Privacy Policy
1. Introduction
Classroom365 Limited respects your privacy and is committed to protecting your personal data.
This Privacy Policy explains how we collect, use, store and protect personal data when you visit our website, contact us, request information, purchase services, apply for a role, or interact with us as a customer, supplier, partner or website visitor.
This Privacy Policy should be read together with our Cookie Policy, our Terms and Conditions and any other privacy information we may provide when we collect or process personal data.
2. Who We Are
Classroom365 Limited is a private limited company registered in England and Wales.
Company number: 13179526
ICO registration: ZB077594
Registered office: 2 Defender Court, Sunderland Enterprise Park, Sunderland, Tyne & Wear SR5 3PE
Postal address: Crampton Primary School, Iliffe Street, London SE17 3LE
Email: office@classroom365.co.uk
Classroom365 Limited operates the website at https://www.classroom365.co.uk/.
Classroom365 Limited is registered with the Information Commissioner’s Office.
For the purposes of this Privacy Policy, Classroom365 Limited is the data controller for personal data we collect and use for our own business purposes, including website enquiries, contracts, invoicing, recruitment, marketing, customer administration and supplier management.
We may also act as a data processor, processing personal data on behalf of a school, academy, multi-academy trust or other client as part of providing ICT support, helpdesk services, cloud services, system administration, migrations, backups or related managed services.
3. Data Protection Contact
We have appointed a Data Protection Officer / Data Privacy Manager to oversee data protection matters.
Data Protection Officer / Data Privacy Manager: Paresh Ghedia
Email: paresh.ghedia@classroom365.co.uk
Please contact us if you have any questions about this Privacy Policy or if you wish to exercise your data protection rights.
Classroom365’s internal data protection governance is supported by our Data Protection Policy.
4. The Personal Data We Collect
Personal data means information that can identify a living individual.
We may collect, use, store and transfer the following types of personal data:
Identity Data: This may include your name, title, username or similar identifier.
Contact Data: This may include your business address, billing address, postal address, email address and telephone number.
Financial Data: This may include payment, billing and bank details.
Transaction Data: This may include details of services purchased from us, invoices, payments and contract records.
Technical Data: This may include IP address, browser type and version, device information, operating system, platform, time zone setting and other technical identifiers.
Usage Data: This may include information about how you use our website, services and systems.
Marketing and Communications Data: This may include your communication preferences, marketing preferences and enquiry history.
Recruitment Data: If you apply for a role with us, your application may include your CV, application information, employment history, references, qualifications, interview notes, right to work information and safeguarding or DBS information, where applicable. Recruitment data is handled securely and, where relevant, in line with our Safer Recruitment Policy.
Special Category and Criminal Offence Data: We do not intentionally request special category or criminal offence data unless it is necessary and lawful to do so, such as for recruitment, safeguarding, DBS checks, reasonable adjustments or legal obligations. If such information is provided unnecessarily, we will handle it carefully and delete it where it is not required. Where information relates to safeguarding, school-site work or pupil data, it is handled in line with our Safeguarding & Child Protection Policy.
5. How We Collect Personal Data
We may collect personal data in the following ways:
Directly from you: For example, when you complete a website form, email us, call us, request a quote, purchase services, apply for a job, complete a survey or provide feedback.
Through our website: We may collect technical and usage data through cookies, analytics tools and similar technologies. Please see our Cookie Policy for more information.
From clients and school systems: Where we provide ICT support or managed services, we may access personal data held within client systems when necessary to provide support.
From third parties or public sources: We may receive information from payment providers, delivery providers, technical service providers, recruitment partners, credit reference agencies, Companies House or other lawful public sources.
6. How We Use Your Personal Data
We will only use your personal data where the law allows us to.
| Purpose | Type of Data | Lawful Basis |
|---|---|---|
| To respond to enquiries | Identity, Contact, Communications | Legitimate interests |
| To provide services | Identity, Contact, Transaction, Technical | Contract / Legitimate interests |
| To manage contracts and invoices | Identity, Contact, Financial, Transaction | Contract / Legal obligation |
| To process payments | Identity, Contact, Financial, Transaction | Contract / Legitimate interests |
| To provide ICT support | Identity, Contact, Technical, Usage, client system data | Contract / Legitimate interests, or processing on behalf of a client where we act as processor |
| To manage recruitment | Identity, Contact, Recruitment, DBS where applicable | Contract steps / Legal obligation / Legitimate interests |
| To comply with legal obligations | Identity, Contact, Financial, Transaction, Recruitment | Legal obligation |
| To manage website performance and security | Technical, Usage | Legitimate interests / Consent where required |
| To send relevant marketing communications | Identity, Contact, Marketing, Communications | Consent / Legitimate interests, depending on context |
| To maintain records and protect our business | Identity, Contact, Transaction, Communications | Legitimate interests / Legal obligation |
We do not sell personal data to third parties.
7. Marketing
We may send you marketing communications where permitted by law, for example, where you have requested information, purchased services from us, or opted in to receive updates.
You can opt out of marketing communications at any time by contacting us or using any unsubscribe option provided.
Where you opt out of marketing, we may still contact you about existing services, contracts, invoices, support matters or other non-marketing communications.
We will not share your personal data with third parties for their own marketing purposes.
8. Cookies and Website Tracking
Our website uses cookies and similar technologies.
Essential cookies are used where necessary for the operation, security and functionality of the website.
Non-essential cookies, such as analytics, conversion tracking, advertising or embedded third-party cookies, will only be used where appropriate consent has been obtained.
Please see our Cookie Policy for further details.
9. Payments
We use third-party payment processors to take card and wallet payments.
When you pay, your payment details may be processed directly by Stripe, PayPal or another approved payment provider. We only share information necessary to complete the transaction, such as order total, billing details and transaction information.
Payment providers may act as independent controllers for payment data. You should review their own privacy notices for further information.
10. Fraud and Security
We may use anti-fraud, security and monitoring tools to protect our website, payment processes, systems and services.
This may include address verification, device checks, server logs, access logs and other security measures.
We use these measures in our legitimate interests to maintain the security, integrity and reliability of our services.
11. Sharing Your Personal Data
We may share personal data where necessary with:
- IT and cloud service providers;
- payment providers;
- delivery providers;
- professional advisers;
- insurers;
- recruitment providers;
- approved subcontractors;
- school clients, where required for service delivery;
- regulatory authorities, law enforcement or public bodies where required by law.
Where third parties process personal data on our behalf, we require them to protect the data and only process it for agreed purposes.
12. Third-Party Links
Our website may include links to third-party websites, plug-ins or applications.
Clicking those links or enabling those connections may allow third parties to collect or share data about you.
We do not control third-party websites and are not responsible for their privacy notices, cookie policies or data protection practices.
13. International Transfers
We may use suppliers or systems that process personal data outside the UK.
Where personal data is transferred outside the UK, we will ensure that appropriate legal safeguards are in place, such as adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to EU Standard Contractual Clauses or another lawful transfer mechanism.
14. Data Security
We use appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, misuse, alteration or disclosure.
These measures may include:
- access controls;
- strong passwords and authentication controls;
- secure cloud systems;
- encryption or secure transfer methods where appropriate;
- backup and recovery procedures;
- staff training;
- supplier due diligence;
- data breach reporting procedures.
Access to personal data is limited to staff, contractors and third parties with a legitimate business need.
15. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected.
We may retain basic customer, supplier, contract and financial records for up to 6 years after the end of the relationship, where required for legal, tax, accounting, contractual or legitimate business reasons.
Other data is retained in line with our internal retention procedures and deleted, anonymised or securely archived when no longer required.
16. Business Continuity and Business Transfers
If Classroom365 Limited is involved in a business sale, merger, restructuring or transfer of assets, personal data may be transferred as part of that transaction where necessary.
Any such transfer would be handled in accordance with applicable data protection requirements.
17. Your Data Protection Rights
Under data protection law, you may have the right to:
- request access to your personal data;
- request correction of inaccurate personal data;
- request deletion of your personal data;
- object to processing;
- request restriction of processing;
- request transfer of your personal data;
- withdraw consent where we rely on consent.
Requests can be sent to: office@classroom365.co.uk.
We may need to verify your identity before responding.
We will respond to rights requests without undue delay and normally within one month. Where permitted by law, this period may be extended for complex or multiple requests.
18. Data Breaches
If we become aware of a personal data breach, we will assess the incident, take appropriate steps to contain and investigate it, and record the outcome.
Where a breach is reportable, we will notify the Information Commissioner’s Office without undue delay and, where feasible, within 72 hours of becoming aware of it.
Where a breach is likely to result in a high risk to individuals’ rights and freedoms, we will also inform affected individuals without undue delay.
19. Complaints
You have the right to complain to the Information Commissioner’s Office, the UK supervisory authority for data protection matters.
For general service complaints, please see our Complaints Policy.
We would appreciate the opportunity to address your concerns first, so please contact us where possible.
20. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
The latest version will be published on our website.
Document control
Version: 4.0
Last reviewed: May 2026
Next review due: May 2027
Approved by: Board of Directors
Policy owner: Classroom365 Limited