Menu
close
CONTACT
Our website addresses are: https://gcsecatchup.co.uk and https://my.gcsecatchup.co.uk 

Registered in England and Wales under company number 14386655 and registered address:

115 New Bridge Street, Innovation Northumbria Incubator, Newcastle Upon Tyne, United Kingdom, NE1 8ST

For any data concerns please email: [email protected]

ICO registration number: ZB543594

Please add the email subject ‘data access request’ to all emails regarding data access requests. If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

We may send you marketing emails, which you can unsubscribe from by clicking the link at the bottom of the email.

Effective Date: 27/09/2023

1. Introduction

We are committed to protecting the privacy and security of your personal information. This Privacy Policy outlines how we collect, use, disclose, and protect the personal information of students, staff, and schools using our Service. This policy applies to all users of our Service in the United Kingdom.

2. Information We Collect

We may collect the following categories of personal information:

2.1. Information Provided by You

When you create an account, we may collect your name, email address, contact information, and other relevant details.
If you are a Student, we may collect information such as your name, email address and school information.
If you are a Staff member, we may also collect your name, email address and school information.
If you represent a School, we may collect information about your institution, such as name, address, and contact details.

2.2. Information Collected Automatically

We may collect information about your use of the Service, including your IP address, device type, browser type, and usage patterns.


2.3 Students' Personal Data

We handle the personal data of students using our services. In this capacity, we act as a data processor on behalf of the student's School. The School is the entity responsible for determining how personal data is processed, and we strictly follow the School's instructions in this regard.

Therefore, if a student (or their parent acting on their behalf) wishes to assert their rights concerning the processing of their data, they should contact their School. The School will then provide us with the necessary instructions on how to proceed.

2.4 Personal Information on Behalf of Someone Else

If you provide us with information on behalf of another person, you affirm that the individual has designated you as their representative and has consented to your authority to:

Transmit their personal data and provide consent on their behalf for the processing of their personal data.
Receive data protection notices on their behalf.
Provide consent for the transfer of their personal data to international destinations.
Provide consent for the processing of their sensitive personal data (if applicable).

3. How We Use Your Information

We use the collected information for the following purposes:

To provide and improve our educational services.
To communicate with users regarding their accounts and the Service.
To personalise and customise the user experience.
To conduct research, analytics, and reporting.
To comply with legal and regulatory obligations.


4. Sharing Your Information

We may share your personal information with the following third parties:

Service providers who assist us in operating the Service for operational purposes only.
Legal authorities when required by law or to protect our rights.
With your consent, in other circumstances.

5. Security Measures

We take reasonable measures to protect your personal information from unauthorised access, disclosure, alteration, or destruction. These measures include data encryption, access controls, and regular security assessments.

We store your personal data on servers in data centres in the UK, provided by DigitalOcean. DigitalOcean data centres are compliant with the international information security standard (ISO 27001, SOC, PCI-DSS)

https://www.digitalocean.com/trust/certification-reports

We safeguard your data through the following methods:

HTTPS
CDN and Firewalls
Unique passwords and usernames
Double-ended encryption
All full-time staff who GCSE Catch Up Limited employs are DBS checked
GCSE Catch Up staff use password protected computer systems and VPNs
Database backups are deleted after 7 days
Only essential GCSE Catch Up staff can access the databases.
All staff have regular training on online security

Although we will make every effort to protect your personal information, please note that the internet is not completely secure. Therefore, we cannot guarantee the safety or accuracy of any personal information that is transmitted to or from you via the Internet.

6. Your Rights

You have the following rights regarding your personal information:

Access: You can request access to the personal information we hold about you.
Correction: You can request corrections to inaccurate or incomplete information.
Deletion: You can request the deletion of your personal information.
Objection: You can object to the processing of your personal information.
Data Portability: You can request the transfer of your personal information to another party.
To exercise these rights, please contact us using the information in Section 8.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your user experience and analyse usage patterns. You can manage your cookie preferences through your browser settings.

8. Contact Information

If you have questions or concerns about this Privacy Policy or wish to exercise your rights, please contact us at:

GCSE Catch Up, 115 New Bridge Street, Innovation Northumbria Incubator, Newcastle Upon Tyne, United Kingdom, NE1 8ST. [email protected]

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. The most recent version will be posted on our website, and we will notify you of any material changes.

By using our Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use our Service.

10. Data Protection Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the United Kingdom.

11. Personal Data Breach Policy

We are committed to promptly identifying, mitigating, and notifying individuals and relevant authorities in case of a personal data breach. A personal data breach is defined as a security incident that leads to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.

11.1. Data Breach Notification

If we become aware of a personal data breach, we will take the following steps:

Assessment: We will promptly assess the nature and scope of the breach, including the type of personal data affected and the potential impact on individuals.
Containment: We will take immediate action to contain and minimise the breach's impact.
Notification: If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will notify the Information Commissioner's Office (ICO) and affected individuals without undue delay, as required by applicable data protection laws within 72 hours.


11.2. Communication to Affected Individuals

In the event of a personal data breach that poses a high risk to individuals:

We will provide clear and timely information about the breach, including its consequences and the measures taken to address it.
We will advise affected individuals on steps they can take to protect themselves.


11.3. Data Breach Records

We will maintain records of all personal data breaches, including their effects and the actions taken to address them. These records will be provided to the ICO upon request.

11.4. Preventative Measures

We continually assess and update our security measures to prevent personal data breaches. This includes regular security audits, employee training, and the implementation of best practices in data security.

11.5. Contact Information

If you suspect or become aware of a personal data breach related to our Service, please report it immediately to GCSE Catch Up.

11.6. Data Protection Authority

If you believe that we have not handled a personal data breach in compliance with applicable data protection laws, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the United Kingdom.

This Personal Data Breach Policy underscores our commitment to data security and compliance with data protection regulations. We take every precaution to prevent and address breaches, and we are dedicated to ensuring the security and privacy of your personal information.

12.How long do we keep your personal data?

When your subscription ends, you can decide whether you want us to delete your data or give it back to you. If you don't make a choice, we'll automatically delete your data after 6 months.

If a school provides a spreadsheet containing student information in order for us to set up their accounts. We delete these spreadsheets as soon as the process of onboarding has been completed.

On request, we will anonymise an individual’s or school’s data in 48 hours.
For ...
Students
Schools
Parents
Contact Information
Address
115 New Bridge Street
Innovation Northumbria Incubator
Newcastle upon Tyne
United Kingdom
NE1 8ST
Email
[email protected]
Copyright © 2024 GCSE Catch Up Limited All Rights Reserved
menu-circlecross-circle linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram