1. Introduction At The Next Step Tuition, we are fully committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains your data rights and how we collect, use, store, and protect personal information in accordance with these laws.
2. Lawful Basis for Processing We process personal data under one or more of the following lawful bases:
Consent: When you have given clear permission for us to process your data for a specific purpose (e.g., subscribing to updates or newsletters).
Contract: When processing is necessary to provide our services or take steps before entering into a contract with you (e.g., arranging tuition).
Legal Obligation: When we are required by law to process certain information (e.g., accounting or safeguarding purposes).
Legitimate Interests: When processing is necessary for our legitimate business interests and does not override your rights and freedoms.
3. Your Rights Under GDPR Under the UK GDPR, you have the following rights regarding your personal data:
Right to Access – You have the right to request copies of your personal data that we hold.
Right to Rectification – You can ask us to correct or update any inaccurate or incomplete information.
Right to Erasure ("Right to be Forgotten") – You can request deletion of your data where it is no longer necessary for the purpose it was collected.
Right to Restrict Processing – You can ask us to limit how your data is used.
Right to Data Portability – You have the right to receive your data in a structured, commonly used format and transfer it to another provider.
Right to Object – You can object to the processing of your data where it is based on legitimate interests or direct marketing.
Rights in Relation to Automated Decision-Making and Profiling – We do not use automated systems that make decisions about you without human involvement.
4. How to Exercise Your Rights
If you wish to exercise any of your data rights, please contact us by email. We may need to verify your identity before processing your request. We aim to respond to all valid requests within one month.
We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, including any legal, accounting, or reporting requirements. Once no longer needed, data is securely deleted or anonymised.
6. Data Sharing and Transfers
We do not sell personal information. We may share limited data with trusted third-party service providers who assist us in operating our website or providing services (e.g., secure email platforms or analytics tools). All third parties are required to process your data in accordance with the UK GDPR and only for the specific purpose agreed.
We do not transfer personal data outside the United Kingdom unless adequate protections are in place.
7. Data Security
We take appropriate security measures to protect your personal information against accidental loss, misuse, or unauthorised access. This includes both technical safeguards (such as encryption and secure hosting) and organisational controls (such as staff training and restricted access).
8. Complaints
If you believe that your personal data has been misused or mishandled, you have the right to file a complaint. You can contact us directly, and we will do our best to resolve any issue promptly.
If you are not satisfied with our response, you can contact the Information Commissioner’s Office (ICO):
Information Commissioner’s Office (ICO) Website: https://ico.org.uk/
Phone: 0303 123 1113
9. Updates to This Policy
We may update this GDPR Policy from time to time to reflect changes in legislation or business practices. The latest version will always be available on this page, with the effective date clearly shown.
10. Contact Us
For questions about this GDPR Policy or how we handle your data, please contact:
The Next Step Tuition Email: [info@thenextsteptuition.com ] Address: [Registered Office Address]
