Version 1.0.0
This Privacy Policy explains how Rescoping Education Ltd collects, uses, and protects the personal information of our users. We are committed to protecting user privacy and being transparent about our data practices. This policy applies to our website and our interactions with the user.
1. Who We Are
Rescoping Education Ltd is the data controller. This means our company decides how and why the personal information of our users is collected, used, and protected.
2. The Information We Collect
We collect different types of data for specific purposes, as outlined below:
| Type of Data | Specific Data Points Collected | Purpose of Collection | Is this Personal Data? |
|---|---|---|---|
| Website Usage Data | Page views, session duration, browser type. | To help us understand how our website is used and improve the user experience. | No. All data is anonymous and cannot be used to identify the user. |
| Website functioning | IP address, browser type, pages visited, time of visit. | To ensure the proper security of the website. | Yes. |
| Name, email address, and any comments or queries. | To facilitate contact, answer user questions, and respond to general inquiries. | Yes. | |
| Donation Data | Donor's name, email address, transaction details, billing address, and payment processor identifiers (Stripe, PayPal). | To process the donation, issue a receipt, and maintain financial and legal records. | Yes. |
a) Website Usage Data
We believe in respecting user privacy. To help us understand how our website is used and improve the user experience, we collect certain usage data. This data is collected using a privacy-focused analytics service and does not use cookies or other tracking methods that store information on a user's device. The data we collect is fully anonymous and cannot be used to identify the user as an individual.
Since the anonymous data we collect cannot be linked back to the user, we do not have the ability to provide access to, or delete, this data on an individual basis. However, the user can use their browser settings to block all data collection if they choose to do so.
b) Data Collected for Website Functioning
Our website is hosted on Netlify. Netlify uses strictly necessary cookies for the website's proper functioning and security. These cookies collect technical information, such as the user's IP address, to ensure the website operates securely and reliably. They are essential and do not require user consent. For more details on the cookies Netlify uses, please refer to their privacy and cookies policies.
c) Our Commitment to the User's Privacy
We are committed to being transparent about the information we collect and how we use it. We do not sell or share user data with third parties for marketing purposes. The personal information we collect is held in the strictest confidence and is used only for the purposes outlined above.
3. How We Use the User's Information
We use the user's personal information for the following purposes and with the following legal bases:
To maintain administrative and legal records (Legal Basis: Legitimate Interest & Legal Obligation): We collect information sent to us by email. These records are necessary for internal record-keeping. We also keep a record of Subject Access Requests (SARs) and related documentation to demonstrate our compliance with data protection laws. Emails are retained for administrative and communication purposes related to our services.
For initial inquiries (Legal Basis: Legitimate Interest): We process the personal data collected by email, including the user's name, email, and message, to respond to the user's inquiries and facilitate potential services. This is a necessary step for our business to operate and is a legitimate interest that the user would reasonably expect.
To ensure website security and functionality (Legal Basis: Legitimate Interest): We process technical data, such as IP addresses and browser information, to monitor the website for security threats, prevent fraudulent activity, and ensure the proper operation of our services. This is necessary for our business to operate securely and reliably and is a legitimate interest that does not unduly impact the user's privacy rights.
To process donations and maintain financial records (Legal Basis: Legal Obligation and Legitimate Interest): We process donation data to complete the financial transaction and to meet our statutory legal obligations for tax and financial record-keeping (typically 6 years).
What is Legitimate Interest?
We process certain personal data based on our legitimate interests. This legal basis is used when we have a legitimate business need to process the user's data in a way that the user would reasonably expect, and where this processing has a minimal impact on the user's privacy. We have determined that our legitimate interests are to provide our services securely and reliably.
4. How We Protect the User's Information
We take the security of the user's data seriously. All personal information we hold is stored on secure systems and is protected by appropriate security measures to prevent unauthorised access, use, or disclosure. We have implemented appropriate physical, technical, and administrative measures to protect the information we collect.
For enhanced security, we protect all data sent to our email addresses using a two-factor verification (2FA) process. This ensures that only authorised personnel can access and handle the user's information, providing an additional layer of protection against unauthorised access.
All records and data containing user personal information are stored using industry-standard encryption. This means that even if a data storage device were compromised, the information would be unreadable without the correct decryption key.
In addition to our own systems, we ensure that our payment processors and other third-party services employ robust security measures to protect user data.
5. Our Third-Party Data Processors
To provide our services and to fulfill our legal obligations, we engage with trusted third-party data processors. These processors act on our instructions and handle the user's data on our behalf for specific purposes, as outlined in this policy. They are carefully vetted to ensure they meet our high standards for data security and privacy and are compliant with UK GDPR.
Payment Processors: We use Stripe and PayPal for securely processing donations and resource purchases.
These third-party platforms may be based outside the UK. When data is transferred internationally, we ensure that appropriate safeguards are in place to protect the user's personal data in accordance with UK data protection laws.
6. The User's Data Rights
Under GDPR, the user has the right to request access to, correction of, or erasure of their personal data. The user also has the right to object to or restrict processing, and the right to data portability (to receive an electronic copy of their data).
We will respond to all SARs without undue delay and at the latest within one month of receiving the request. If the request is complex, we may extend this period by a further two months, but we will inform the user of this within the initial one-month period.
To ensure the security of the user's data, we will need to verify the user's identity before we can fulfill the request. We may ask for information to confirm the user's identity or their authority to act on behalf of their child.
To exercise any of these rights, the user can contact us at info@rescopingeducation.com. Please note that we may need to verify the user's identity before fulfilling their request.
7. No Marketing and No Data Sales
We are committed to protecting the user's inbox and privacy. We will never sell the user's personal data to any third party for marketing or any other purpose. We also will not use the user's contact information for any form of email marketing unless we have received explicit consent from the user to do so. All email communication will be transactional and relate directly to the service provided.
8. Data Retention
We will only keep the user's personal data for as long as is necessary to fulfil the purposes for which we collected it. In the event of a safeguarding issue that requires a longer investigation, we will retain the relevant data for as long as is legally necessary to cooperate with the relevant authorities.
We retain financial communication data related to donations and purchases for a period of 6 years to meet our legal obligations for financial record-keeping. Records of SARs are kept for 7 years in compliance with data protection laws.
Data collected from emails is retained for a period of one year from the date of submission. This is to allow us to refer back to the inquiry for administrative, legal, and operational purposes, or until the purpose for which the data was collected has been fulfilled.
9. The User's Consent and Agreement
By accessing or using the Website, the User agrees to be bound by this Privacy Policy. The processing of technical data (IP address, country, etc.) is based on our Legitimate Interest in maintaining a secure and functional service, as detailed in Section 3.
The processing of any communication data provided via email is based on the Company's Legitimate Interest in providing customer support and responding to user inquiries, which is a necessary and expected function of the business.
10. How the User Can Complain
If the user has any concerns about our use of their personal data, they can contact us at info@rescopingeducation.com. If the user is not satisfied with our response, they have the right to lodge a complaint with the UK data protection regulator, the Information Commissioner's Office (ICO).
This Privacy Policy may be updated from time to time to reflect changes in our practices or for legal reasons. We will notify the user of any significant changes.
Date of Policy: 31 October 2025