture or as individual video, audio, and whiteboard exports provided by LessonSpace.
Data Redaction Service: In the event that we receive an SAR for a recording, we may use a third-party redaction service or perform the redaction ourselves using a video editor. This is necessary to fulfil our legal obligation to redact the personal data of other individuals before providing it to the requester.
These third-party platforms may be based outside the UK. When data is transferred internationally, we ensure that appropriate safeguards are in place to protect the user's personal data in accordance with UK data protection laws.
6. The User's Data Rights
Under GDPR, the user has the right to request access to, correction of, or erasure of their personal data. The user also has the right to object to or restrict processing, and the right to data portability (to receive an electronic copy of their data).
We hold audio and video recordings of lessons for a limited period for safeguarding purposes. Please note that while our primary purpose for these recordings is safeguarding, the user and their child have the right to request access to them as part of an SAR.
When the user makes an SAR, we will take all reasonable steps to provide a copy of their personal data. However, we are legally required to protect the privacy of others. This means:
Tutor's Personal Data: As the data controller and lead tutor, Rebecca Clements, explicitly consents to their image and voice being included in the recordings and to the disclosure of these recordings to a parent or legal guardian upon a valid SAR. This consent is documented internally and serves as our legal basis for providing a copy of the lesson without redacting the tutor's personal data.
Other individuals' Personal Data: We will, however, redact or remove any personal data belonging to other individuals (such as other tutors, if applicable, or any other person appearing in the background) from the recordings before providing them. This is a legal requirement under the GDPR to protect the privacy of third parties.
We will respond to all SARs without undue delay and at the latest within one month of receiving the request. If the request is complex, we may extend this period by a further two months, but we will inform the user of this within the initial one-month period.
To ensure the security of the user's data, we will need to verify the user's identity before we can fulfil the request. We may ask for information to confirm the user's identity or their authority to act on behalf of their child.
To exercise any of these rights, the user can contact us at info@beccatuition.com. Please note that we may need to verify the user's identity before fulfilling their request.
7. No Marketing and No Data Sales
We are committed to protecting the user's inbox and privacy. We will never sell the user's personal data to any third party for marketing or any other purpose. We also will not use the user's contact information for any form of email marketing unless we have received explicit consent from the user to do so. All email communication will be transactional and relate directly to the service provided.
8. Data Retention
We will only keep the user's personal data for as long as is necessary to fulfil the purposes for which we collected it. Lesson recordings and their associated transcripts are stored for a period of 90 days to allow for the investigation of any immediate safeguarding concerns. In the event of a safeguarding issue that requires a longer investigation, we will retain the relevant data for as long as is legally necessary to cooperate with the relevant authorities.
We retain lesson logs, booking data, and invoices for a period of 6 years to meet our legal obligations for financial record-keeping. Records of SARs are kept for 7 years in compliance with data protection laws.
Data collected from the initial contact form is retained for a period of one year from the date of submission. This is to allow us to refer back to the inquiry for administrative, legal, and operational purposes, or until the purpose for which the data was collected has been fulfilled (for example, once a consultation or sample lesson is complete).
9. The User's Consent and Agreement
The user's explicit consent to this Privacy Policy is provided by checking the box and submitting the booking form. This serves as the legal basis for processing the user's personal data specifically for the online tutoring service (user registration, lessons, and billing), separate from any data collected for the website's proper functioning.
10. How the User Can Complain
If the user has any concerns about our use of their personal data, they can contact us at info@beccatuition.com. If the user is not satisfied with our response, they have the right to lodge a complaint with the UK data protection regulator, the Information Commissioner's Office (ICO).
This Privacy Policy may be updated from time to time to reflect changes in our practices or for legal reasons. We will notify the user of any significant changes.
Date of Policy: 21 September 2025