Privacy Policy (GDPR-Compliant)

Effective from: 18th April 2025
Last updated: 29th May 2025

NeuroBright Tutoring – Privacy Notice (Including Zoom Use)

This Privacy Policy explains how NeuroBright Tutoring (operated by Kat Dulfer) collects, uses, stores, and protects personal data in line with the UK General Data Protection Regulation (UK GDPR).

1. Who We Are
NeuroBright Tutoring is a sole trader service run by Kat Dulfer, providing personalised tutoring support to students. We are committed to safeguarding your privacy and personal data.

2. Contact Information
If you have questions about this policy or how your data is handled, please contact:
Email: neurobrighttutoring@gmail.com
Website: neurobrighttutoring.co.uk
Phone: 07397 861226

3. What Data We Collect
We may collect:

  • Student’s name, age, diagnosis, educational needs, academic history, goals, test results, hobbies/interests

  • Work completed in sessions, worksheets, homework, progress notes

  • Parent/guardian’s name, email, phone number, Zoom details, and consent forms

  • Relevant medical information, diagnoses, or allergies (with consent)

Sensitive information (special category data) includes health, medical conditions, diagnoses, and allergy details, and is only collected with explicit consent.

4. How Data is Collected
Data may be gathered via:

  • Email, text, WhatsApp, phone, or Zoom calls

  • Online forms, consent forms, and contracts

  • Tutoring session notes

  • Homework, worksheets, test results, or other submissions

5. Early Sharing of Sensitive Information
Parents/guardians may share sensitive info (e.g., diagnosis or medical conditions) during initial enquiries—before formal onboarding or written consent. This information is:

  • Used only to assess if tutoring is appropriate

  • Not stored or processed unless the parent/guardian confirms to proceed

  • Deleted within 30 days if no tutoring relationship is established

Formal consent is requested for any ongoing collection, storage, or use of special category data during onboarding.

6. Purpose of Data Collection
We use personal data solely to:

  • Deliver high-quality, tailored tutoring support

  • Monitor progress and communicate effectively with parents/guardians

7. Legal Basis for Processing
We process your data based on:

  • Contract – to fulfil the tutoring agreement

  • Legitimate Interests – to support students’ academic and wellbeing needs

  • Consent – for any sensitive (special category) information

8. Consent
Written parental consent is required before collecting or storing special category data (e.g., diagnoses, health information). Consent is collected prior to beginning tutoring sessions.

9. Data Storage & Security
Your data is kept securely via:

  • Password-protected devices

  • Encrypted email and iCloud storage

  • Secure cloud platforms, including OneDrive and Google Drive (see Section 13a)

  • Locked paper file storage (if used)

  • Secure online platforms (e.g., Zoom, WhatsApp)

Zoom sessions use waiting rooms, passwords, and locked meetings. Online tutoring sessions take place from a secure home workspace to protect confidentiality and privacy. Backups of cloud data follow the same security measures and retention periods.

10. Who Has Access
Only Kat Dulfer (the tutor) has direct access to personal data. One trusted individual is informed of session times for safety but is not given access to sensitive info.

Session notes and observations support lesson planning and progress monitoring. These notes remain confidential and are not automatically shared with parents/guardians unless necessary for safeguarding or upon request.

Parents/guardians are the primary contact regarding student data; students are not contacted outside tutoring sessions.

11. Data Retention
Data is kept for up to 1 year after tutoring ends unless deletion is requested earlier. After this period, data is manually reviewed and securely deleted or destroyed.

12. Sharing of Data
We do not share personal data unless:

  • Required by law or safeguarding

  • Explicit consent is given by the parent/guardian

13. Use of Zoom
Zoom is used for online sessions. We ensure:

  • Sessions are not recorded

  • Meetings are password-protected and locked

  • Chat messages may be saved for reference

  • Zoom may collect basic technical data (e.g., IP address)

  • Parents/guardians are responsible for Zoom setup and may attend sessions

13a. Use of Cloud Storage
NeuroBright Tutoring uses secure cloud services, including OneDrive and Google Drive, to store and manage:

  • Student progress notes

  • Session notes

  • Homework, worksheets, and resources filled during sessions

  • Consent forms and onboarding info

  • Contracts

  • Sensitive information (with consent)

  • Administrative records

Both platforms are GDPR-compliant, with encryption, password protection, and access controls. Access is strictly limited to Kat Dulfer. Files are regularly reviewed and manually deleted following our retention policy (Section 11).

14. Your Rights
Parents/guardians (or students aged 13+) have the right to:

  • Access, correct, or delete their data

  • Withdraw consent

  • Object to processing

  • Request data portability

To exercise your rights, contact Kat Dulfer using the details above.

15. Complaints
If concerned about data handling, you can complain to the Information Commissioner’s Office (ICO): www.ico.org.uk

You may raise any concerns, including safeguarding, data privacy, or service-related complaints, directly with Kat Dulfer at neurobrighttutoring@gmail.com or phone 07397 861226. We take all such matters seriously and respond promptly.

16. Data Breach Procedure
In the event of a data breach:

  • Affected individuals are notified promptly

  • Systems are secured and exposure minimised

  • ICO is notified within 72 hours if rights or privacy are at risk

  • The incident and outcome are recorded securely