privacy policy

This Privacy Policy explains how Let’s Pass ("we"; "us"; or "our") collects, uses, shares, and protects personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR). We are committed to safeguarding the privacy and security of personal information provided to us in the course of our tuition services.

1. Data Controller
  1. Lorraine Gibson is the data controller responsible for the processing of personal data collected through our tuition services and any employment agency activities. If you have any questions or concerns regarding the processing of your personal data, please contact us using the details provided at the end of this policy.

2. Legal Basis for Processing
  1. We process personal data based on one or more of the following legal bases:
  • Performance of a Contract: Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
  • Legitimate Interests: Processing is necessary for our legitimate interests of the legitimate interests of a third party, provided that such interests are not overridden by your interests or fundamental rights and freedoms.
  • Compliance with Legal Obligations: Processing is necessary for compliance with a legal obligation to which we are subject.
  • Consent: Processing is based on your consent, which you may withdraw at any time.

3. Information We Collect
  1. We collect and process various types of information, including personal data, for the following purposes:
  • Contact information (such as name, address, email address, and telephone number) to communicate with you regarding our tuition services, employment agency activities, and schedule sessions.
  • Student information (such as name, age, grade level, and academic performance) to tailor tuition sessions to individual student needs and monitor progress.
  • Tutor information (such as qualifications, experience, and feedback) to assess suitability, allocate appropriate tutors for tuition sessions, and facilitate employment agency introductions.

4. Use of Information
  1. We use the information we collect for the following purposes:
  • To provide tuition services and fulfil our contractual obligations towards students, parents/guardians, schools/local authorities and/or other organisations to whom we deliver tuition services.
  • To communicate with students, parents/guardians, tutors, teachers (where applicable) and clients regarding tuition sessions, scheduling, updates, feedback, and employment agency introductions (where applicable).
  • To monitor student progress and academic performance, and provide feedback and support as necessary.
  • To comply with legal and regulatory requirements, including record-keeping, reporting, safeguarding obligations, and employment agency regulations.
  • To improve our tuition services, develop new programs, enhance the overall learning experience, and facilitate successful tutor-client introductions, where applicable.

5. Sharing of Information
  1. We may share personal information with the following categories of recipients:
  • Tutors: We may share student information with tutors engaged, subcontracted or introduced by us to deliver tuition services and/or facilitate introductions where we act as an employment agency.
  • Parents/Guardians: We may share student information with parents/guardians to provide updates, feedback, progress reports, and employment agency introductions.
  • Clients: We may share tutor information with clients for employment agency introductions, subject to consent and agreement between parties. We will never share client information with another client without the written consent of the data subject.
  • Schools: We may share information relating to students with schools and their employees (e.g. teachers) either where the school is our client and has contracted for us to deliver tuition services to one or more of their students, or where a Parent/Guardian for the student has given us their consent, in writing, to share information with the student’s school.
  • Service Providers: We may engage third-party service providers to assist us in providing tuition services or introductions to tutors, such as IT service providers, payment processors, and administrative support.
  • Regulatory Authorities: We may disclose information to regulatory authorities or law enforcement agencies as required by law or to protect our legal rights.

  2. We do not sell or rent personal information to third parties for marketing purposes.

6. Data Retention
  1. We retain personal information for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements.
  • The specific retention period for personal data may vary depending on the nature of the data and the purposes for  which it is processed.

7. Data Subject Rights
  1. Under applicable data protection laws, you have certain rights regarding your personal data, including:
  • Right of Access: You have the right to request access to your personal data and information about how it is processed.
  • Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal data.
  • Right to Erasure: You have the right to request the deletion of your personal data under certain circumstances.
  • Right to Restriction of Processing: You have the right to request the restriction of processing of your personal data under certain circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another data controller.
  • Right to Object: You have the right to object to the processing of your personal data under certain circumstances, including processing for direct marketing purposes.
  • Right to Withdraw Consent: If processing is based on your consent, you have the right to withdraw your consent at any time.

   2.  To exercise any of these rights, or if you have any questions or concerns about the
processing of your personal data, please contact us using the details provided at the end of this policy

8. Data Security
  1. We implement appropriate technical measures and adopt relevant policies and processes, as an organisation, in order to protect the security and confidentiality of personal information. These measures include access controls (e.g. secure passwords), encryption, 2-factor authentication, and regular security assessments. However, please note that no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
  2. Special category data and data relating to children (under the age of 18) and vulnerable adults (“Sensitive Data”) that is collected and processed in accordance with this policy shall be stored subject to additional reviews by our internal team to ensure that we are satisfied that the storage and processing of that data is appropriate. In particular, Sensitive Data shall be subject to the following additional safeguards:
  • We shall review where Sensitive Data is stored periodically and at least every three (3) months to ensure that it is appropriately secured and protected.
  • We shall maintain robust processes that govern the access to and retrieval of Sensitive Data, which shall include:
  1. Who can access Sensitive Data, and how much access they will need at any given point in time in order to discharge our duties to you or to any lawful authority;
  2. What Sensitive Data is permitted to be used for (which shall be restricted only to that use which is reasonably necessary for us to discharge our contractual and/or statutory duties);
  3. What processing takes place when Sensitive Data is retrieved, including guidelines about what copies might be made, what they will be used for and where they will be stored.

3. In the event that there was to be any data breach of any kind (either suspected or known), we will undertake to:
  • Immediately take action to assess and mitigate the extent of any such breach.
  • Take steps to promptly assess what data has been, or may have been, compromised.
  • Inform data subjects of the data breach, using clear and jargon-free language.
  • Take any measures that may be necessary in order to prevent compromised data being used by an unauthorised third party (e.g. recommending to data subjects that they change passwords that may have been compromised).
  • Where appropriate, we will keep data subjects informed of any change to the level of risk we assess exists as a result of any such breach.

9. Changes to this Privacy Policy
1. We reserve the right to update or modify this Privacy Policy at any time. Any changes will be effective immediately upon posting the updated Privacy Policy on our website. We encourage you to review this Privacy Policy periodically for any changes.

10. Contact Us
  1. If you have any questions or concerns about this Privacy Policy or our data practices, or if you wish to exercise your data subject rights, please contact us at: lorraine@onlinetutoringclasses.com


Last updated: 03/12/24