Privacy Policy: Website

Who we are

Our website address is:

What personal data we collect and why we collect it


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms


If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


Google analytics is used to gather website visitor statistics. You can read more here.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

What data breach procedures we have in place

In the unlikely event of a data breach, clients will be notified using the contact email given in your registration.

Privacy Policy: Tuition

What information do I hold and where does it come from?

The information I hold comes from you as the parent and your child as the student. At the point of booking, I ask for the following information from students and their parents or guardians:

  • Name
  • Age or school year group of child
  • Consent of parent to receive tuition (given through initial registration form and – for specific dates and times – through payment)
  • Phone number of parent / guardian
  • Email address of parent / guardian
  • Email of child (where parent / guardian requests that there is direct contact between me and the child; parent will always be always copied in on communication between me and their child)
  • School attended (where relevant)
  • GCSE exam board and texts studied
  • Final exam series
  • Working at and Target Grades for students where they are known
  • Anything else you (the parent / guardian) feel might be relevant to private tuition

This information is submitted via the online registration form and is stored electronically. No information about you or your child will be shared with any 3rd parties unless English Elephant is legally required to do so. Names, phone numbers and email addresses are stored in my email contacts. Electronic data is stored on the English Elephant cloud storage.  In addition to this, parent names and phone numbers are stored on Kim’s mobile phone. 

Following our initial tuition session, each student will be allocated a folder (electronic in the cases of online tuition). In this, I store the following:

  • Individual assessment sheets, used to track progress in each area of study.
  • Lesson planning information.
  • Resources for use with your child.
  • Work your child may have completed, or print-outs of this, which we may refer to during tuition sessions to reflect and build on their progress.

Should student work be emailed to me, copies of this, along with any relevant assessment data is stored in English Elephant inbox and/or cloud storage.

Electronic storage (computer, mobile phone, cloud storage) is protected with passwords, encryption or virus protection software where relevant. Paper resources (inside student folders) are kept locked in Kim’s home tuition room. Cloud storage is UK based.

We will only use your data for the purposes of offering tuition from English Elephant and the administrative purposes of that tuition. All information held is done so with your consent and to enable English Elephant Tuition to fulfil duties as a tutor to your child.


In order for tuition to take place, you must consent to the information about you and your child being held on file until 5 years after tuition with me ends.

Consent is given verbally at the point of booking; it is confirmed through your completion of initial registration forms online prior to your first session and, subsequently, through payment which is given at the outset of each month.

If your child is 13 years old or older, they must also consent to me holding the above information on them on file until 5 years after tuition with me ends.

It is not my policy to have contact with students on social media, with the exception of those who may follow my Facebook page, Instagram or Twitter.

All communication between myself and your child will include you via the email address and / or phone number given at the point of booking (noted on your monthly invoice).

Your rights

You and your child have the right to ask me to delete all information I hold on you and your child. Please note, however, that for child protection reasons I cannot continue tuition with your child after information is deleted and that terms and conditions regarding cancellation remain the same. Unless specifically asked to destroy information by you, after a student has finished tuition with me I usually hold information on file for 5 years. When I destroy the information I have on file, all papers will be shredded to protect your identity and any computer files will be permanently deleted.

You have the right to complain to the relevant authorities should you be concerned about my practice in any regard.

If your child is a member of online classes, their lessons will be recorded and available for children within their class to view until the end of the course.

Subject Access Requests

As a parent, you have the right to see information held by me about your child. If you’d like to exercise this right, this can be done by making an appointment with me to come at the beginning of your child’s tuition session.

Data breaches

The GDPR introduces a duty on all organisations to report certain types of data breach to the Information Commissioner’s Office (ICO), and in some cases, to individuals. In the event of a data breach, I will notify the ICO of a breach where it is likely to result in a risk to the rights and freedoms of individuals – if, for example, it could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage.

Data Protection by Design

I have always had a privacy by design approach. However, the GDPR makes privacy by design an express legal requirement, under the term ‘data protection by design and by default’.