Last Updated: August 21, 2025 

Bitesize Digital School CIC, a registered charity and company limited by shares (Company number 16204338) (referred to as “Bitesize Digital School,” “we,” “us,” or “our”), is deeply committed to protecting your privacy and ensuring the security and integrity of your personal information.

This Privacy Policy explains how we collect, use, store, share, and safeguard your data. We adhere to the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), and aim to comply with other applicable data protection and privacy laws in the jurisdictions where we operate and serve our global English-speaking community, including but not limited to regions within the United States, Canada, Australia, Nigeria, Ghana, and South Africa.

This policy applies to all individuals who interact with Bitesize Digital School CIC, including current, former, and prospective students, their parents/guardians/Carers, website users, and authorised representatives (referred to collectively as “you” or “your”). It serves as a comprehensive Notice explaining our data handling practices and does not form part of any service contract you may have with us.

We encourage you to read this Policy carefully. Your continued interaction with our website and services constitutes your understanding and acceptance of this Policy. We reserve the right to update this Policy at any time; please check back periodically to stay informed of any changes.

1. Who We Are: Your Data Controller

For the purposes of applicable data protection laws, Bitesize Digital School CIC acts as the Data Controller of your personal data. This means we determine the purposes and means by which your personal data is processed.

2. Information We Collect

Personal data refers to any information about an individual from which that person can be identified. It does not include anonymous data, where the identity has been removed. We commit to collecting only the information necessary to fulfil our obligations and provide you with high-quality training and services.

We may collect, use, store, and process the following types of personal data about you:

• Identity Data: Includes your first name, last name, title, gender, date of birth, occupation (for parents/guardians), and student age.
• Contact Data: Includes your billing address, email address, and telephone numbers (primarily for parents/guardians).
• Financial Data: Includes bank account details and payment information used for processing course fees.
  Transaction Data: Includes details of courses or services you have purchased, as well as payment records.
• Technical Data: Includes your Internet Protocol (IP) address, login credentials, browser type and version, time zone settings, device type, operating system, and other technology used to access our website and online learning platforms.
• Usage Data: Includes information about how you use our website, online courses, and services, such as navigation paths, session durations, and interaction with content.
• Learning Data: Includes details about courses you enrol in, progress reports, assessment results, completed projects, and certifications achieved. This may also include data from recorded sessions.
• Communication Data: Includes messages, feedback, queries, and any other interactions you have with us, including communications through our online learning platforms (e.g., chat during live sessions).
  Marketing Preferences: Includes your preferences regarding receiving marketing communications from us.
• Aggregated Data: We may collect Aggregated Data, such as statistical or demographic information, which does not directly identify you. For example, we may analyse website usage patterns to improve user experience. If this data is ever combined with personal information that directly identifies you, we treat it as personal data in accordance with this policy.

Special Categories of Personal Data

We do not intentionally collect “special categories” of sensitive personal data (e.g., race, ethnicity, religious beliefs, sexual orientation, or health information), nor do we collect information about criminal convictions or offences, unless explicitly provided by you for a specific, necessary purpose (e.g., to accommodate a learning disability, or for a bursary application where financial background is relevant). If such data is necessary, we will obtain your explicit consent or have a clear legal basis for processing it.

3. How We Collect Your Personal Data

We collect your personal information through various channels:

• Direct Interactions: You provide data directly when you register for a course, complete an enrolment form, submit an enquiry, apply for a bursary, communicate with us via email or phone, or provide feedback.
• Automated Technologies or Interactions: As you interact with our website and online learning platforms, we may automatically collect Technical Data and Usage Data through cookies and other tracking technologies (see Section 10).
• Third Parties or Publicly Available Sources: Occasionally, we may receive personal data from third parties, such as permitted agents, sponsors (for bursary applications), or referrals, where you have consented to such sharing or where legally permitted.

4. How We Use Your Information (Purposes of Processing)

We use your personal information to provide high-quality services, ensure smooth interactions, enhance your experience, and fulfil our legitimate operational interests. The primary purposes for which we use your personal data include:

• Service Delivery: To manage your enrolment, deliver educational content and resources, facilitate your learning experience, track your progress, provide feedback, and issue certifications. This includes the use of recorded live sessions for student access and investigative purposes.
• Payment Processing: To manage and process payments for course fees, late fees, or other services.
• Communication & Support: To respond to your queries, provide technical support, notify you about programme updates, changes to terms, or important service announcements. All communications with students outside live sessions are handled through parents/guardians.
• Programme Improvement: To analyse how our website, online platforms, and courses are used, enabling us to improve their functionality, content, delivery methods, and overall student experience.
• Marketing & Promotions: To send you information about new courses, special offers, events, or school news, but only if you have explicitly opted-in to receive such communications.
• Compliance & Legal Obligations: To comply with applicable laws, regulations, and guidelines (e.g., financial record-keeping, safeguarding duties). To fulfil contractual obligations and maintain records for auditing purposes.
• Operational & Security: To maintain the security and integrity of our website, online platforms, and services, including fraud prevention, user authentication, and data security measures.
• Partnerships & Opportunities: To connect our graduates with potential work opportunities (e.g., internships, apprenticeships, employment) through our network of employers and alumni, where applicable and with explicit consent.

5. Legal Basis for Processing Your Information
Under applicable data protection laws, including UK GDPR, we must have a valid legal basis to process your personal data. We rely on the following legal grounds:

• Performance of a Contract: We process your data where it is necessary to fulfil our contractual obligations to you or to take steps at your request before entering into such a contract. This includes enrolling you in courses, delivering educational materials, managing your participation, and issuing certifications.
• Legitimate Interests: We process your data where it is necessary for our legitimate interests (or those of a third party), provided that your fundamental rights and freedoms do not override those interests. This includes improving our services, maintaining secure operations, preventing fraud, analysing usage trends, and communicating important updates related to your engagement with us.
• Compliance with Legal Obligations: We process your data where it is necessary to comply with a legal or regulatory obligation that we are subject to. This includes record-keeping for financial transactions, safeguarding duties, and responding to lawful requests from authorities.
• Consent: Where required, we will obtain your explicit consent before processing your data for specific purposes, such as sending marketing communications or collecting special categories of personal data. You have the right to withdraw your consent at any time by contacting us (see Section 12). Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal.
• Vital Interests: In rare and exceptional circumstances, we may process your data to protect your vital interests or those of another person, such as in emergency situations involving serious health or safety concerns.
• Public Interest or Official Authority: Although less common for our operations, we may process your data if required for a task carried out in the public interest or in the exercise of official authority.

6. How We Share Your Information
We are committed to protecting your personal information and will only share it with third parties when necessary to provide our services, as required by law, or with your explicit consent. We ensure that any third parties we share your information with also adhere to appropriate data protection standards and contractual obligations.

We may share your personal information in the following situations:

• Service Providers & Partners: We may share your data with trusted third-party service providers who assist us in delivering our services. This includes IT support, cloud hosting, payment processors, communication tools (like Zoom/Google Classroom), marketing services, and educational material delivery. These third parties are contractually bound to protect your information and use it solely for the purposes for which we have shared it, acting on our instructions.
• Business Transfers: In the event that Bitesize Digital School CIC merges with, is acquired by, or sells all or a portion of its assets to another business, your personal information may be transferred as part of that transaction. We will notify you in advance if your data is to be transferred in such a case and outline your options.
• Legal Obligations & Protection: We may disclose your personal data if required to do so by law (e.g., a court order, subpoena), in response to a lawful governmental request, or to comply with any regulatory or legal process. We may also disclose your data to protect the rights, property, or safety of Bitesize Digital School CIC, our customers, or others, as permitted by law (e.g., in safeguarding matters).
• Aggregated & Anonymised Data: We may share aggregated and anonymised data (which cannot be used to identify you) with third parties for marketing, research, or analytical purposes. This data does not include any personal information that could identify you.
• With Your Consent: If we need to share your data in any other way not covered by the above, we will obtain your explicit consent before doing so.

We do not sell, rent, or trade your personal information to third parties for their independent marketing purposes.

7. Children’s Privacy
Bitesize Digital School CIC provides training to students aged 10 and above. We are deeply committed to protecting the privacy and security of all young learners and comply with relevant data protection laws concerning minors.

• Parental Consent: We require and obtain parental or guardian consent before collecting any personal data from students under 18. By completing the enrolment form, the parent/guardian explicitly consents to the collection and processing of their child’s personal data as outlined in this policy.
• Direct Communication: As detailed in our Safeguarding Policy, all communications outside of live, recorded training sessions must be exclusively through parents/guardians. Bitesize Digital School CIC staff will not engage in direct, unmonitored communication with students outside of these structured environments.
• Parental Rights: Parents or guardians have the right to review, update, or request the deletion of their child’s personal information at any time, subject to legal obligations (see Section 9 for details on exercising your rights).
• Encouraging Involvement: We encourage parents and guardians to stay actively involved in their child’s online activities and understanding of data privacy.

8. International Data Transfers
As part of our operations and service delivery, your personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA) and the UK. These transfers may occur if our service providers, cloud hosting providers, or partners are located in such countries.

When we transfer your personal data internationally, we ensure that appropriate safeguards are in place to protect your information, ensuring it receives a similar level of protection as it would within the UK/EEA. These safeguards may include:

• Transferring data to countries deemed by the European Commission or UK government to provide an adequate level of data protection.
• Using Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Information Commissioner’s Office (ICO), which contractually oblige recipients to protect your data.
• Relying on your explicit consent, where appropriate and necessary for the service.

By using our services, you understand and consent to the transfer of your personal data in accordance with these provisions. If you have any concerns about the international transfer of your data, please contact us.

9. Data Retention
We will retain your personal information only for as long as necessary to fulfil the specific purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

The specific retention periods for different types of personal data are determined by the following criteria:

• Contractual & Service Provision: We retain personal information for as long as necessary to perform our contract with you (e.g., for the duration of your child’s enrolment and for a period thereafter to facilitate alumni support, verify certifications, or manage any outstanding obligations).
• Legal & Regulatory Requirements: We are legally obliged to retain certain data for specific periods. For example, financial data (such as payment records) is typically retained for up to six years plus the current year for tax and accounting purposes. Safeguarding records are retained in accordance with statutory guidance.
• Legitimate Business Purposes: We may retain personal data for legitimate business interests, such as ensuring the security and functionality of our services, improving our offerings, resolving disputes, and maintaining business records. This data will be kept only for as long as needed to achieve these purposes while respecting your rights.
• Consent-Based Processing: If we are processing your data based on your consent, we will retain it for as long as that consent is valid or until you withdraw your consent.

Once the applicable retention period has expired, we will securely delete, destroy, or anonymise your personal data to prevent any unauthorised access, use, or disclosure. If you have any questions regarding the retention of your personal data, please contact us.

10. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to improve your experience, provide our services, and analyse website usage.

What Are Cookies?
Cookies are small text files placed on your device (computer, tablet, mobile) when you visit a website. They help the website remember your preferences or login details, improving your browsing experience.

Types of Cookies We Use

• Strictly Necessary Cookies: Essential for our website to function correctly (e.g., enabling secure login areas, remembering your cookie preferences).
• Performance Cookies: Help us understand how visitors interact with our website by collecting information anonymously. This helps us improve website performance.
• Functional Cookies: Enable enhanced functionality and personalisation (e.g., remembering your language preference or region).
  Analytics/Marketing Cookies: Used to track your
• Browse activity, understand your interests, and sometimes to deliver more relevant advertisements to you on other sites. These may be set by third parties.

How We Use Cookies

• To ensure our website works smoothly and securely.
• To improve overall user experience and website functionality.
• To analyse website traffic and user behaviour to enhance our content and services.
• For marketing and advertising purposes, where relevant and permissible.

Managing Cookies
Most web browsers automatically accept cookies, but you can typically modify your browser settings to decline cookies or to alert you when cookies are being sent. Please be aware that if you choose to block or delete cookies, some features of our website may not function properly, and you may not be able to access certain parts of the site. To manage your cookie settings, please refer to the “Settings” or “Preferences” section of your web browser.

Third-Party Cookies
We may also use third-party services (e.g., Google Analytics, social media platforms, advertising networks) that may set their own cookies on your device. These third parties have their own privacy policies and cookie practices, which are not covered by this Privacy Policy. We encourage you to review their policies if you have concerns.

By continuing to use our website, you consent to the use of cookies in accordance with this section. If you do not agree to the use of cookies, please disable them through your browser settings as described above.

11. Third-Party Links and Services
Our website may contain links to third-party websites, services, or applications that are not owned or controlled by Bitesize Digital School CIC. These links are provided for your convenience.

• No Control or Responsibility: We are not responsible for the content, privacy policies, or practices of any third-party websites or services linked from our website. These third-party sites operate under their own privacy policies, and we strongly recommend reviewing them before providing any personal information.
• Third-Party Services: We may engage third-party service providers (e.g., payment gateways, external learning tools) to assist in delivering specific services. While these third parties may have access to your personal data to the extent necessary to perform their functions, they are contractually obligated not to disclose or use your data for any other purpose and to adhere to robust data protection standards.
• Disclaimer: Any interaction with third-party websites or services, including the sharing of personal data, is at your own risk. We encourage you to exercise caution and thoroughly review their privacy policies before engaging with them.

12. Your Rights Regarding Your Personal Data
Under applicable data protection laws (including UK GDPR and similar legislation), you have several important rights concerning the personal data we hold about you. You can exercise these rights at any time by contacting us using the details provided in Section 15.

• Right to Access: You have the right to request a copy of the personal data we hold about you (often called a “Data Subject Access Request”). We will provide the requested information within the timeframes specified by applicable law (e.g., one month under UK GDPR).
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. If you believe your information is incorrect or outdated, please notify us, and we will update it promptly.
• Right to Erasure (“Right to be Forgotten”): You can request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or if you withdraw your consent (where consent is the lawful basis for processing). However, we may be legally or operationally required to retain certain data.
• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data under certain conditions, such as when you contest the accuracy of the data, or you object to processing based on legitimate interests. If this right is exercised, we may continue to store your data, but will restrict its further processing.
• Right to Data Portability: You have the right to request that we provide your personal data in a structured, commonly used, and machine-readable format. You can also request that we transfer this data directly to another controller, if technically feasible.
• Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes, or where the processing is based on legitimate interests or a public task, if your particular situation justifies it. We will stop processing your data for these purposes if you object, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms.
• Right to Withdraw Consent: Where we are processing your personal data based on your explicit consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal.
• Rights in Relation to Automated Decision-Making and Profiling: We currently do not use automated decision-making processes (i.e., decisions made solely by automated means without any human involvement) or profiling that would produce legal effects concerning you or similarly significantly affect you. If we were to introduce such processes, you would have the right to object and request human intervention.

13. Data Security
We are profoundly committed to protecting your personal data and ensuring that it is kept secure. We implement appropriate technical and organisational measures to safeguard the personal information we collect from accidental loss, misuse, unauthorised access, disclosure, alteration, and destruction.

Security Measures: To protect your data, we employ various security measures including encryption (e.g., SSL/TLS for website data in transit), secure servers, firewalls, and regular security audits. Access to your personal information is strictly restricted to authorised personnel on a need-to-know basis, and all staff are rigorously trained in data protection principles to ensure they handle your data securely.

Data Transmission: While we strive to protect your personal data, please understand that no method of transmission over the internet or electronic storage is 100% secure. Therefore, while we employ robust measures, we cannot guarantee its absolute security.

Third-Party Security: Where we share your data with third-party service providers, we conduct due diligence and ensure they also implement appropriate technical and organisational security measures to safeguard your information. Our contracts with them prohibit them from using your data for any purpose other than to provide the services they were contracted to perform.

Reporting Security Breaches
In the unlikely event of a data breach that compromises your personal information and poses a risk to your rights and freedoms, we will notify you promptly and, where applicable, inform the relevant supervisory authorities, in line with data protection regulations.

14. Changes to This Privacy Policy
We may update or amend this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. When we make significant changes, we will notify you by updating the “Last Updated” date at the top of this policy and, where appropriate, by providing a more prominent notice (e.g., via email or a banner on our website).

We encourage you to review this Privacy Policy regularly to stay informed about how we are protecting your personal data. By continuing to use our services after any updates, you are agreeing to the revised policy.

15. Contact Information & Complaints
If you have any questions or concerns regarding this Privacy Policy, our data protection practices, or wish to exercise any of your rights (see Section 12), please do not hesitate to contact us:

Email: admin@bitesizedigital.school

We are committed to responding to your queries as promptly as possible.

Lodging a Complaint with a Supervisory Authority
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO). For individuals outside the UK, you may have the right to lodge a complaint with the relevant data protection authority in your country of residence (e.g., the Office of the Privacy Commissioner of Canada, the Office of the Australian Information Commissioner, relevant bodies in Nigeria, Ghana, South Africa, or US State Attorneys General).