GDPR Compliance

Last updated: January 28, 2025

Dray's Learning Hub is fully committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR) and UK data protection laws. This page outlines how we ensure your rights are protected.

Our GDPR Principles

We adhere to the following data protection principles:

  • Lawfulness, fairness, and transparency: We process data legally and fairly, with clear communication about how we use it.
  • Purpose limitation: We only collect data for specified, explicit, and legitimate purposes.
  • Data minimization: We only collect data that is necessary for our services.
  • Accuracy: We keep personal data accurate and up to date.
  • Storage limitation: We only keep data for as long as necessary.
  • Integrity and confidentiality: We ensure appropriate security of personal data.

Your Data Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

Request a copy of all personal data we hold about you

Right to Rectification

Request correction of inaccurate or incomplete personal data

Right to Portability

Receive your data in a structured, machine-readable format

Right to Erasure

Request deletion of your personal data in certain circumstances

How to Exercise Your Rights

To exercise any of your data protection rights:

  1. Log into your account and visit the Privacy Settings page
  2. Use our automated tools for data access and portability
  3. Contact our Data Protection Officer for complex requests
  4. We will respond to your request within 30 days

Legal Basis for Processing

We process personal data based on:

  • Contract: To provide our educational services
  • Consent: For marketing communications and optional features
  • Legitimate interests: To improve our services and ensure security
  • Legal obligations: To comply with applicable laws
  • Vital interests: In emergency situations involving safety

Data Security Measures

We implement comprehensive security measures including:

End-to-end encryption for sensitive data
Regular security audits and penetration testing
Strict access controls and authentication
Data minimization principles
Privacy by design in all new features
Regular staff training on data protection

International Data Transfers

When we transfer data outside the UK/EEA, we ensure appropriate safeguards:

  • Standard contractual clauses approved by the ICO
  • Adequacy decisions for countries with equivalent protections
  • Your explicit consent for specific transfers
  • Binding corporate rules for intra-group transfers

Data Retention

We retain personal data according to our retention policy:

  • Account data: Duration of account plus 1 year
  • Learning progress: 3 years after last activity
  • Payment records: 7 years for tax purposes
  • Support tickets: 2 years after resolution
  • Marketing data: Until consent withdrawn

Your Right to Complain

If you're not satisfied with how we handle your data, you have the right to lodge a complaint with:

Information Commissioner's Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk

Contact Our Data Protection Officer

For any questions about GDPR compliance or to exercise your rights:

Email: drayslearninghub@consultant.com

Subject Line: GDPR Inquiry - [Your Request]

Response Time: Within 30 days

Our Commitment: We are registered with the Information Commissioner's Office (ICO) and maintain the highest standards of data protection. Your privacy is fundamental to our mission of providing safe, effective educational technology.

Privacy PolicyTerms of ServiceCookie Policy