top of page
27512a43-e725-4a01-8795-f64c1ae399ae.png

Here you'll find our Privacy Policy

Privacy Policy

Last updated: 10 November 2025

Samuel Tutor (“we”, “us”, “our”) is committed to protecting your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy explains how we collect, use, share, and protect your personal information. By using our website or services (including creating an account, purchasing a plan, or booking a lesson), you acknowledge that you have read and agree to this Privacy Policy.

Samuel Tutor (sole trader) is the data controller responsible for your personal data.

1. Data We Collect

We collect personal information that you provide directly to us when you create an account, schedule lessons, or make purchases. This includes:

  • Identity and Contact Data: Your name, email address, and other contact details.

  • Account Credentials: Login email and password (stored in encrypted form).

  • Booking and Service Data: Your lesson booking history, any optional notes or preferences you provide (e.g. learning goals or schedule requests), and communications you send us.

  • Payment Information: Billing details and transaction records for payments (handled securely via third-party payment processors such as Stripe or Wix Payments – we do not store your card details on our servers).

  • Technical Data: Information automatically collected when you interact with our site, such as your IP address, browser type, device information, and cookies (see our Cookie Policy for more details).

 

We do not intentionally collect any special category (“sensitive”) personal data about you, such as information on your health, race or ethnic origin, political opinions, religious beliefs, or sexual orientation, and we ask that you do not provide such data.

2. Purpose and Use of Your Data

We use your personal data only for legitimate business purposes, including:

  • Providing Tutoring Services: To create and manage your account, schedule and deliver lessons (including connecting you with tutors via third-party video platforms), and maintain student records.

  • Service Communications: To send booking confirmations and reminders, payment receipts/invoices, subscription or payment method updates, and other essential notices about your lessons or account (these are transactional communications, not marketing). For example, our system (via Wix) may email you if a lesson is booked or if a subscription payment fails or is updated.

  • Customer Support: To respond to your inquiries or requests and provide support.

  • Personalisation: To tailor tutoring to your needs (e.g. using any notes you provide about learning goals).

  • Legal and Accounting Obligations: To comply with laws and regulatory requirements – for example, keeping proper records for tax and accounting (HMRC requires certain records to be kept for at least 6 years).

 

We will not use your data for any incompatible purpose and do not send promotional or marketing emails without your explicit consent.

3. Legal Bases for Processing

We rely on one or more of the following legal bases:
 

  • Contract: Processing necessary to perform our contract with you (e.g. book lessons and process payments).

  • Legitimate Interests: Processing needed for our legitimate business interests, such as maintaining website functionality and security, sending service-related communications, and keeping business records.

  • Legal Obligation: Processing and retaining data to comply with laws or regulatory requirements (e.g. tax records).

  • Consent: Used only where required (e.g. marketing or non-essential cookies). You may withdraw consent at any time.

4. Data Sharing and Third-Party Processors

We do not sell your personal data. We share it only with trusted third parties to deliver our services:

  • Website Hosting and Platform: Wix.com Ltd. hosts our website and manages user accounts on secure servers. (Wix is headquartered in Israel, which has an adequacy decision under UK data protection law.)

  • Payment Processors: Payments are handled through PCI-DSS compliant processors such as Stripe or Wix Payments. We receive confirmation of payment but never see or store your full card details.

  • Video and Scheduling Tools: Lessons are delivered via third-party conferencing platforms (e.g. Zoom or DingTalk). These services process participant data independently under their own privacy policies. We may use calendar tools (e.g. Google Calendar) to send meeting links or invites.

  • Analytics: We use Wix Analytics (which collects anonymised usage data with a default retention of 62 days) and may use Google Analytics in the future to understand aggregate site traffic. All non-essential cookies are activated only with your consent (see Cookie Policy).

  • Business Automation and Accounting: We use secure automation tools to transfer necessary booking or payment information between systems for invoicing and record-keeping. All providers we use are GDPR-compliant and subject to appropriate data protection safeguards.

 

Where data is processed outside the UK, we use legally-approved safeguards (e.g. adequacy decisions or standard contractual clauses) to ensure equivalent protection.

5. International Data Transfers

If we transfer your data outside the UK (for example, to our Israel-based host or a US service provider), we ensure a similar level of protection through adequacy decisions or contractual safeguards (e.g. the UK International Data Transfer Agreement). We remain responsible for your data protection at all times.

6. Data Retention

We keep your data only as long as necessary for the purposes described above:
 

  • Active Accounts: Retained while your account remains in use.

  • Inactive Accounts: Kept for up to six (6) years from your last interaction or transaction, reflecting UK limitation and tax periods.

  • Financial Records: Kept for at least six years after the end of the relevant financial year (HMRC requirement).

  • Deletion/Anonymisation: When data is no longer needed, we securely delete or anonymise it. Minimal information may be retained to record your deletion request or to comply with legal requirements.

7. Data Security

We implement technical and organisational measures to protect your data:

  • Encryption: Our site uses SSL (HTTPS) to secure data in transit.

  • Payment Security: All payments processed through PCI-DSS compliant gateways; we never store card details.

  • Access Controls: Personal data is restricted to authorised personnel and protected by authentication measures.

  • Preventative Measures: Software and systems are regularly updated and backed up.

 

Although no system is 100% secure, we continually review and improve our safeguards.

8. Children’s Privacy (Users Under 18)

Our tutoring services may be used by students under 18. If you are under 18, you should obtain a parent or guardian’s permission before creating an account or booking lessons. We may request a parent or guardian’s contact details to facilitate bookings.

We do not collect more data from children than necessary to provide services and encourage parental supervision. We comply with the UK’s Age Appropriate Design Code for online services accessible to children. If we discover that data has been collected without appropriate consent, we will delete it.

9. Your Data Protection Rights

Under UK GDPR, you have the right to:

  • Access your personal data (“Subject Access Request”).

  • Rectify inaccurate or incomplete data.

  • Erase data where it is no longer needed or consent is withdrawn.

  • Restrict Processing in certain circumstances.

  • Data Portability (for data provided by you and processed by consent or contract).

  • Object to processing based on legitimate interests or for marketing (we do not currently send marketing).

  • Withdraw Consent at any time for consent-based processing (e.g. non-essential cookies).

 

To exercise any of these rights, contact us at contact@samueltutor.com

bottom of page