Privacy Policy

Date of last revision: January 2023

How we secure your Personal Data

Our mission is to help children form good money habits in a safe and secure environment. This means that your family’s privacy is important to us. Our privacy policy is an opportunity to be transparent with you about the personal data we collect, why we collect it, how we use it and how we protect it.

If after reading this privacy policy you still have questions, please don’t hesitate to contact us on privacy@edumentors.co.uk or write to our Data Protection Officer at Edumentors Ltd, 505 Pinner Road, Harrow, Middlesex, England, HA2 6EH, United Kingdom.

  1. How do I consent to these terms?
    By requesting access to or using our Services.

    By requesting access to or using our Services, You (as defined below) are agreeing to this privacy policy and our collection, use and sharing of Your Personal Data (as defined below) under this privacy policy (which includes our cardholder terms and conditions, our website and application terms of use, and any other documents referenced in this privacy policy).

    If You don’t agree to these policies and would rather stop using our Services, You can of course do so by writing to us at privacy@edumentors.co.uk.

    We sometimes source Personal Data from reputable marketing services providers which we use for direct marketing, in pursuit of our legitimate interest to recruit new customers.

  2. Who controls my Personal Data?
    We do.

    For the purpose of the relevant data protection regulations, including but not limited to the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018, the company in charge of Your Personal Data (also known as the data controller) is Edumentors Ltd, registered with the UK Information Commissioner’s Office under the number ZB339778.

    We use Stripe for our payment processing unless you requested to make a direct bank transfer. Stripe is a regulated financial services provider, therefore they collect your information in a secure and protected way. You can find their Privacy Policy here: https://stripe.com/en-gb-us/privacy

  3. Who does this privacy policy apply to?
    To any person, child or adult requesting access to or using our Services.

    This privacy policy applies to children and adults who request, access or use our websites (including but not limited www.edumentors.com, www.edumentors.co.uk); applications for mobile phones or any other devices; communications, services and all related websites, data storage and tools regardless of how You access or use them (collectively, the “Services”), but excluding services that state that they are offered under a different privacy policy.

  4. Am I still responsible for my child’s use of your Services?
    Yes.

    As a parent or guardian of a child who has signed up to use our Services (“You”):

    • You are responsible for Your child’s use of our Services, including any subscription fees incurred and purchases made;
    • You are giving us informed consent to collect, use and share Your child’s Personal Data in accordance with the terms of this privacy policy;
    • You are giving us informed consent to contact Your child by email as further set forth under this privacy policy.

  5. What Personal Data do you collect and why?
    We may collect Personal Data automatically, when You give it to us directly, or when we receive it from other sources. We do this to operate effectively and provide You with the best experience with our Services.

    Personal Data means any information that can be used directly or indirectly to identify You or a member of Your family. We collect it to operate effectively and provide You with the best experience with our Services.

    We may collect Personal Data automatically, when You give it to us directly, or when we receive it from other sources such as our partners (as set forth below) or social media accounts You choose to link to our Services.

    The Personal Data we collect depends on the context of Your interactions with our Services, and the choices You make and may include the following:

    • Contact and identification information such as Your name and Your child’s name, Your phone number, email address, postal address, date of birth, identification document numbers, copies of identification documents (for example passport, driving licence, utility bills), personal description, social handles, photographs and other similar contact information.

    • Financial information such as the last four digits and expiry date of Your debit card number, bank account information, bank sort code, IBAN, payment reason, and other similar financial information;

    • Transaction information such as date, time, amount, IP address and other similar transaction information;

    • Demographic information such as Your or Your child’s name, last name, age, date of birth, gender, education, interests, nationality, country and other similar demographic information;

    • Security information such as passwords, password hints, security questions and answers and other similar security information;

    • Device and technical information such as IP address, unique device identifiers (such as the IMEI number for phones, the MAC address of the device’s wireless network interface), device functionality (browser type and version, operating system and platform, hardware used, browser plug-in types and versions) and other similar device and technical information;

    • Usage information such as the full uniform resource locators (URLs), information about page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), error reports and performance data (ie: details of the software or hardware related to an error, content of files You were using when an error occurred), troubleshooting and help data plus other similar usage information;

    • Location information such as Your device location which may include a street name and city or GPS- location, ISP or your mobile carrier, the URL of both the site You came from and the one you go to next and other similar location information. We use GPS technology and Your IP address to determine Your location - this may be used when the application is running in the foreground and the background of Your device;

    • Any other information You directly provide to us when filling out forms, corresponding with us (ie: email, WhatsApp, conversations with Member Services by phone or chat sessions), filling out surveys, providing us with feedback and product reviews and other similar information.

    You have choices about the Personal Data we collect. So, when You are asked to provide us with Your Personal Data, You always have the right not to do so. Please note however that if You choose not to provide us with Your Personal Data when prompted, You may not be able to use our Services.

  6. Do you use cookies?
    Yes, we collect data through cookies and similar technologies.

    Like all major websites, we use cookies and other similar technologies to provide You with a good experience when You use our website. It is always possible to block/opt out of cookies via your browser’s cookie settings that allows You to refuse the setting of all or some cookies. Please note however that if You do this You will not be able to use our Services properly. For example, You may need to enter information repeatedly, or You might not get personalised content that is meaningful to You as many of our functions are dependent on cookies. You can see more information about our Cookie Policy here: https://edumentors.co.uk/cookie-policy/

  7. How do you use my Personal Data?
    We use Your Personal Data to provide You with safer and more reliable Services

    The Personal Data we collect from You is used for the following purposes:

    • To provide You with our Services: we use Your data to process Your account and authorise Your access to our Services, process Your payments and provide You with any other Services you request from us;

    • To communicate with You: we use Your data to share important news relating to our Services. We offer regular emails including newsletters to let You know about our Services. From time to time, we may also contact You to ask Your views on our Services, to fill out a survey, to send You marketing communications such as special offers and

    • To conduct research: we use Your data to conduct research for the further development and improvement of our Services. We also want to reassure You that should we sell Your data for research purposes, we will only do so if Your data is in aggregate format and we have a strong confidentiality agreement in place with the research entity (such as a university) that would allow us to have continuous oversight and approval of the use of Your aggregated data;

    • To deliver relevant advertising to You;

    • To help You: we use Your data to investigate and resolve complaints and services issues;

    • To improve the Services offered on our website and make them more secure: we use Your data so we can provide You with the most user-friendly navigation experience we can, and if we think it’s necessary, for security purposes or to investigate possible fraud

    • To comply with legal and/or regulatory requirements; and

    • To better understand our business: we use aggregate data to generate statistics about our users or the demographic distribution of visitors to our website. Note that aggregate is data combined from several measurements and doesn’t identify You.

  8. Where do you store my Personal Data?
    In the United Kingdom, but if we do transfer it outside of the United Kingdom we will make sure it is treated securely.

    Your Personal Data is transferred to and stored at a destination inside the United Kingdom, and in accordance with strong data protection regulations, including but not limited to the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018.

    Please also know that Your Personal Data may also be transferred to, and stored at a destination outside of the United Kingdom. It may also be processed by staff operating outside of the United Kingdom who work for us or for one of our suppliers. Such staff may be engaged in the fulfilment of Your payment order, the processing of Your payment details and the provision of support services. By submitting Your Personal Data, You agree to this transfer, storing and processing at a location outside of the United Kingdom.

    Should we transfer, store and process Your Personal Data at a location outside of the United Kingdom, we will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy, and data protection regulations, including but not limited to the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018.

  9. How long will You retain my Personal data?
    Your Personal Data is yours, and it will not be retained by us for longer than necessary in relation to the purposes for which it was originally collected, or for which it was further processed.

    You can always choose to close Your account by writing to us at info@edumentors.co.uk. If You choose to close Your account, Your Personal Data will generally stop being visible on our Services within 24h. Your Personal Data may continue to be displayed in the services of others until they refresh their cache.

    We retain Your Personal Data after You have deleted Your account for the purposes for which it was originally collected, or for which it was further processed. If You want us to delete Your Personal Data completely, You can ask us to do so by writing to us on privacy@edumentors.co.uk.

    We will then strive to delete Your Personal Data as soon as reasonably possible. Please note however that we may be required to retain some of Your Personal Data for up to five years to comply with legal obligations under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (SI 2017/692). For example, we may retain Your Personal Data to resolve future disputes, maintain security, or prevent fraud and abuse. We therefore use this retention requirement as a benchmark for all Personal Data that we receive from You. In order to not hold Your Personal Data for longer than is strictly necessary we will not hold any of Your Personal Data for more than six years after the termination of our business relationship.

  10. How do you protect my Personal Data?
    Your security matters, this is why we have advanced security systems in place.

    We know that security is a major concern for You and Your family. To give you peace of mind we have advanced security systems in place. Please know however that although we do our best to protect Your Personal Data, we cannot guarantee the security of Your data during transmission of information via the internet, as any such transmission is at Your own risk. Once we have received Your Personal Data, we will use strict procedures and security features to do our best to prevent unauthorised access to Your data.

    To protect Your and your family’s Personal Data we:

    • Use secure server software to store Your Personal Data;

    • Encrypt Your payment transactions;

    • Implement security safeguards designed to protect Your data such as HTTPS;

    • Use full login and security question controls on our systems;

    • Ensure that Your data, even when transferred to another country, is treated securely and in accordance with this privacy policy and data protection regulations, including but not limited to the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018;

    • Restrict access of Your Personal Data to those of our employees who need to know Your Personal Data to do their job, and ensure that all our employees sign a confidentiality and data security clause as part of their terms of employment;

    • Follow tight security procedure, such as maintaining physical, electronic and procedural safeguards to protect Your Personal Data from unauthorised access as required under the UK data protection laws;

    • Continuously educate and train our employees about the importance of confidentiality and privacy of customer information;

    • Continuously monitor our systems for possible vulnerabilities and attacks; and

    • Regularly review and update our privacy controls and policy.

  11. Can I also do something to protect my Personal Data?
    Yes. Follow our quick tips below.

    To keep Your information as secure as possible:

    • Protect Your password:
      • Choose a password that is strong and that Your child is unlikely to guess. The password should include a mix of letters, numbers, and symbols
      • Never reveal Your password to anyone else;
      • Avoid using the same password for several internet sites;
      • Reset Your password every couple of months;
      • Sign out of Your account anytime You leave a shared or public computer
    • Protect Your email: include Your personal contact information only in the designated fields of Your Edumentors profile.
    • Protect Yourself from fraudulent messages, scams and phishing
      • Don’t share Your personal information, such as government issued ID numbers, birth date, credit and debit card or bank numbers with people You don’t know;
      • Use caution when clicking on links contained within messages.
    • Protect Your devices: ensure that Your devices incorporate some form of malware protection.
    • Explain the importance of online privacy to Your children: to help, we’ve drafted a short document explaining data privacy in a way that children may find more digestible. You can find it in clause 15.

  12. Will you share my Personal Data?
    Yes, we may share Your Personal Data with Your consent or as necessary to provide You with the Services You have requested.

    First of all, rest assured that we do not pass Your or Your family’s Personal Data to third parties for marketing purposes without Your permission.

    We may however access and disclose Your Personal Data in the following circumstances:

    • When the disclosure is requested by You;
    • When working with our business partners (e.g., banking partners, card processor, issuing bank, investment services providers, payment services provider, risk and security system providers); our suppliers (e.g., maintenance, analysis, audit, payments, fraud detection, marketing and development); and/or our subcontractors for the performance of any contract we enter into with them or You. For example, companies we have hired to assist in protecting and securing our system and services may need access to Personal Data to provide those functions. Note that such business partners, suppliers and subcontractors will only have access to Your Personal Data as reasonably necessary to perform these tasks on our behalf and will be obligated to not disclose or use it for other purposes;
    • When we sell, merge, or change the control of Edumentors or in preparation for any of these events, in which case the prospective buyer will have the right to continue to use Your Personal Data, but only in the manner set out in this privacy policy unless You agree otherwise;
    • When working with advertising and analytics providers: If we decide to engage advertisers to promote our Services, the advertisers and their advertising networks may require anonymised Personal Data to serve relevant adverts to You and others. We will not disclose identifiable information about You to advertisers, but we may provide them with aggregate information about our users. We may also use such aggregate information to help our advertising partners provide a tailored and targeted campaign, relevant for a subsection of our users. In some instances, we may use Your Personal Data we have collected to enable our advertising partners to display their advertisement to their target audience.
    • When required by law, subpoenas, court orders, or other legal process;
    • When we have a good faith belief that such disclosure is reasonably necessary to:
      • Investigate, prevent, or take action regarding suspected or actual illegal activities;
      • Enforce our agreement with You;
      • Investigate and defend ourselves against any third-party claims or allegations;
      • Maintain the security and integrity of our Services;
      • Protect the rights and security of Edumentors user’s, personnel, or others.
    • When we are under a legal duty to disclose or share Your Personal Data in order to comply with any legal or regulatory obligation or request such as subpoenas and court orders. We will use our best efforts to notify You about such legal demands when appropriate in our judgement, unless prohibited by law or court order or when the request is an emergency.

  13. What are my rights regarding my Personal Data?
    Your Personal Data is Yours and You can always access it, edit or delete it. Just contact us to request this.

    If You wish to exercise any of Your rights, as listed below, please contact us at privacy@edumentors.co.uk. We will be happy to help (unless we are prohibited by law from doing so). No administration fee will be charged for considering and/or complying with such a request unless the request is deemed to be excessive in nature. Here are Your rights:
    • To be informed what data we collect about you, how we store and process it (the right to be informed). We transparently share what data we collect and securely store about you in the “Data We Process” section below.
    • To ask us for copies of your personal information (the right of access). We will create a digital copy of your information and send it to you within 30 working days.
    • To ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete (the right to rectification).
    • Under certain circumstances, to require us to delete your personal information (the right to be forgotten).
    • Under certain circumstances, to require us to restrict processing of your personal information e.g., if you contest the accuracy of the data (the right to restrict processing).
    • Under certain circumstances, to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party (the right to data portability).
    • Under certain circumstances, to object to our continued processing of your personal information e.g., processing carried out for the purpose of our legitimate interests (the right to object).
    • To avoid getting stuck with an automated-decision making bot or a computer program and receive a response from a real human instead (the right to avoid automated decision-making)

    We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if Your request is particularly complex or You have made a number of requests. In this case, we will notify You and keep You updated.

    You can ask us to stop sending You promotional communications

    We usually like to send our customers special promotional communications such as newsletters, special offers and updates that we think will be of interest to them. When You sign-up You will have the choice to receive promotional communications from us or not by clicking the opt-in button. That opt-in covers both you and the children that you add to your Edumentors account.

    In line with the Data Protection Act 2018 we store that consent for you and your children separately. Until your child reaches the age of 13 if you are located in the UK and 16 if you are located in the EU, you can update his or her preferences. Once your child turns 13 if they are in the UK and 16 if they are in the EU, they can also update their own preferences. You (or your child if they are over 13) can always update Your preferences later by either logging into Your account or by replying with “Unsubscribe” to any of the promotional or newsletter emails.

    Please remember that we will always continue to send important Service information to You.

  14. What happens if my Personal Data is compromised?

    We always strive to be transparent with You. So, if we notice that Your Personal Data is compromised, we will take the following responsive action:
    • Notify You via email within 7 business days
    • Notify the users via in-site notification within 7 business days

  15. How can I explain this privacy policy to my child?

    At Edumentors, we believe it’s important to teach children about online safety. Topics like data protection and safe browsing can seem complicated at first glance. To help our members stay safe online, we’ve created this simple guide that you may like to share with your family.

    Imagine your parents bought you a new toy and your friend Edward wanted to borrow it. We can agree that Edward should:
    • Ask for your permission before using your toy;
    • Keep your toy safe and reassure you if you have questions about its safety;
    • Let you know and wait for your approval before allowing someone else to use your toy;
    • Respect your choices about what he can do with your toy;
    • Tell you if something goes wrong with your toy and be held accountable for it.

    Sounds straightforward enough, right? Well online data rights are just as simple. Let us walk you through it:

    Right to information You have the right to know exactly what toy Edward is borrowing from you and how he is going to use or store it. Same goes for your data: you have the right to know what kind of data the company collects about you and how it stores and uses it.

    Rights to access You have the right to know what is being done with your toy: is someone else using it? Where is it stored? Has Edward borrowed something else that you may have not noticed, like your lock?

    Same goes for your data: you have the right to know what data a company has borrowed, where it is being stored and if it is being shared with someone else. Just as you can ask Edward these questions at any time, you can ask a company too.

    Right to rectification You also have the right to ask Edward to stop using the toy the way you previously have allowed him to.

    For example you could tell him to stop playing with it at home and only play with it in his bedroom. You can always ask a company to stop using your data the way you first allowed them to, and instruct them on the way you want them to use it.

    Right to rectification You also have the right to ask Edward to stop using the toy the way you previously have allowed him to.

    For example you could tell him to stop playing with it at home and only play with it in his bedroom. You can always ask a company to stop using your data the way you first allowed them to, and instruct them on the way you want them to use it.

    Right to erasure Imagine you no longer like the fact that Edward has your toy and want him to return it to you or throw it away and forget that he ever had your toy. You have the right to return your toy or throw it in the bin. Similarly, you have the right to request the company to delete your data and forget about you. However, bear in mind that they might still be required to keep some information in case they need to show it to the police or other authorities.

    Right to object You can always ask a company to stop using your data the way you first allowed them to, and instruct them on how you want them to use it now. Maybe Edward misunderstood what he was allowed to do with the toy in the first place, and you want to re-instruct him. In the same way, you can also object to a company’s use of your data.

    Right to erasure You can also ask Edward to stop using your toy just because you changed your mind, or because there is no good reason left for him to use it. To be clearer: imagine that Edward borrowed your toy to play at school today. There is no reason for him to keep it after that, right? Similarly with your data: if the data is no longer needed for the purpose for which a company collected it, then the company must stop using it. You can ask a company to stop using your data at any time.

    Right to data portability Next, you can always ask Edward to give your toy back in the same condition you gave it to him originally. He must do so in a commonly accepted way, for example by delivering it to you on the next day, and not 10 years later. Same goes with your data: if you ask a company for your data they must provide you in the commonly used format.

    Right to automated decision making Imagine you lend your toy to Edward, and when you try to find out what he is doing with it, you keep reaching his answering machine saying “Edward is unavailable to answer your call but he wanted to let you know that he took your toy to the neighbours”. That’s not nice, is it? When you lend something and something is not being done correctly, you must be able to discuss the issue with a real person, and you are entitled to an explanation. It’s not right if a machine makes all the decisions without giving you any say in the decision making, right? Similarly, with your data: if a company uses machines to make decisions about your data, they must make sure that you can talk to a human about it and be given an opportunity to challenge the decision.


    Last but not least, when you lend your toy to Edward you expect him to tell you if something goes wrong with it. If Edward loses your toy for a few minutes and then finds it again and nothing bad happens to it because of this, then he might not need to tell you. But he must tell you about any serious loss or damage.

    For example, if somebody stole your toy, you would want Edward to not only notify you and the police right away, but also, you’d want him to act responsibly and be held accountable for the theft. Seems fair, right? Well, it’s the same for your online data! If something happens to your data, the company that allowed the misuse to happen should notify you about it and be held accountable for any damage.

    And that’s about it! We really hope this helped, but if you have more questions feel free to contact us at privacy@edumentors.co.uk.
  16. Will I hear from you if you make changes to this privacy policy?
    Yes, and your continued use of our Services after we publish or send a notice to You means that You are consenting to the updated privacy policy.     Finally, we also wanted to let you know that this policy will evolve over time as we grow and we will post any changes to this page, so feel free to check it from time to time. And don’t worry, if we’re making major changes, we will notify You via email or in-app notifications. Your continued use of our Services after we publish or send a notice about our changes to this privacy policy means that You are consenting to the updated privacy policy.
  17. How do I make a complaint?
    By contacting our Member Services team or our Data Protection Officer, if you are still unhappy you can lodge a complaint with the Information Commissioner's Office (ICO).     If you have a complaint about how we use your personal data please don’t hesitate to contact us at privacy@edumentors.co.uk or write to our Data Protection Officer at 505 Pinner Road, Harrow, Middlesex, England, HA2 6EH, United Kingdom. If you are unhappy with the way that we have dealt with your complaint, you can refer your complaint to the UK’s Independent Authority, the ICO. For more information you can visit their website at www.ico.org.uk or contact them via their helpline on 0303 123 1113.