Privacy Policy & GDPR

PRIVACY & DATA MANAGEMENT FRAMEWORK

GDPR & Data Protection

SECTION A: OVERVIEW

At Hounslow Tutors we believe that protecting personal information is part of our professional integrity. This document explains what we do with the personal data of people that share data with us.

We completely oblige the UK GDPR, the Data Protection Act 2018, and current ICO guidance as highlighted in at https://ico.org.uk.

To start with, all data is handled in confidence. No information is released to advertisers or mailing companies. Access to data is restricted to authorised staff using secure, encrypted systems.

SECTION B: LEGAL FOUNDATIONS

This policy has been created using statutory law and case law interpretation of statutes and regulations as underpinned by, but not limited to: UK GDPR, Working Together to Safeguard Children (DfE 2023), HMRC Record Retention Requirements, Proceeds of Crime Act 2002, Income Tax (PAYE) Regulations 2003, Data Protection Act 2018, ICO Recruitment and Employment Code (2021), Finance Act 1998 and the ICO Recruitment and Employment Code (2021).

SECTION C: DATA DISCLOSURE

We never sell or distribute information for commercial use.
Data may be released only:

• When required by law or regulation (e.g. HMRC, child-protection authorities); or
  
  
• When you give written consent.
  Only minimal information is shared in line with Article 5(1)(c) data minimisation.

 

SECTION D — COLLECTION AND USE OF INFORMATION

1. Applicants submit required personal details through our online form. These details are used strictly for safeguarding and placement decisions and are stored within a secure internal system.
2. During active membership, additional academic and contact data are maintained for teaching, scheduling, and communication purposes.
3. When a student or staff member departs, their record is flagged as inactive. Financial data is archived for a minimum of six years to comply with HMRC and the Companies Act 2006.
4. Post-Enrolment Communications. Members are subscribed to email bulletins providing dates, notices, and updates. Names and email addresses only are stored for this purpose. You can unsubscribe by replying to the bulletin email at any time.
   
   

SECTION E — RETENTION OF YOUR DATA

E.1 Reason for Retention
As required by Article 5(1)(e) UK GDPR and Schedule 1 Part 2 Paragraph 4 DPA 2018, we retain limited data for legal and operational reasons, including attendance verification, safeguarding, and statutory record-keeping. Our legal bases: Article 6(1)(c) (legal duty) and Article 6(1)(f) (legitimate interest).

E.2 Retention Schedule
The following schedule is laid out by:

• Type of Record / Retention Period / Authorising Regulation
  
• Student Information / 6 years post-departure / UK GDPR Art 5(1)(e); DPA 2018 Sch. 1 Pt 2 Para 4
  
• Safeguarding Material / To age 25 / DfE “Working Together to Safeguard Children” 2023
  
  
• Financial / Accounting Data / 6 years from financial year end / Companies Act 2006; HMRC
  
  
• Payroll & Employment Data / 6 years after employment ends / Finance Act 1998; PAYE 2003
  
  
• Job Applications (unsuccessful) / Retained 6 months / ICO Recruitment Code 2021; GDPR Art 6(1)(f)
  
  
• Staff Records (successful) Employment / + 6 years / Employment Rights Act 1996
  
  
• Contact Lists (Newsletters) / Until opt-out / GDPR Art 6(1)(a) Consent
  
  
• References / Verification Notes / 6 years / GDPR Art 5(1)(e); 6(1)(f) Legitimate Interest
  

E.3 Rejected Staff and Student Data
Information from candidates who are rejected is stored securely for up to six months. This period allows the centre to answer follow-up queries, prevent fraudulent submissions, and review hiring processes. Unless the applicant consents to future contact, all personal data is permanently deleted or anonymised once the period ends.

E.4 Right to Erasure (Article 17)
Requests for deletion will be respected except where retention is required by law. Certain records cannot be erased due to obligations under the Companies Act 2006, HMRC legislation, Proceeds of Crime Act 2002, and Money Laundering Regulations 2017. These rules oblige educational and financial organisations to preserve records that may assist in detecting or reporting fraudulent activity.

E.5 Keeping Updated
Policy reviews occur annually to ensure ongoing compliance (Article 5(2)).

SECTION F: CORE PRINCIPLES

Hounslow Tutors observes the following guiding rules principles of the UK GDPR. Your information must be: a) Used in a fair, transparent, and lawful way. b) Collected only for legitimate, specific aims. c) Relevant and proportionate to the purpose. d) Accurate and updated when necessary. e) Held only for an appropriate duration. f) Protected from unauthorised access or loss.

SECTION G — INFORMATION SECURITY
Hounslow Tutors uses encrypted servers, password-controlled accounts, and staff training to prevent misuse of information.

Any suspected breach will be logged and, where necessary, reported to the ICO in compliance with Articles 33 and 34 UK GDPR.