Privacy Policy

This policy was last reviewed and updated on 20 March 2026.

Introduction to our privacy policy

Explore Learning is committed to protecting your privacy and being transparent about how we collect and use the personal data of members, parents and others.

This policy sets out our commitment to data protection and your individual rights and obligations in relation to personal data.

Note: this policy is written with the assumption that the reader is a parent or guardian, and so it uses terms such as “your child”. However, this policy applies equally to everyone, including children and those who are not parents or guardians.

1. Who are we?

We are Explore Learning Limited, a company registered in England and Wales with registration number 04117281. Our registered office is at

Unit F7b

Whiteley Shopping Centre

Whiteley Way

Whiteley

Hampshire PO15 7PD.

Under data protection law, we are known as a “data controller”. This means we are responsible for the way in which we collect and process your personal data. We are registered as a data controller with the Information Commissioner’s Office (under registration number Z3440439).

2. How can you get in touch?

If you would like to contact us about this policy, our details are as follows:

E-mail: enquiries@explorelearning.co.uk. Post: at our registered office (see section 1).

It would help us manage your enquiry if you marked your correspondence for the attention of the Data Privacy Manager.

3. Our key personal data principles

Explore Learning is committed to complying with data protection legislation and good practice including:

• Necessity: processing personal data only where necessary for legitimate purposes

• Proportion: collecting the minimum personal data required for these purposes

• Clarity: providing clear information to individuals about how their personal data will be used

• Fairness: processing personal data fairly and lawfully

• Record-keeping: maintaining a record of the categories of personal data processed by Explore Learning

• Accuracy: keeping personal data accurate and, where necessary, up to date

• Retention: retaining personal data for no longer than necessary for legal, regulatory or legitimate organisational purposes

• Respect of your rights in relation to your personal data

• Security: keeping all personal data safe.

4. What is “personal data”?

Any information that relates to an identified, or identifiable, living person is personal data.

You are identifiable if it is reasonably likely that your identity could be inferred from that data alone or from that data in combination with other information.

5. When do we collect personal data?

In the course of carrying out our core business as a provider of tuition services for children aged 4-16, we collect personal data at various time. These are set out in brief below, and more detail is provided in section 6.

Direct interaction with you. For example, when you:

• request information

• engage us to provide tuition services for your child

• use our website or our App (see also the section “from automated technologies” below)

• attend any event that we hold or appear at

• register to receive emails, newsletters or marketing from us take part in competitions

• contact us (for example, with a question or to provide feedback)

• apply for a position with us (and, if you are successful, our use of your personal data in a work context will be governed by our internal privacy policy for staff)

• provide services to us.

From third parties. For example:

• from publicly available sources, such as LinkedIn

• when you are copied on, or referred to in, an email

• from referees whom we approach in respect of any job application.

From automated technologies.

• As you use our website, we collect Technical Data (see definition in section 6 below) about your equipment, browsing actions and patterns. We collect this by using cookies and other similar technologies, subject to receiving your consent for the setting of non-essential cookies. Much of this is not personal data in the legal sense – but, to the extent that it is, we treat it lawfully as such. Please see our Cookie Policy for further details. You are able to set your cookies as required.

• As you use our App, we do not set cookies or similar technologies. We engage in analysis to enable the delivery of our service, and to improve the service, but this is not via the setting of cookies or similar, is not marketing-related, and does not involve users being tracked across different sites.

6. What types of personal data do we collect?

The kind of information we collect varies, depending upon whether your child receives tuition at an Explore Learning centre, online through Explore at Home, or through school. For those who are not seeking tuition (for example, our suppliers and other partners), it will depend on the type of working relationship we have with you and the requirements of that relationship.

Overall, the types of data can be broken into the following categories (we give more focussed examples beneath this in relation to tuition services):

Identity Data – such as your name, title, date of birth, and gender

Contact Data – such as your email address and mobile number

Health Data – including in relation to any allergies, conditions, or educational needs

Technical Data – including your internet protocol (IP) address, browser type and version

Profile Data – including any feedback and survey responses that you provide

Usage Data – including information about how you use our website and services

Marketing Data – including your opt-in/opt-out preferences in relation to electronic marketing

Customers through “Explore Learning” centres and “Explore at Home” online tuition

When you express interest in Explore Learning and book a free trial session, we will collect and process the following data from you:

• your name

• your email address, which will be used to send you a confirmation email

• a contact telephone, numbers which will be used to send you a confirmation SMS and give you a confirmation call

• child’s name, age, and school, and your reason for interest in tuition

When you join Explore Learning, we will collect and process the following data from you:

• name, postal and email address, contact phone numbers

• if different, membership payer’s name, postal and email address, and contact phone numbers

• emergency contact names and phone numbers

• each relevant child’s name, age, date of birth, and school

• information about any medical conditions, allergies or Special Educational Needs of each relevant child

• details of Direct Debit and debit/credit cards in order for us to accept payment.

You should notify Explore Learning of any changes in circumstances to enable personal records to be updated accordingly.

7. How do we use your personal data?

We use personal data to perform our contract with you, to enable us to comply with legal obligations, to pursue legitimate interests (provided that your interests and fundamental rights do not override those interests), and (where permitted) to market our business.

Whenever we use your personal data, we need what is known as a “lawful basis”. We would never use your personal data without one.

Please note also that we never rely solely on automated decision-making in relation to you.

The key situations in which we will process your personal data are listed below:

• For the purpose of delivering tuition and for improving that tuition service

• To safeguard members’ health and welfare and provide appropriate pastoral care

• For the business purposes of management planning and forecasting, research and statistical analysis, and credit control

• To carry out or cooperate with any external complaints, disciplinary or investigation process

• Where otherwise reasonably necessary for Explore Learning’s purposes, including to obtain appropriate professional advice and insurance

• To enable relevant authorities to monitor our performance and to intervene or assist with incidents as appropriate

• To escalate and investigate safeguarding concerns

• To send marketing materials

• To comply with the law

• To evaluate any job applications or supplier tenders.

Special category personal data

This is the legal term describing details about a person’s race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health, and genetic and biometric data.

We occasionally need to process special category personal data – in this case, health data – in accordance our legal duties (including as regards safeguarding) or with your explicit consent. This is in order to:

• safeguard students’ welfare and provide appropriate pastoral (and, where necessary, medical) care, and to take appropriate action in the event of an emergency, incident or accident, including by disclosing details of an individual’s medical condition or other relevant information where it is in the individual’s interests to do so: for example, for medical advice, for social protection, safeguarding, and cooperation with police or social services

• provide educational services in the context of any special educational needs of a member.

Artificial Intelligence (“AI”)

We use AI as part of service delivery, in particular through our AI Coach service that is offered through the App. We have carried out a Data Protection Impact Assessment to ensure that we mitigate risks when using AI, and we have therefore ensured that we can deliver the service without compromising our users’ security.

Our safeguards include name anonymisation (so that names are never sent to a large language model), and we do not allow “free text” input, ensuring that users themselves cannot input a child’s name.

Our AI use for the AI Coach is achieved through the Azure OpenAI Service, thereby ensuring that data does not leave the UK, is not used to train AI, is monitored for abuse, and is subject to the Microsoft Products and Services Data Protection Addendum.

If you have any questions on our use of AI, please do contact us.

Anonymised data

Please note that we may use anonymised data, which cannot be linked to you, for research purposes and to improve our services.

Photographs

You have the option of allowing us to use your child’s photo for the purpose of promoting Explore Learning during and, potentially, after your membership.

Cookies

Subject to your consent, we may set cookies allowing us to share anonymised data with trusted external companies for research, analysis and personalised marketing. You can find out more in our Cookie Policy.

8. Who will your personal data be shared with?

Occasionally, we will need to share personal data relating to students and parents with third parties, such as:

• Professional advisers (e.g. lawyers, insurers, PR advisers and accountants).

• Government authorities (e.g., DfE, CAFCASS, police, Home Office, a relevant public health / NHS body and/or local authority) and/or appropriate regulatory bodies.

• Business partners who require your personal data in order to perform services for us: for example, on signing up to an 11+ course as part of your membership, you agree to us sharing your name and home address with our printing company, in order for your child’s course resources to be sent directly to you via Royal Mail, or courier delivery service.

• Law-enforcement agencies.

• HM Revenue & Customs.

• In connection with a sale, joint venture or other transfer of some or all of our company or assets, where this is necessary (and only to the extent necessary).

Access to special category (i.e. sensitive) data

Particularly strict rules of access apply in the context of “special category” data. In relation to health data, we need to process this to comply with statutory duties and to keep members and others safe. However, Explore Learning will ensure that only authorised staff can access information, always on a need‐to‐know basis. Express consent will be sought where appropriate.

In relation to a child with special educational needs, or disability, a certain amount of relevant information will need to be provided to staff more widely to enable us to provide the necessary care and education that the member requires.

9. How long will we keep personal data?

We retain your personal data for no longer than is reasonably necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements, or to deal with complaints or participate in litigation. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the reason why we contemplate keeping it (and whether we can achieve those purposes through other means), and the applicable legal, regulatory, tax, accounting and other requirements.

Timescales differ depending on the reason. In some cases, either or legal requirements or industry best-practice requires us to keep data for a long period, sometimes (in practical terms) permanently. In other cases, we will keep data for a much shorter period, as we would no longer need it.

To give examples:

• Upon cancellation of membership, your personal data and that of your child will be stored safely and securely at least until your child is over sixteen. This is because we may, until that point, be re-engaged by you to supply further tuition.

• Accident/Incident reports and Administration of Medication records will be kept indefinitely. This is for your and your child’s safety.

• Registers of attendance will be kept indefinitely. This is for your and your child’s safety.

For more information on our retention periods and policies, please contact us using the details in section 2 above.

10. Electronic marketing

If you have given your consent, or we are otherwise entitled to do so, we may contact you about our products or services that may be of interest to you.

If you then prefer not to receive any direct electronic marketing communications from us, you can opt out at any time. We will give you the option to opt out each time we send a marketing communication by electronic means.

Opting out will not affect our ability to use your personal data for the other purposes set out in this policy, and it will not affect the lawfulness of electronic marketing carried out prior to the time when we actioned the opt-out request. We will retain your data for the purposes of maintaining a “Do not send” list of people who should not receive further marketing communications, but we will not retain it for any other marketing purpose.

11. International transfers

We may transfer your personal data to another location outside the United Kingdom if we consider it reasonably necessary for the purposes set out in this policy.

Where we do so, we will sure that transfers are made to countries that have been deemed to provide an adequate level of protection to personal data or are carried out under approved standard contractual clauses that enable the transfer.

12. Keeping your personal data secure

We have appropriate security measures in place designed to prevent data loss, to preserve data integrity, and to regulate access to your personal data. Only our authorised employees and contractors, and those referred to in this policy, have access to your personal data.

All those who have access to your personal data are required to adhere to this policy, and we have in place contractual safeguards with our third-party data processors to ensure that your personal data is processed only as instructed by us.

We take all reasonable steps to keep your data safe and secure and to ensure the data is accessed only by those who have a legitimate interest to do so. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.

13. Your information rights

You have certain rights in relation to your personal data. Please see the “Your Legal Rights” section of the glossary below for more information. Note that in some cases our duties to Ofsted, law-enforcement agencies and others, or our own legitimate interests, may mean we are unable to accept certain requests.

We may first need to verify your identity (and, in certain cases, verify that you have authority to make the request on another person’s behalf).

In general, we try to deal with genuine requests within one month. Occasionally it may take longer, in which case we will let you know in advance.

You do not have to pay a fee to exercise these rights. However, if your request is excessive, repetitive or unfounded, we may charge a reasonable fee or refuse to comply with your request.

14. Cookies

Our website uses cookies. For more information on which cookies we use and how we use them, please see our Cookie Policy.

15. Third-Party links

This website may include links to websites, plug-ins and applications that are owned by someone other than us. Clicking on those links may allow the owner to collect or share your personal data. We have no control over other sites, and we are not responsible for their privacy statements. We encourage you to read the privacy notice of every website you visit.

16. Changes to this policy

We may change this policy from time to time. Please check this policy on our website from time to time to ensure you are aware of the most recent version.

17. How to complain

In the first instance, we hope you raise any issues with us directly – in almost all situations, matters can be resolved very simply. To do this, please use the details set out in section 2 above. Should you be unsatisfied, you have a right to raise a concern with the UK’s information regulator, the Information Commissioner’s Office: https://ico.org.uk/. GLOSSARY

LAWFUL BASES

Legitimate interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Performance of contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.

YOUR LEGAL RIGHTS

You have the right to:

Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected (although we may need to verify the accuracy of the new data you provide to us).

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for legal reasons, which will be notified to you, if applicable, at the time.

Object to processing of your personal data where we are relying on a legitimate interest and where this adversely affects your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to continue to process your information.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

• If you want us to establish the data's accuracy

• Where our use of the data is unlawful, but you do not want us to erase it

• Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims

• You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party. Where we are obliged to do so, we will provide you, or a third party you have chosen, with your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information that you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent or our right to process personal data in circumstances that do not require consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

END OF PRIVACY NOTICE