Privacy Policy

Your privacy is our priority

Last Updated: 29 July 2025
HomePrivacy Policy

Key Points

  • We are fully compliant with UK GDPR and registered with the ICO
  • We only collect data necessary for educational services
  • Your data is stored securely in EU data centers
  • You have full control over your personal data
  • We never sell your data to third parties

1. Who We Are

Ganes Academy Ltd ("we", "us") is the data controller for the personal information you provide via ganesacademy.co.uk.

ICO Registration Number: Z123456

2. What Data We Collect

Account Data

Name, email address, school year and subjects of interest

Attendance & Performance Data

Attendance logs, school scores and grades

Homework Records

Uploaded files, scores, feedback and related analytics

Technical Data

IP address, browser type, device identifiers and log info

Audit Logs

Comprehensive records of who accessed data, when, and why

Communication Logs

Emails, SMS, and WhatsApp messages sent through our platform

4. How We Use Your Data

  • To provide and personalise learning resources
  • To record homework scores, attendance and track progress
  • To monitor Platform performance and detect misuse

5. Data Retention

We retain your data according to the following schedule:

Active students
Duration of educational services
Inactive students
7 years after last service
Financial records
7 years for tax purposes
Communication logs
2 years
Audit logs
2 years with auto-archiving
Alumni program
Indefinite with consent
Automated deletion: Data is automatically deleted after retention periods expire. Upon request we will delete personal data without undue delay (typically within 30 days), subject to any legal retention requirements.

6. Disclosure to Third Parties & Processors

Your data is stored in Google Firebase (EU region europe-west2). Firebase acts as our data processor under Google's Data Processing Agreement. GitHub is used solely for private source-code hosting and does not process personal data. Future tools such as Google Analytics 4 or Sentry will process only pseudonymised or aggregated data and will be added to this section before activation.

7. Cookies & Tracking

We currently set only essential cookies for authentication and session security. In light of the Data (Use and Access) Act 2025 ("DUA Act") amendments to PECR, purely statistical analytics cookies may be placed without consent provided users are informed. Should we enable GA4 or similar tools we will:

  1. Audit cookies against the DUA Act exceptions
  2. Display a banner explaining purposes and offering opt-out for any non-exempt cookies
  3. Update this Policy with a full cookie table

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right to Access

Obtain a copy of all personal data we hold about you in both PDF and JSON formats

Right to Rectification

Request correction of inaccurate personal data

Right to Erasure

Request deletion of your personal data with automatic cascading deletion

Right to Restriction

Limit how we process your personal data

Right to Data Portability

Receive your data in a machine-readable format

Right to Object

Object to processing based on legitimate interests

9. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption in transit and at rest
  • Regular security audits and penetration testing
  • Access controls and authentication
  • Comprehensive audit logging
  • Incident response procedures

10. Contact Us

For any privacy-related questions or to exercise your rights, please contact:

Data Protection Officer

Ganes Academy Ltd

84 Albert Hall Mansions

Kensington Gore, London, SW7 2AQ

Email: privacy@ganesacademy.com