Privacy Policy 

Last updated:18/10/2025 

 1. Policy Statement 

Enhanced Tutoring is committed to protecting the privacy and security of personal data. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, ensuring that all personal data we collect, store, use, and share is handled lawfully, fairly, transparently, and securely. 

This policy explains: 

  • What personal data we collect and why 

  • How we store and use personal data 

  • Who we share data with and why 

  • The rights of individuals regarding their data 

  • How to contact us with questions or concerns 

This policy applies to all parents, students, tutors, staff, contractors, and third parties engaged with Enhanced Tutoring. 

 

2. Who We Are 

Enhanced Tutoring Services Ltd 

Registered in England and Wales 

Company number: 16630754 

Email: admin@enhancedtutoring.co.uk 

We are the data controller for the purposes of UK GDPR. 

 

3. Definitions 

  • Personal Data: Any information relating to an identified or identifiable individual (e.g., name, address, email, phone number, student progress notes). 

  • Special Category Data: Sensitive data such as medical information, safeguarding records, or information on protected characteristics. 

  • Data Controller: Enhanced Tutoring - we determine how and why personal data is processed. 

  • Data Processor: A third party that processes data on our behalf (e.g., cloud storage providers, online platforms). 

  • Processing: Any action performed on data, including collecting, storing, sharing, or deleting. 

 

4. The Data We Collect 

We collect personal data from students, parents/carers, and tutors to provide safe, high-quality educational services. The categories of data we collect may include: 

a. Students and Parents/Carers 

  • Personal identifiers (name, date of birth, contact details) 

  • Parent/carer contact details (names, phone numbers, email addresses) 

  • Educational information (school year, subjects, academic goals, assessment information) 

  • Safeguarding or medical information relevant to tuition and student welfare 

  • Records of tutoring sessions, attendance, and progress reports 

  • Communication records with parents and students 

b. Tutors 

  • Personal identifiers (name, contact details, date of birth) 

  • Proof of ID and right to work documentation 

  • CV, qualifications, references, and training records 

  • DBS certificate and safeguarding training records 

  • Bank details (for payment) 

  • Performance review notes and training engagement 

  • Communication records with students, parents, and Enhanced Tutoring staff 

 

5. How We Collect Data 

Data is collected through: 

  • Online enquiry and application forms 

  • Email and phone communications 

  • Registration and onboarding forms for tutors and students 

  • Progress reporting and session notes 

  • DBS checks and background vetting processes 

  • Direct conversations during tutoring sessions or training 

 

6. Lawful Basis for Processing 

We only process personal data where we have a lawful basis under UK GDPR. The main lawful bases we rely on are: 

  • Contractual Necessity: To deliver tuition services and fulfil contractual agreements with parents, students, and tutors. 

  • Legal Obligation: To comply with safeguarding, employment, tax, and regulatory requirements. 

  • Legitimate Interests: To manage operations, improve services, ensure quality, and maintain safeguarding standards. 

  • Consent: For specific activities where required (e.g., marketing communications). 

For safeguarding records and medical data, we rely on substantial public interest and legal obligations to ensure the safety and wellbeing of children. This means that we are allowed to collect, store, and share sensitive information (like safeguarding concerns or medical needs) without needing consent, because the law says we must protect children and act in their best interests. This is legally covered by UK GDPR (Article 9) and the Data Protection Act 2018. 

 

7. How We Use Personal Data 

We use personal data for the following purposes: 

  • To match students with suitable tutors. 

  • To communicate with parents, students, and tutors about sessions, progress, and safeguarding matters. 

  • To deliver high-quality, tailored educational services. 

  • To manage tutor recruitment, training, quality assurance, and payment. 

  • To comply with legal and safeguarding obligations. 

  • To maintain accurate administrative and financial records. 

  • To improve our services and ensure compliance with professional standards. 

We do not sell personal data to third parties. 

 

8. How We Store Data 

We store personal data securely using encrypted, password-protected digital systems. This includes: 

  • Secure cloud storage with access controls. 

  • Password-protected CRM systems and databases. 

  • Encrypted email and document storage. 

  • Limited access on a need-to-know basis (e.g., safeguarding information is only accessible to Directors). 

Physical records (if any) are stored in locked cabinets in secure premises. 

We apply strict access controls: 

  • Tutors only receive the information necessary to deliver tuition safely and effectively. 

  • Student data is not shared between tutors without authorisation. 

  • All staff and tutors receive data protection training as part of induction. 

 

9. Data Sharing 

We only share personal data when necessary and in line with UK GDPR. Data may be shared with: 

  • Tutors: To provide relevant student information needed for safe and effective tutoring. 

  • Parents/Carers: To communicate about student progress, safeguarding, and logistics. 

  • Schools/MATs: When tuition is commissioned by a school, we may share progress reports and safeguarding information as required. 

  • Service Providers: Trusted third-party platforms for secure storage, scheduling, and communication (e.g., online learning platforms, CRM systems). 

  • Regulatory or Safeguarding Authorities: Such as local authorities, the police, or DBS if required for legal or safeguarding reasons. 

All third parties we share data with must comply with UK GDPR and data security standards. 

 

10. Data Retention 

We keep personal data only as long as necessary for the purposes outlined in this policy and to comply with legal obligations: 

  • Student and parent records: up to 7 years after the end of tuition (in line with safeguarding best practice). 

  • Safeguarding records: as long as required by law, even after tuition has ended. 

  • Tutor records: up to 7 years after the end of engagement (for legal and financial record-keeping). 

  • Financial records: 6 years, in line with HMRC requirements. 

After these periods, data will be securely deleted or anonymised. 

 

11. Data Subject Rights 

Under UK GDPR, individuals have the following rights: 

  • Right to be informed - about how their data is collected and used. 

  • Right of access - to request a copy of the personal data we hold. 

  • Right to rectification - to correct inaccurate or incomplete data. 

  • Right to erasure (“right to be forgotten”) - in certain circumstances. 

  • Right to restrict processing - in specific cases. 

  • Right to data portability - to receive data in a commonly used format. 

  • Right to object - to processing in certain situations. 

  • Rights in relation to automated decision-making - Enhanced Tutoring does not use automated decision-making. 

Requests to exercise these rights can be made in writing to admin@enhancedtutoring.co.uk. We will respond within one calendar month

For concerns about data protection, you can also contact the Information Commissioner’s Office (ICO)

  • Website: www.ico.org.uk 

  • Telephone: 0303 123 1113 

12. Data Breaches 

We take all data breaches seriously. A data breach is any incident that compromises the confidentiality, integrity, or availability of personal data. 

If a breach occurs: 

  • It will be reported immediately to the Data Protection Lead. 

  • We will investigate, mitigate harm, and record the incident. 

  • If required, we will report the breach to the Information Commissioner’s Office (ICO) within 72 hours. 

  • Affected individuals will be notified where there is a high risk to their rights and freedoms. 

 

13. Marketing Communications 

We may occasionally send parents or tutors information about new services, training opportunities, or resources. We will only do this with explicit consent, and individuals can opt out at any time by emailing us or using unsubscribe links. 

 

14. Policy Review 

This policy will be reviewed annually or sooner if there are changes to legislation or our practices. All staff and tutors must read, understand, and agree to comply with this policy as part of their induction. 

 

All tutors and staff must confirm in writing that they have read, understood, and agree to abide by this Data Protection & GDPR Policy prior to commencing work with Enhanced Tutoring.