top of page

EXPLOREBUDDY

PRIVACY POLICY

Last updated: September 2025

This Privacy Policy explains how ExploreBuddy (“we,” “us,” “our”) collects, uses, stores and discloses personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. It applies to all personal data processed via our website (www.explorebuddy.co.uk) and all Services, including individual support, parental coaching, development programmes, Neuro Series group courses, neurodiversity accessibility audits, employee support services, professional consultancy, training and digital resources.

1. Data Controller

ExploreBuddy Registered office: 8 Kirkton Place, Falkirk, FK2 8AG Email: contact@explorebuddy.co.uk

2. Data Protection Officer

We have appointed a DPO to oversee compliance. Email: dpo@explorebuddy.co.uk

3. Scope

This Policy covers personal data relating to:

  • Clients (children, adolescents, adults, parents, carers)

  • Employee support participants and organisational contacts

  • Job applicants, staff and contractors

  • Website visitors and enquirers

4. Legal Framework & Lawful Bases

We process personal data under:

  • Contractual necessity (Article 6(1)(b) UK GDPR)

  • Legal obligations (Article 6(1)(c))

  • Legitimate interests (Article 6(1)(f))—documented in our Legitimate Interests Assessment

  • Consent (Article 6(1)(a)) for optional marketing, cookies and diversity monitoring

Special category data (e.g. health, disability) is processed with your explicit consent or under healthcare obligations (Article 9).

5. Types of Personal Data Collected

We collect:

  • Identifiers (name, date of birth, address, email, telephone)

  • Service records (session notes, assessments, audit findings)

  • Financial data (payment details, invoices)

  • Employment details (role, employer contacts)

  • Accessibility and diversity information (access needs, disability status)

  • Technical data (IP address, device type, cookie identifiers)

6. Collection Methods

Data is obtained via:

  • Online booking and registration forms

  • Email, telephone and in-person consultations

  • Referrals from schools, employers or guardians (with consent)

  • Cookie banner and analytics tools (with consent for non-essential cookies)

7. Purposes of Processing

We use personal data to:

  • Deliver, manage and improve our Services

  • Schedule Sessions and send reports, resources, follow-ups

  • Comply with safeguarding, health, safety and financial regulations

  • Conduct internal audits, quality reviews and risk assessments

  • Communicate news, events or marketing (where consent given)

8. Special Category Data

Where we process health or sensitive data, we:

  • Obtain explicit consent or rely on healthcare delivery obligations

  • Limit access to authorised personnel under strict confidentiality

9. Legitimate Interests Assessment

We document and review our legitimate interests to ensure they do not override individual rights. A summary of our LIA is available on request.

10. Data Sharing & Sub-Processors

We do not sell data. We may share with:

  • Referring bodies (schools, employers) under your instruction

  • Safeguarding or statutory authorities if legally required

  • Professional advisers (accountants, legal counsel) under confidentiality

  • Approved sub-processors (IT hosting, analytics, payment processors) via Data Processing Addendums

A current list of sub-processors is available on request.

11. International Transfers

We do not transfer personal data outside the UK or EEA. If this changes, we will implement UK Standard Contractual Clauses or other approved safeguards.

12. Data Retention

We retain data only for as long as necessary to:

  • Fulfil contractual, legal, safeguarding and tax obligations (up to seven years post-engagement)

  • Defend or pursue legal claims

After that, data are securely deleted or irreversibly anonymised.

13. Security Measures

We maintain robust technical and organisational measures, including:

  • Encryption in transit (TLS) and at rest

  • Role-based access controls and unique credentials

  • Regular encrypted backups and secure off-site storage

  • Firewalls, antivirus and vulnerability management

  • Annual staff training and periodic third-party security audits

14. Record of Processing Activities

In line with Article 30 UK GDPR, we maintain internal records of all processing activities, including purposes, categories of data, recipients, retention periods and security measures.

15. Automated Decision-Making & Profiling

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

16. Children’s Data

For Services involving minors, we:

  • Obtain parental or guardian consent before collecting or processing data

  • Ensure all processing is in the best interests of the child

17. Your Rights

You have the right to:

  • Access, rectify or erase your personal data

  • Restrict or object to processing based on legitimate interests

  • Port data you provided in a structured, machine-readable format

  • Withdraw consent at any time (where processing is consent-based)

To exercise your rights, contact dpo@explorebuddy.co.uk. We respond within one month.

18. Consent Management

We record and timestamp all consents. You may withdraw or modify consent at any time via our Cookie Settings link or by contacting us.

19. Cookies & Tracking

We use cookies for essential site function, analytics and marketing (with consent). For details and opt-out, see our Cookie Policy (www.explorebuddy.co.uk/cookie-policy).

20. Data Protection Impact Assessments

For high-risk processing (e.g., large-scale special category data), we conduct DPIAs and implement mitigating controls. Summaries are available on request.

21. Changes to This Policy

We review this Policy annually or when laws or practices change. Significant updates will be published with a revised “Last updated” date and, where appropriate, notified directly.

22. Complaints

If you have concerns about our data practices, please contact our DPO at dpo@explorebuddy.co.uk. If unresolved, you may lodge a complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk.

23. Related Policies

24. Contact Us

ExploreBuddy

Website:www.explorebuddy.co.uk

Email: contact@explorebuddy.co.uk

Thank you for trusting ExploreBuddy with your personal data. We are committed to protecting your privacy and maintaining transparent, compliant data practices.

bottom of page