Privacy policy

Privacy Policy

Last updated: 7th April 2025

1. Introduction

This Privacy Policy applies to the website www.headteacherchat.com (the “Website”) operated by HeadteacherChat Ltd (“HeadteacherChat”, “we”, “our”, or “us”). It outlines how we collect, use, disclose, and protect personal data obtained through our services and platforms.

This Policy supplements our [Terms & Conditions] and any other relevant documents or notices referencing it.

For any questions regarding this Policy, please contact us at:
📧 info@headteacherchat.com

2. Definitions

Personal Data: Information relating to an identifiable individual.
Usage Data: Data collected automatically via the Website (e.g. page visit duration).
Cookies: Small data files stored on your device.
Data Controller: The entity determining the purposes and means of personal data processing (HeadteacherChat, in most cases).
Data Processor: A third party processing personal data on our behalf.
Data Subject: Any individual whose personal data is processed.
User: The individual using our services; synonymous with the Data Subject.

3. Legal Framework

We comply with:

UK GDPR and the Data Protection Act 2018
The EU General Data Protection Regulation (EU GDPR) where applicable
Other applicable data protection laws

4. Our Role

We primarily act as a Data Controller, determining how and why we process your data (e.g. for account management, communications, etc.).

In certain contexts, we may act as a Data Processor on behalf of another Data Controller (e.g. a customer using our platform), in which case we follow their instructions strictly.

5. Categories of Personal Data Collected

We collect only the data necessary for our services:

Category	Examples
Professional Data	Job title, employer, qualifications
Contact Data	Email address, phone number, postal address
Financial Data	Payment details, financial situation
Identification Data	Name, date of birth, photo
Internet Data	Cookies, browser data, analytics
Connection Data	IP address, device ID, timestamps
Media Data	Photographs, videos

Mandatory fields will be clearly marked. Refusal to provide them may prevent access to certain services.

6. When We Collect Personal Data

We collect personal data through the following sources:

Account registration
Newsletter subscriptions
Contact forms or emails
Checkout/billing forms
Survey or feedback forms
Purchased databases (only where lawfully obtained and compliant)

7. How We Use Personal Data

We process data solely for specified, explicit, and lawful purposes.

Purpose	Legal Basis
Processing payments	Contractual necessity
Creating/managing user accounts	Contractual necessity, Legitimate interest
Sending marketing communications	Consent, Legitimate interest
Analytics and performance	Legitimate interest
Customer service	Contractual necessity

We do not conduct automated decision-making without consent, nor do we sell or lease personal data.

8. Who Has Access to Your Data

Your data may be shared with carefully selected subprocessors for legitimate operational purposes.

Provider	Purpose
GoCardless, Stripe, Paypal	Payments
Shopify	E-commerce platform
Xero	Accounting
Zapier	Workflow automation
Typeform, Branch CI, Airtable, Reform, Fillout	Forms and surveys
Google Cloud, Notion, Circle.so	Cloud services
Meta, Loops	Marketing & ads
Calendly, Zoom, Google Meet	Scheduling and video calls
Slack	Internal communications

All subprocessors are bound by data processing agreements in compliance with Article 28 of the GDPR.

Where required, data may also be shared with authorised public authorities for legal compliance.

9. International Transfers

Some data may be transferred outside the UK or EU. We ensure all transfers are safeguarded using:

Adequacy decisions
Standard Contractual Clauses (SCCs)
Data Processing Agreements

Provider	Location	Safeguard
Notion, Zapier, Shopify, Stripe, Paypal, Hotjar, Typeform, Webflow, Airtable, Fillout, Circle.so	USA	Data Processing Agreement / SCCs

10. Data Retention

We retain data only for as long as necessary for:

The purpose for which it was collected
Legal, regulatory, or contractual obligations

After this period, data is securely deleted, anonymised, or archived.

11. Data Security

We implement robust technical and organisational measures to ensure data security, confidentiality, integrity, and availability. These include:

Data encryption
Access controls
Regular audits
Secure storage

12. Your Rights

Under the UK GDPR, you may:

Access your personal data
Request rectification or deletion
Restrict or object to processing
Withdraw consent at any time
Request data portability

Requests should be sent to info@headteacherchat.com or submitted via our Data Requests Page.

If your data was submitted by a third party (e.g. a customer of ours), we will forward your request to the appropriate Data Controller.

13. Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect personal data from children.

If you become aware that a child has submitted data to us, please contact us. We will promptly delete such information.

14. Updates to This Policy

We may amend this Privacy Policy to reflect changes in law or our operations. Updates will be published on this page with a revised effective date. Significant changes may be communicated directly via email.

15. Contact

For any privacy-related enquiries:

📧 info@headteacherchat.com