More Than Just Tuition Privacy Policy

More Than Just Tuition ("the Company", "we", "us", "our") is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with:

• The UK General Data Protection Regulation (UK GDPR)

• The Data Protection Act 2018

This policy applies to all Clients, Students, website visitors, and individuals who engage with our Services.

Asha Wadley is the data controller responsible for your personal data.

Contact details:
Email: ashawadley@morethanjusttuition.com
Phone: +44 7568525430

If you have any questions about this policy or your data, please contact us using the details above.

We may collect and process the following categories of personal data:

3.1 Client Information

• Name
• Email address
• Telephone number
• Billing address
• Payment information (processed via third-party providers)

3.2 Student Information

• Name
• Age / Date of Birth
• School year and academic level
• Educational needs
• Academic progress information
• Safeguarding-related information (where applicable)

3.3 Technical Information

• IP address
• Browser type
• Device information
• Usage data relating to website interaction

3.4 Communications Data

• Emails
• Messages
• Session feedback
• Progress reports

We do not collect more personal data than is necessary to deliver our Services.

We provide tutoring services to students under the age of 18.

Personal data relating to children is collected with the knowledge and consent of a parent or legal guardian and processed solely for the purposes of:

• Delivering educational services
• Safeguarding compliance
• Administrative communication

We take additional care when processing children's data and limit access to authorised personnel only.

We process personal data for the following purposes:

• To provide tutoring services
• To schedule and manage sessions
• To communicate with Clients and Students
• To provide progress updates
• To process payments
• To comply with safeguarding obligations
• To meet legal and regulatory requirements
• To improve our services

We do not sell personal data to third parties.

Under UK GDPR, we rely on the following lawful bases:

• Contractual necessity – to deliver tutoring services
• Legal obligation – including safeguarding and accounting requirements
• Legitimate interests – to manage and improve our services
• Consent – where required (e.g. marketing communications)

Where consent is relied upon, it may be withdrawn at any time.

Tutoring sessions are delivered via third-party video conferencing platforms (such as Zoom or similar providers).

We may also use third-party providers for:

• Scheduling systems
• Payment processing
• Cloud storage
• Communication platforms

Payment details are processed securely by third-party payment providers. We do not store full card details.

Sessions are not recorded unless explicit consent has been obtained in advance.

We are not responsible for the privacy practices of third-party providers, though we take reasonable steps to ensure they operate securely and lawfully.

We may share personal data:

• With Tutors for the purpose of delivering Services
• With payment processors for secure transaction handling
• Where required by law, court order, or safeguarding obligation

We do not share personal data for marketing by third parties.

Where third-party service providers store or process data outside the UK, we ensure appropriate safeguards are in place, such as:

• UK adequacy regulations
• Standard contractual clauses
• Other recognised legal transfer mechanisms

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

• Educational delivery
• Safeguarding requirements
• Legal and accounting obligations

Financial records are retained for a minimum of six years in accordance with HMRC requirements.

When data is no longer required, it is securely deleted or anonymised.

We implement appropriate technical and organisational measures to protect personal data against:

• Unauthorised access
• Accidental loss
• Misuse
• Alteration
• Disclosure

Access to personal data is restricted to authorised individuals who require it for legitimate business purposes.

Under UK GDPR, you have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request erasure (where applicable)
• Restrict processing
• Object to processing
• Request data portability
• Withdraw consent (where consent is relied upon)

Requests can be made by contacting us using the details in Section 2.

We will respond within one month, unless legally permitted to extend this timeframe.

If you are unhappy with how we handle your personal data, please contact us in the first instance.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office www.ico.org.uk

We may update this Privacy Policy from time to time. The latest version will always be available on our website.