Version 1.0.0
This Privacy Policy explains how Rescoping Education Ltd collects, uses, and protects the personal information of our users. We are committed to protecting user privacy and being transparent about our data practices. This policy applies to our website and our interactions with the user.
1. Who We Are
Rescoping Education Ltd is the data controller. This means our company decides how and why the personal information of our users is collected, used, and protected.
2. The Information We Collect
We collect different types of data for specific purposes, as outlined below:
| Type of Data | Specific Data Points Collected | Purpose of Collection | Is this Personal Data? |
|---|---|---|---|
| Website Usage Data | Page URL path, timestamp, user agent, referrer URL, language, geolocation (country/subdivision). Crucially: A hashed visitor identification (derived from IP address and User Agent) is used to track your daily activity. | To help us understand how our website is used and improve the user experience. The hashed identification enhances privacy. | Yes (Pseudonymous). |
| Website functioning | User's IP Address, request headers (e.g., User Agent) for the duration of the request, and a Server-side Session ID (for quiz progress). | To enable the core functionality of the website, including routing traffic, preventing abuse, maintaining the connection (e.g., serving static files), and facilitating the strictly necessary ability to save and load your quiz progress. | Yes. |
| Quiz Activity Data | Anonymous session identification, quiz score, session duration, total Submissions Count, chosen answers, history of questions seen, history of incorrect questions. | To save user progress, resume quizzes across sessions, and improve the quality of the quiz content and question selection (e.g., repeating incorrect questions). | Yes (Pseudonymous). |
| Name, email address, and any comments or queries. | To facilitate contact, answer user questions, and respond to general inquiries. | Yes. | |
| Transaction Data | Donor's name, email address, transaction details, billing address, and payment processor identifiers (Stripe). This does not include your full card number or billing address, as these are handled directly by Stripe. | To process the donation, issue a receipt, and maintain financial and legal records. | Yes. |
a) Website Usage Data
We believe in respecting user privacy. To help us understand how our website is used and improve the user experience, we collect certain usage data. This data is collected using a privacy-focused analytics service and does not use cookies or other tracking methods that store information on a user's device. The data we collect is fully anonymous and cannot be used to identify the user as an individual.
Since the anonymous data we collect cannot be linked back to the user, we do not have the ability to provide access to, or delete, this data on an individual basis. However, the user can use their browser settings to block all data collection if they choose to do so.
b) Data Collected for Website Functioning and Transaction Processing
Our website is hosted on Netlify. Netlify uses strictly necessary cookies for the website's proper functioning and security. These cookies collect technical information, such as the user's IP address, to ensure the website operates securely and reliably. They are essential and do not require user consent. For more details on the cookies Netlify uses, please refer to their privacy and cookies policies.
Our third-party payment provider, Stripe, may use essential technical identifiers to ensure the security of your transaction when you visit their payment link.
c) Our Commitment to the User's Privacy
We are committed to being transparent about the information we collect and how we use it. We do not sell or share user data with third parties for marketing purposes. The personal information we collect is held in the strictest confidence and is used only for the purposes outlined above.
3. How We Use the User's Information
We use the user's personal information for the following purposes and with the following legal bases:
To maintain administrative and legal records (Legal Basis: Legitimate Interest & Legal Obligation): We collect information sent to us by email. These records are necessary for internal record-keeping. We also keep a record of Subject Access Requests (SARs) and related documentation to demonstrate our compliance with data protection laws. Emails are retained for administrative and communication purposes related to our services.
For initial inquiries (Legal Basis: Legitimate Interest): We process the personal data collected by email, including the user''s name, email, and message, to respond to the user''s inquiries and facilitate potential services. This is a necessary step for our business to operate and is a legitimate interest that the user would reasonably expect.
To provide subscription services (Legal Basis: Contractual Necessity): For our subscribers, we process your email address and transaction confirmation. This processing is strictly necessary to fulfill our contract with you, allowing us to manage your account and provide you with access to our paid content.
To process donations, subscriptions, and maintain financial records (Legal Basis: Legal Obligation and Legitimate Interest): We process payment and transaction data to complete financial transactions (donations or purchases) and to meet our statutory legal obligations for UK tax and accounting record-keeping (typically 6 years). This is also a necessary function for our internal record-keeping and business administration.
To ensure website security and prevent fraud (Legal Basis: Legitimate Interest): We process technical data, such as IP addresses and card origin information, to monitor for security threats and prevent fraudulent activity. This is necessary to operate our services securely, enforce our UK-only service restrictions, and protect both our business and our users.
What is Legitimate Interest?
We process certain personal data based on our legitimate interests. This legal basis is used when we have a legitimate business need to process the user's data in a way that the user would reasonably expect, and where this processing has a minimal impact on the user's privacy. We have determined that our legitimate interests are to provide our services securely and reliably.
4. How We Protect the User's Information
We take the security of the user's data seriously. All personal information we hold is stored on secure systems and is protected by appropriate security measures to prevent unauthorised access, use, or disclosure. We have implemented appropriate physical, technical, and administrative measures to protect the information we collect.
For enhanced security, we protect all data sent to our email addresses using a two-factor verification (2FA) process. This ensures that only authorised personnel can access and handle the user's information, providing an additional layer of protection against unauthorised access.
All records and data containing user personal information are stored using industry-standard encryption. This means that even if a data storage device were compromised, the information would be unreadable without the correct decryption key.
In addition to our own systems, we ensure that our payment processors and other third-party services employ robust security measures to protect user data.
We take the security of the user's data seriously. All personal information we hold is stored on secure systems and is protected by appropriate security measures. Payment data processed via Stripe may be transferred to and stored in the United States. To ensure your information is protected to UK standards, Stripe utilises appropriate safeguards, including Standard Contractual Clauses (SCCs) and the UK Extension to the EU-U.S. Data Privacy Framework.
5. Our Third-Party Data Processors
To provide our services and to fulfil our legal obligations, we engage with a trusted third-party data processor. This processor acts on our instructions and handles the user's data on our behalf for specific purposes, as outlined in this policy. They are carefully vetted to ensure they meet our high standards for data security and privacy and are compliant with UK GDPR. Stripe may use your technical data (such as IP address and card origin) to prevent fraud and ensure compliance with our UK-only service restrictions. You can view their privacy practices at stripe.com/privacy.
Payment Processors: We use Stripe and PayPal for securely processing donations, subscriptions, and resource purchases.
This third-party platform may be based outside the UK. When data is transferred internationally, we ensure that appropriate safeguards are in place to protect the user's personal data in accordance with UK data protection laws.
6. The User's Data Rights
Under GDPR, the user has the right to request access to, correction of, or erasure of their personal data. The user also has the right to object to or restrict processing, and the right to data portability (to receive an electronic copy of their data).
We will respond to all SARs without undue delay and at the latest within one month of receiving the request. If the request is complex, we may extend this period by a further two months, but we will inform the user of this within the initial one-month period.
To ensure the security of the user's data, we will need to verify the user's identity before we can fulfill the request. We may ask for information to confirm the user's identity or their authority to act on behalf of their child.
To exercise any of these rights, the user can contact us at info@rescopingeducation.co.uk . Please note that we may need to verify the user's identity before fulfilling their request.
7. No Marketing and No Data Sales
We are committed to protecting the user's inbox and privacy. We will never sell the user's personal data to any third party for marketing or any other purpose. We also will not use the user's contact information for any form of email marketing unless we have received explicit consent from the user to do so. All email communication will be transactional and relate directly to the service provided.
8. Data Retention
We will only keep the user's personal data for as long as is necessary to fulfil the purposes for which we collected it. In the event of a safeguarding issue that requires a longer investigation, we will retain the relevant data for as long as is legally necessary to cooperate with the relevant authorities.
We retain financial communication data related to donations and purchases for a period of 6 years to meet our legal obligations for financial record-keeping. Records of SARs are kept for 7 years in compliance with data protection laws.
Data collected from emails is retained for a period of one year from the date of submission. This is to allow us to refer back to the inquiry for administrative, legal, and operational purposes, or until the purpose for which the data was collected has been fulfilled.
9. The User's Consent and Agreement
By accessing or using the Website, the User agrees to be bound by this Privacy Policy. The processing of technical data (IP address, country, etc.) is based on our Legitimate Interest in maintaining a secure and functional service, as detailed in Section 3.
The processing of any communication data provided via email is based on the Company's Legitimate Interest in providing customer support and responding to user inquiries, which is a necessary and expected function of the business.
10. How the User Can Complain
If the user has any concerns about our use of their personal data, they can contact us at info@rescopingeducation.co.uk . If the user is not satisfied with our response, they have the right to lodge a complaint with the UK data protection regulator, the Information Commissioner's Office (ICO).
This Privacy Policy may be updated from time to time to reflect changes in our practices or for legal reasons. We will notify the user of any significant changes.
Date of Policy: 10 January 2026