Version 1.1.0
This Privacy Policy explains how Rescoping Education Ltd collects, uses, and protects the personal information of our users. We are committed to protecting user privacy and being transparent about our data practices. This policy applies to our website and our interactions with the user.
1. Who We Are
Rescoping Education Ltd is the data controller. This means our company decides how and why the personal information of our users is collected, used, and protected.
2. The Information We Collect
We collect different types of data for specific purposes, as outlined below:
| Type of Data | Specific Data Points Collected | Purpose of Collection | Is this Personal Data? |
|---|---|---|---|
| Website Usage Data | Page views, user agent, referrer URL, language, geolocation (country/subdivision). A hashed visitor identification is used to understand daily activity. | To help us understand how the website is used and improve the experience for the users. | Yes (Pseudonymous). |
| Website functioning | User's IP address, browser type, pages visited, and time of visit. | To enable core functionality, including routing traffic, ensuring website security, and (where applicable) maintaining quiz progress. | Yes. |
| Quiz Activity Data | Visitor hash, quiz score, chosen answers, and time taken per question. | To save user progress and improve the quality of the quiz content and question selection. | Yes (Pseudonymous). |
| Name, email address, and any comments or queries. | To facilitate contact, answer user questions, and respond to general inquiries. | Yes. | |
| Transaction Data | Donor's name, email address, transaction details, and payment processor identifiers (Stripe). This does not include the user's full card number or billing address, as these are handled directly by Stripe. | To process donations and maintain financial and legal records. | Yes. |
a) Website Usage Data
We believe in respecting user privacy. To help us understand how our website is used and improve the user experience, we collect certain usage data. This data is collected using a privacy-focused method that does not use cookies. We use the browser's local storage for functional purposes, such as maintaining the user's quiz progress and preferred website theme (Light/Dark mode).
We use a visitor hash created from the user's IP address, browser type, and the current date. This hash is pseudonymous. This allows us to distinguish between different visitors and understand daily activity without identifying the user as a real-world individual or tracking the user's behaviour across multiple days.
Please Note: Because this data is first-party and essential for monitoring site health, it is not currently disabled by 'Do Not Track' settings. Using 'Incognito' or 'Private' mode will clear the user's local quiz progress after the user closes their browser but will not prevent the transmission of usage data during the user's session.
Because this usage data is linked only to a temporary hashed identifier and not to a name or account, we cannot identify which specific records belong to the user. Therefore, we are generally unable to fulfil requests to delete specific usage or quiz records. This is a privacy-preserving measure designed to ensure the user's activity remains disconnected from the user's real-world identity.
b) Data Collected for Website Functioning and Transaction Processing
Our website is hosted on Netlify. While Netlify does not use cookies by default for standard hosting, it may use strictly necessary cookies if specific security or functional features are enabled (such as password protection). These cookies are essential for the website to operate and do not require user consent. Additionally, Netlify processes technical information, such as the user's IP address, in its server logs to ensure the website operates securely and reliably. For more details, please refer to Netlify's privacy documentation.
The Website uses Stripe to process voluntary donations. Stripe handles payment processing for donations. The company does not store or process any sensitive financial information, such as the user's full credit card number.
c) Our Commitment to the User's Privacy
We are committed to being transparent about the information we collect and how we use it. We do not sell or share user data with third parties for marketing purposes. The personal information we collect is held in the strictest confidence and is used only for the purposes outlined above.
3. How We Use the User's Information
We use the user's personal information for the following purposes and with the following legal bases:
To maintain administrative and legal records (Legal Basis: Legitimate Interest & Legal Obligation): We collect information sent to us by email. These records are necessary for internal record-keeping. We also keep a record of Subject Access Requests (SARs) and related documentation to demonstrate our compliance with data protection laws. Emails are retained for administrative and communication purposes related to our services.
For initial inquiries (Legal Basis: Legitimate Interest): We process the personal data collected by email, including the user's name, email, and message, to respond to the user's inquiries and facilitate potential services. This is a necessary step for our business to operate and is a legitimate interest that the user would reasonably expect.
To process donations and maintain financial records (Legal Basis: Legal Obligation and Legitimate Interest): The company processes the personal data and transaction data provided when a user makes a donation to ensure the donation is processed correctly and to comply with legal and tax obligations.
To ensure website security and prevent fraud (Legal Basis: Legitimate Interest): We process technical data, such as IP addresses and card origin information, to monitor for security threats and prevent fraudulent activity. This is necessary to operate our services securely, enforce our UK-only service restrictions, and protect both our business and our users.
What is Legitimate Interest?
We process certain personal data based on our legitimate interests. This legal basis is used when we have a legitimate business need to process the user's data in a way that the user would reasonably expect, and where this processing has a minimal impact on the user's privacy. We have determined that our legitimate interests are to provide our services securely and reliably.
4. How We Protect the User's Information
We take the security of the user's data seriously. All personal information we hold is stored on secure systems and is protected by appropriate security measures to prevent unauthorised access, use, or disclosure. We have implemented appropriate physical, technical, and administrative measures to protect the information we collect.
For enhanced security, we protect all data sent to our email addresses using a two-factor verification (2FA) process. This ensures that only authorised personnel can access and handle the user's information, providing an additional layer of protection against unauthorised access.
All records and data containing user personal information are stored using industry-standard encryption. This means that even if a data storage device were compromised, the information would be unreadable without the correct decryption key.
In addition to our own systems, we ensure that our payment processors and other third-party services employ robust security measures to protect user data.
We take the security of the user's data seriously. All personal information we hold is stored on secure systems and is protected by appropriate security measures. Payment data processed via Stripe may be transferred to and stored in the United States. This is strictly necessary to fulfil the donation request made by the user.
5. Our Third-Party Data Processors
To provide our services and to fulfil our legal obligations, we engage with a trusted third-party data processor. This processor acts on our instructions and handles the user's data on our behalf for specific purposes, as outlined in this policy. They are carefully vetted to ensure they meet our high standards for data security and privacy and are compliant with UK GDPR. Stripe may use the user's technical data (such as IP address and card origin) to prevent fraud and ensure compliance with our UK-only service restrictions. The user can view their privacy practices at stripe.com/privacy.
Payment Processors: Stripe provides payment processing services for voluntary donations. They process personal and transaction data when the user makes a donation to ensure security and prevent fraud.
This third-party platform may be based outside the UK. When data is transferred internationally, we ensure that appropriate safeguards are in place to protect the user's personal data in accordance with UK data protection laws.
6. The User's Data Rights
Under GDPR, the user has the right to request access to, correction of, or erasure of their personal data. The user also has the right to object to or restrict processing, and the right to data portability (to receive an electronic copy of their data).
We will respond to all SARs without undue delay and at the latest within one month of receiving the request. If the request is complex, we may extend this period by a further two months, but we will inform the user of this within the initial one-month period.
To ensure the security of the user's data, we will need to verify the user's identity before we can fulfil the request. We may ask for information to confirm the user's identity or their authority to act on behalf of their child.
To exercise any of these rights, the user can contact us at info@rescopingeducation.co.uk . Please note that we may need to verify the user's identity before fulfilling their request.
7. No Automated Marketing and No Data Sales
We will never sell the user's personal data. We do not operate automated marketing mailing lists or subscriptions. We may contact the user personally via email only to respond to the user's direct inquiries or to provide specific information the user has requested. If we ever intend to use the user's email for broader marketing purposes, we will seek the user's explicit consent first.
8. Data Retention
We will only keep the user's personal data for as long as is necessary to fulfil the purposes for which we collected it. In the event of a safeguarding issue that requires a longer investigation, we will retain the relevant data for as long as is legally necessary to cooperate with the relevant authorities.
We retain financial communication data related to donations and purchases for a period of 6 years to meet our legal obligations for financial record-keeping. Records of SARs are kept for 7 years in compliance with data protection laws.
Data collected from emails is retained for a period of one year from the date of submission. This is to allow us to refer back to the inquiry for administrative, legal, and operational purposes, or until the purpose for which the data was collected has been fulfilled.
9. The User's Consent and Agreement
By accessing or using the Website, the User agrees to be bound by this Privacy Policy. The processing of technical data (IP address, country, etc.) is based on our Legitimate Interest in maintaining a secure and functional service, as detailed in Section 3.
The processing of any communication data provided via email is based on the company's Legitimate Interest in providing customer support and responding to user inquiries, which is a necessary and expected function of the business.
10. How the User Can Complain
If the user has any concerns about our use of their personal data, the user can contact us at info@rescopingeducation.co.uk . If the user is not satisfied with our response, the user has the right to lodge a complaint with the UK data protection regulator, the Information Commissioner's Office (ICO).
This Privacy Policy may be updated from time to time to reflect changes in our practices or for legal reasons. We will notify the user of any significant changes.
Date of Policy: 27 February 2026