GDPR Policy

Introduction

At Top of the Class Private Tutor, we are committed to protecting and respecting your privacy. This policy explains how we collect, use, and safeguard personal data in line with UK GDPR (UK General Data Protection Regulation).

Who We Are
Top of the Class Private Tutor is owned and run by Kate Scott.

Our GDPR Principles

We follow the key principles of GDPR:

  • Lawfulness, fairness & transparency – we process personal data legally and clearly explain why.
  • Purpose limitation – we only use data for the reasons stated here.
  • Data minimisation – we only collect what is needed.
  • Accuracy – we keep data up to date.
  • Storage limitation – we don’t keep data longer than necessary.
  • Integrity & confidentiality – we keep data safe.
  • Accountability – we take responsibility for our practices.

What Data We Collect

We may collect the following personal information:

  • Parent/guardian contact details – names, phone numbers, email addresses, and postal addresses
  • Student details – name, date of birth, school year, learning needs, progress notes, assessments, SATs results where relevant
  • Payment information – invoices and payment history (we do not store full card or bank details – payments are handled securely via third-party providers)
  • Communications – emails, phone calls, and messages relating to tuition

How We Collect Data

  • Enquiry and registration forms
  • Email, phone, or messaging apps
  • In-person meetings and tuition sessions (online or face-to-face)
  • Progress assessments and session notes
  • Payment and invoice records

How We Use Your Data

We use personal data for the following purposes:

  • To arrange, deliver, and manage tuition sessions
  • To track student progress and keep parents informed
  • To process payments and issue invoices
  • To comply with legal, safeguarding, and accounting obligations
  • With consent, to send occasional updates or resources (you can opt out at any time)

We do not sell personal data. Data is only shared when:

  • Required by law or safeguarding duties
  • With trusted service providers (e.g. payment processors, secure IT systems)
  • With your consent (e.g. sharing a progress summary with a teacher or school)

How We Keep Data Safe

We take data protection seriously and use:

  • Password-protected and encrypted systems
  • Reputable, secure cloud services
  • Regular data backups
  • Access controls so only authorised staff can see information
  • Staff training on confidentiality and data handling

How Long We Keep Data

  • Tuition and progress records: up to 3 years after tuition ends
  • Payment and invoice records: 6 years (for accounting/legal compliance)
  • Enquiries that do not proceed: up to 12 months

Your Rights

Under GDPR, you have the right to:

  • Access your data and request a copy
  • Correct inaccurate or incomplete data
  • Request deletion of your data (subject to legal obligations)
  • Restrict or object to certain types of processing
  • Request portability of your data in a usable format
  • Withdraw consent where processing is based on consent

To exercise your rights, please email us at topoftheclass25@gmail.com. We aim to respond within one month.

If you have concerns, you can also contact the UK Information Commissioner’s Office (ICO): www.ico.org.uk / 0303 123 1113.

Data Breaches

If a personal data breach occurs, we will take immediate action to secure the data. If there is a risk to individuals’ rights or freedoms, we will notify affected parties and the ICO within 72 hours.

Updates to This Policy

This policy is reviewed annually to ensure compliance with UK law and best practice.

  • Last updated: 10 September 2025
  • Next review: July 2026

Top of the Class Private Tutor
www.topoftheclass.net | topoftheclass25@gmail.com