Home
EN - GBP
Site Language
English
Site Currency
Pounds
Tutor Express
Login Sign Up

Privacy Policy

Privacy Policy  

 

Last Updated: 29th October 2024 

 

Sophos Education is committed to safeguarding your personal data in compliance with the GDPR and other applicable data protection regulations. This privacy policy explains how we collect, process, and protect your personal information when you use our services, including our websites, tutoring platform, and related communications. 

 

1. Who is responsible for data processing? 

 

The body responsible for data processing is: 

Sophos Education  
10 St. Edmunds Square, London, England, SW13 8SA 

Company Number: 14321333 
Email: team@sophoseducation.com 

 

The language used in this data protection declaration is intended to be gender neutral. 

 

2. If you use our website as a user (student)  

This data protection declaration applies to our websites at the following domains: 

  • https://www.sophoseducation.ai 

  • https://live.sophoseducation.ai 

 

2.1. What data is processed and where does it come from? 

We process the personal data you provide to us when using the website, booking lessons, or communicating with tutors or support. You are required to provide this data to us so we can process your requests, enquiries, and manage your account. Without this information, we will not be able to provide our services or respond to your queries. 

 

In addition, as part of the purposes given above, we process data that we generate for you as a user of our website, namely: 

  • The date, person making the enquiry, and content of the enquiry 

  • The date, person responding (e.g., tutor or support staff), and associated metadata required to provide and track services (such as lesson bookings or support requests) 

 

Please note that information about any cookies we use on the website is provided as part of our cookie tool (https://www.cookiebot.com/). 

 

2.2. What is the legal basis for data processing? 

To fulfil contractual obligations (Article 6 (1)(b) GDPR) 
Personal data is processed to fulfil our contractual obligations as part of providing tutoring services, including lesson scheduling, communication between tutors and students, and handling inquiries or support requests. 

 

2.3. With whom is your data shared? 

We transmit personal data to authorised data processors if this is necessary within the scope of the above purposes. All data processors are contractually obliged to treat your data confidentially and to process it only within the scope of the above-mentioned purposes: 

  • AWS (hosting)  

  • Google: traffic analysis 

  • HubSpot Inc.  

 

2.4. For how long will your data be processed and stored? 

Sophos Education is committed to ensuring the privacy and security of your personal information. As part of our platform, we utilise third-party services such as YoCoach (for platform management) and Stripe (for payment processing). The data retention policies of these providers are integrated into our own policies. 

  1. YoCoach Data Retention: YoCoach, the software powering our platform, complies with GDPR and provides the option for users to request the deletion of their personal data, including identifiable information such as account details, email addresses, and IP addresses. Once a user requests data deletion or their account becomes inactive, YoCoach permanently removes personal data from its system unless otherwise required for legal purposes. For more information, please see YoCoach's Privacy Policy. 

  1. Stripe Data Retention: As our payment service provider, Stripe retains personal and transaction data in accordance with its own privacy policy. Stripe retains data to: 

  1. Comply with legal and regulatory obligations. 

  1. Monitor and prevent fraud. 

  1. Meet financial reporting and auditing requirements. Stripe may retain this data beyond the closure of an account if required for regulatory purposes. For more information, please see Stripe's Privacy Policy. 

  1. Sophos Education Data Retention: Sophos Education will retain your personal information for six years after you last use our services. This timeframe aligns with the average lifecycle of a tutor, allowing users to retain access to their accounts and services during this period. After this six-year period, or if a user requests data deletion earlier, personal data will be permanently deleted unless specific legal or regulatory requirements necessitate a longer retention period. 

In cases where data is retained, it is processed in line with GDPR, ensuring that only necessary data is retained and that it is securely stored. You may request data deletion at any time by contacting our team at team@sophoseducation.com. 

 

3. If you subscribe to our student or tutor e-newsletter 

By default, users are automatically subscribed to our marketing communications upon registering for the platform. However, you may opt out of receiving marketing emails at any time by clicking the unsubscribe link in any marketing email. Please note that all other communications, such as lesson bookings or cancellations, are essential to the platform’s operation and cannot be unsubscribed from. 

 

 

4. If you as a pupil (and as their legal guardian) make use of our services or the services of the tutors 

We operate a platform for pupils (or their legal guardians) who are looking for support and for tutors. Therefore, on the one hand, platform contracts with pupils (or possibly their legal guardians) and agency contracts with tutors are concluded via our platform; pupils (or possibly their legal guardians) and tutors also conclude teacher contracts directly. The tutoring sessions take place based on the teacher contracts between tutors and students. 

 

We require parental or legal guardian consent for users under the age of 13. Upon signing up as a student, users will be asked to tick a box confirming that they are at least 13 years of age or have obtained the consent of their legal guardian. This consent is necessary for the student to access our services. 

 

To ensure transparency, this data protection information also includes information regarding the processing of the pupil’s personal data (or possibly that of their legal guardians) by the tutors with regard to their fulfilment of the teacher contract with the pupils. Since this processing is largely carried out via our platform, we act as a data processor for the tutors. Insofar as Sophos Education has to process data in order to fulfil Sophos Education’s contractual obligations, Sophos Education acts on its own responsibility. Unless explicitly otherwise distinguished below, the information applies both to the processing by us as the body responsible for data protection and to the processing by the tutors as the person(s) responsible under data protection law. 

 

4.1. What data do we process (including tutors, unless otherwise stated) and where does it come from? 

We process the personal data that you provide to us as a pupil or their legal guardian about the pupil or yourself for the provision of services. You providing this information is on the one hand contractually necessary to conclude the agreements between you (as a pupil or legal guardian) and us and between you and the tutor for the agreed provision of services and on the other hand legally necessary, in particular to fulfil our accounting obligations. This also includes any data in connection with the payment of our services (see below for our payment service provider, Stripe). If you do not provide us with your relevant personal data, we cannot enter into or fulfil a contract with you. 

In addition, we process personal data that we generate for you as part of our provision of services or from the sources mentioned, namely:- Service provision data for billing purposes Invoice data to fulfil our accounting obligations (generated by us or payment confirmations from Stripe) - Any correspondence and telephone contact (support requests) related to the provision of Sophos Education services 

 

4.2. What is the legal basis for data processing? 

We process your personal data to fulfil our contractual obligations, including support requests, and to comply with any other associated legal obligations, in particular under any corporate and tax law: 

  • To fulfil contractual obligations (Article 6 (1)(b) GDPR) 
    Personal data is processed to fulfil our contractual obligations, in particular to fulfil our contracts with you. The purpose of data processing for the fulfilment of the contract is primarily to process the learning service we offer. 

  • To fulfil legal obligations (Article 6 (1)(c ) GDPR) 
    We also process your personal data for the purpose of complying with various legal obligations to which we are subject, in particular under corporate and tax law. 

  • To protect legitimate interests (Article 6 (1)(f) GDPR) 
    We process personal data to protect our legitimate interests, unless your interests in confidentiality override these. In the following cases, data processing is carried out to safeguard legitimate interests: - Advertising and marketing to existing contractual partners 

  • You can object to the processing of personal data on the basis of legitimate interests — see below on data subject rights. 

 

4.3. With whom is your data shared? 

Sophos Education transmits the relevant personal data to the respective tutor as part of the mediation of the tutor agreement for the service to be carried out to the highest standard.  

In addition, we engage data processors if this is necessary to fulfil the service in question. All data processors are contractually obliged to treat your data confidentially and to process it only within the scope of our assignment. 

 

4.4. Payment service provider 

We use Stripe Payments Europe Limited (‘Stripe’) as a payment service provider, which receives the credit card data entered by you and the billing data from us to process the payment services. The processing of this data for payment processing then takes place under Stripe’s own data protection responsibility (see their data protection information: https://stripe.com/at/privacy). We do not store your credit card data, only a Stripe ID, which we can use to initiate further payments with Stripe. 

 

 

5. If you use our services as a tutor or provide your services to students through us as a tutor 

Insofar as Sophos Education processes data to fulfil Sophos Education’s contractual obligations with the tutor, Sophos Education acts on its own responsibility. In addition, as an intermediary platform, we process the tutor’s data on our own responsibility: 

 

5.1 What data is processed and where does it come from? 

We process the personal data that you provide to us as a tutor. You providing this information is on the one hand contractually necessary to conclude the agreements between you as a tutor and us and between you as a tutor and the pupil for the agreed provision of services and on the other hand legally necessary, in particular to fulfil our accounting obligations. This also includes any data in connection with the payment of the services (see below for our payment service provider). If you do not provide us with your relevant personal data, we cannot enter into or fulfil a contract with you. 

In addition, we process personal data that we generate for you as part of our provision of services or from the sources mentioned, namely: 

  • Matching data to test tutor suitability (entered by you and partly generated by us, always subject to human review and assessment) 

  • Service provision data for billing purposes  

  • Invoice data to fulfil our accounting obligations (generated by us or payment confirmations from our payment service provider) 

  • Any correspondence and telephone enquiries (support requests) related to the tutors’ provision of services 

 

5.2 What is the legal basis for data processing? 

We process your personal data to fulfil our contractual obligations, including support requests, and to comply with any other associated legal obligations, in particular under corporate and tax law: 

  • To fulfil contractual obligations (Article 6 (1)(b) GDPR) 
    Personal data is processed to fulfil our contractual obligations, in particular to fulfil our contracts with you. The purpose of data processing for the fulfilment of the contract is primarily to process the learning service we offer. 

  • To fulfil legal obligations (Article 6 (1)(c ) GDPR) 
    We also process your personal data for the purpose of complying with various legal obligations to which we are subject, in particular under corporate and tax law. 

  • To protect legitimate interests (Article 6 (1)(f) GDPR) 
    We process personal data to protect our legitimate interests, unless your interests in confidentiality override these. 

In the following cases, data processing is carried out to safeguard legitimate interests: 

  • Advertising and marketing to existing contractual partners (tutors) 

  • You can object to the processing of personal data on the basis of legitimate interests — see below on data subject rights. 

 

5.3. With whom is your data shared? 

Sophos Education transmits your personal data to the respective pupil (i.e. your contractual partner) as part of the mediation of the tutor agreement. 

In addition, we engage data processors if this is necessary to fulfil the service in question. All data processors are contractually obliged to treat your data confidentially and to process it only within the scope of our assignment.  

 

5.4 Tutor Data Sharing and Public Profiles 

As part of our platform’s operation, we make certain tutor data publicly available on the Sophos Education website to enable students and their guardians to choose tutors based on relevant qualifications, experience, and areas of expertise. The following data will be publicly visible on tutor profiles: 

  • Tutor's first name (last name will not be displayed) 

  • Profile picture (if uploaded by the tutor) 

  • Academic qualifications and experience 

  • Subject areas and levels taught 

  • Personal biography and teaching style 

  • Availability and pricing information (if applicable) 

This data is displayed to provide students with sufficient information to make informed decisions when selecting a tutor. Tutors are responsible for keeping their profiles accurate and up-to-date. 

We share the personal data of tutors with students and guardians only as part of facilitating the tutoring service. Tutor contact details and other sensitive information are not shared publicly. However, in some cases, we may share additional details, such as lesson schedules, with the student or guardian to ensure the smooth operation of the tutoring session. All personal data shared will be in compliance with our contractual obligations and will only be used for the purposes of lesson planning and execution. 

Tutors may contact us at any time to request modifications or updates to their profiles. Should a tutor wish to deactivate or delete their profile, their public information will be removed from the platform. 

5.5. Payment service provider 

Stripe is a payment service provider, which receives the bank details entered by you and the billing data from us to process the payment services. The processing of this data for payment processing then takes place under Stripe’s own data protection responsibility (see their data protection information: https://stripe.com/gb/privacy) 

 

 

6. If you are a Sophos Education applicant or employee 

We process the data you provide to us as part of the application process for employment with Sophos Education. We also process personal data related to employment with Sophos Education. 

 

6.1. What data is processed and where does it come from? 

If you apply for a vacancy at Sophos Education, we will process the application documents you send us. 

In the context of your employment with Sophos Education, we process all data that you provide to us as an employee or that is generated in the course of the employment relationship. You providing this information is on the one hand necessary for fulfilment of the contract and on the other hand legally necessary, in particular to fulfil our accounting obligations and tax and social security obligations. 

 

6.2. What is the legal basis for data processing? 

  • On the basis of your express consent, which can be revoked at any time (Article 6 (1)(a) GDPR) 
    Application documents are processed on the basis of your consent in accordance with Article 6 (1)(a) GDPR. The same applies to data that you provide in the employment relationship based on your voluntary consent. 

  • To fulfil contractual obligations (Article 6 (1)(b) GDPR) 
    Personal data is processed to fulfil our contractual obligations, in particular to fulfil our contracts with you. The purpose of data processing for the fulfilment of the contract is primarily the payment of remuneration and the provision of other contractual services as well as the associated personnel management 

  • To fulfil legal obligations (Article 6 (1)(c ) GDPR) 
    We also process your personal data for the purpose of complying with various legal obligations to which we are subject, in particular under corporate, social security and tax law. 

 

6.3. With whom is your data shared? 

Sophos Education transmits the processed data to the respective employees. Within the scope of legal obligations, the data will be transmitted to the competent tax authorities, social security institutions and other authorities, insofar as this is legally required. 

In addition, we engage data processors if this is necessary to fulfil the service in question. All data processors are contractually obliged to treat your data confidentially and to process it only within the scope of our assignment.  

 

6.4. For how long will your data be processed and stored? 

We store the personal data necessary for the fulfilment of the contract at least for the duration of the entire employment relationship as well as in accordance with the statutory retention and documentation obligations as a rule for seven years. 

 

7. What are your rights? 

In this context, it should be noted that Sophos Education operates an intermediary platform between pupils (and possibly their legal guardians) and tutors. In order to ensure transparency, this data protection information also includes information regarding the processing of the personal data of the pupil (and possibly their legal guardians) by the tutors as the responsible persons. The rights of the data subject described below can be asserted against the person responsible for processing the personal data, i.e. Sophos Education or the respective tutor. 

 

7.1 Right of withdrawal 
If we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of the consent up to the revocation. You will be informed of this before giving your consent. The withdrawal of consent must be as easy as giving consent. 

 

7.2 Right to information 
If we process your personal data, you have the right to information about the purposes of the processing, the categories of personal data processed, the recipients of this personal data, the storage period, the rights to which you are entitled, the origin of the personal data and the possible existence of automated decision-making. To submit a request regarding your data, you may contact us via email at team@sophoseducation.com. We aim to respond to such requests within one week. Please note that in certain cases, we may require verification of your identity before fulfilling your request, such as providing proof of identification to ensure the security of your personal data. 

 

7.3 Correction and erasure 
You have the right to request the correction of incorrect or incomplete personal data concerning you. You are entitled to request the erasure of personal data concerning you, provided that the processing of the data is not lawful and there are no legal obligations on our part to prevent the erasure. 

 

7.4 Restriction of processing 
You are entitled to demand that the processing of your data be restricted in certain cases. 

 

7.5 Data portability 
You have the right to request the transfer of the data that you have provided to us in a structured, common and machine-readable format. You have the right to have the personal data transferred by us directly to a responsible person named by you, insofar as this is technically feasible. 

 

7.6 Objection 
You have the right to object to the processing of personal data concerning you at any time on grounds relating to your particular situation. If you object, we will no longer continue to process personal data relating to you unless we can demonstrate that our reasons for processing outweigh your interests. You can object to the use of your personal data for advertising purposes at any time, in which case we will stop processing your data for advertising purposes. To exercise your rights with regard to your data processed by us, please contact team@sophoseducation.com if you believe that your data protection rights are being violated. 

 

8. Data Security and Breach Response 

Sophos Education takes the security of your personal data very seriously. We use standard secure server software (SSL) to encrypt personal data during transmission, particularly sensitive information such as payment details. However, please be aware that no method of transmission over the internet or method of electronic storage is 100% secure. 

  

While we make every effort to protect your personal data once we receive it, there is an inherent risk in transmitting data online, particularly through email, which may not always be encrypted. We encourage you to contact us via email or post for any highly sensitive communication if you prefer. 

  

In the event of a data breach, Sophos Education will: 

  

  • - Immediately assess the scope and severity of the breach. 

  • - Take all reasonable steps to contain and mitigate any further unauthorised access to your data. 

  • - Notify affected individuals within 72 hours of becoming aware of a breach, in compliance with applicable data protection laws. 

  • - Take corrective actions to improve our security measures. 

  • - While we do our best to protect your personal data, we cannot guarantee the absolute security of information transmitted over the internet. By using our services, you acknowledge and accept the risks associated with online data transmission. 

 

 

The website uses cookies to provide the best user experience while browsing safely. You can read more about cookies in the Privacy Policy. Read More Accept Cookies Choose Cookies