Privacy Notice for York Medic Tutors
Effective Date: 25th June 2026
Last Updated: 25th June 2026
York Medic Tutors (“we”, “our”, or “us”) is committed to protecting and respecting your privacy. This Privacy Notice explains how we collect, use, disclose, and safeguard your personal information when you visit our website https://yorkmedictutors.co.uk (the “Site”) or use our tutoring services.
We are the data controller of the personal information we process, and we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are and How to Contact Us
- Business Name: York Medic Tutors
- Website: https://yorkmedictutors.co.uk
- Contact Email: admin.yorkmedictutors@gmail.com
- Postal Address: [Insert your business address – if you work from home, you can use your home address or a registered business address]
If you have any questions about this Privacy Notice or how we handle your personal information, please contact us at the email address above.
2. A Special Note for Students (Under 18) and Their Parents/Guardians
Because we work with students, we take extra care to protect the privacy of children.
- For Parents/Guardians: We will always provide this privacy information to you directly when you contact us. We rely on your consent or our contractual relationship with you to arrange tutoring for your child.
- For Students: We want you to understand what happens with your information. Here is a simple explanation:
Why we collect your info: We ask for your name, year of study, and what subjects you are studying so we can find the right tutor and help you learn.
How we use it: We will use your name and your parent’s or student’s email address to arrange your lessons via email and to send you the Google Meet link for your sessions.
We do not share your information with anyone except Google (for the video call) and we do not store your payment card details.
Your rights: You have the right to ask us to delete your information at any time. Just ask your parent/guardian to email us, and we will do so unless we have a legal reason to keep it (for example, to comply with tax laws).
3. What Personal Data We Collect
We collect very limited personal data. Because our website does not have logins or user accounts, we only collect data you voluntarily give us or that is automatically generated by your browser.
We collect the following categories of personal data:
- Student Data: The student’s full name, year of study, and the specific subjects they are studying (to match them with the correct tutor).
- Parent/Guardian Data: The parent’s or guardian’s full name and email address (to arrange lessons and send payment instructions).
- Communications Data: The content of any messages you send us via our website’s contact form or by direct email.
- Technical Data: When you visit our Site, we may automatically collect basic technical information, including your IP address, browser type, time zone setting, and operating system (via default WordPress functionality).
We do not collect, store, or process any payment card details (e.g., credit/debit card numbers). Payments are arranged manually between you and the tutor, and we have no access to your financial information.
4. How We Collect Your Data
We collect personal data in the following ways:
- Direct Interactions: You provide us with Identity, Contact, and Communications Data by filling in our contact form or emailing us directly.
- Automated Technologies: As you interact with our website, WordPress may automatically collect Technical Data about your browsing actions and IP address for basic security and site maintenance. We do not use any separate analytics tools (such as Google Analytics).
5. How We Use Your Data and Our Lawful Bases
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
| Purpose/Activity | Type of Data | Lawful Basis for Processing |
| To respond to your enquiries submitted via our contact form or email. | Identity, Contact, Communications | Legitimate Interests: to respond to enquiries and provide information about our tutoring services. |
| To arrange and administer tutoring lessons, including scheduling, matching tutors, and logistics. | Student Data, Parent/Guardian Data | Contract: to perform our contract with you (or the parent/guardian) and provide the tutoring services requested. |
| To communicate with you about your lessons (e.g., confirming bookings, sending joining instructions for Google Meet). | Identity, Contact | Contract: to perform our contract with you. |
| To improve our website and basic security. | Technical (IP address) | Legitimate Interests: to keep our website secure, updated, and functioning properly. We do not use this data to track individuals for marketing. |
| To comply with legal and regulatory obligations (e.g., tax records). | Identity, Contact, Communications | Legal Obligation: to comply with laws, such as record-keeping for HMRC. |
What “Legitimate Interests” Means for You
This term is heavily abused in the advertising industry to justify the tracking of personal data (by claiming customers want to receive personalised ads). We do not use “legitimate interests” to track you online, send you marketing emails, or share your data with anyone else. We only use your information for the specific tutoring services you have asked us to provide.
When we say we rely on “legitimate interests,” we mean that we have a valid business reason for using your information, and that reason does not unfairly override your privacy rights.
For York Medic Tutors, our legitimate interests are:
- Running our tutoring business – we need to respond to enquiries, match students with tutors, and arrange lessons.
- Communicating with you – we need to use your contact details to send you lesson confirmations, Google Meet links, and payment information.
Your right to object: Because we rely on legitimate interests, you have the right to object to this processing at any time. If you object, we will stop using your information for these purposes unless we have a compelling legal reason to continue. To object, simply email us at admin.yorkmedictutors@gmail.com.
A Note for Students
We know legal terms can be confusing. Here is what “legitimate interests” means for you:
- It means we have a good reason to use your name, year of study, and subjects.
- That good reason is to find you the right tutor and to arrange your lessons.
- We do not use your information for anything else – no advertising, no tracking, and no sharing with strangers or third-parties.
- You have the right to ask us to stop using your information at any time. Just email us, or ask your parent or guardian to do so at admin.yorkmedictutors@gmail.com, and we will do so unless we have a legal reason to continue (for example, to comply with tax laws).
6. Sharing Your Data
We will not share your personal data with third parties for their marketing purposes. We only share your data with:
- Google (Google Meet): We use Google Meet to facilitate video tutoring sessions. When you click a meeting link, your browser connects to Google’s servers. For more information on how Google handles data, please see Google’s Privacy Notice at https://policies.google.com/privacy.
- Email Service Providers: We use email to communicate with you. Our emails are processed through standard email hosting services.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.
7. International Transfers
To run our tutoring business, we use two services provided by Google LLC, a company based in the United States:
- Gmail – for our business email and all written communication with parents, guardians, and students.
- Google Meet – for conducting our online tutoring sessions.
When we email you, or when you join a Google Meet session, your personal information (such as your name, email address, phone number, and the content of our conversations) is processed on Google’s servers. These servers may be located outside the UK, including in the United States.
To ensure your personal information is fully protected, we rely on Google’s compliance with UK data protection law. Google has put in place the required legal safeguards—specifically, the International Data Transfer Agreement (IDTA) and standard contractual clauses—to ensure that your data is protected to the same high UK standards, even when it is processed abroad.
We do not share your data with any other third parties outside the UK.
For more information on how Google handles and protects your data, please see Google’s Privacy Notice:
https://policies.google.com/privacy
8. Data Security
We take the security of your personal information seriously and have put in place appropriate measures to protect it.
Our security measures include:
- Access controls: Only the tutors and administrators who need to see your information to arrange lessons have access to it.
- Password protection: All our devices, email accounts, and online services are protected by strong, unique passwords.
- Secure communications: We use Google’s secure infrastructure for email (Gmail) and video calls (Google Meet), both of which encrypt data in transit.
- Data minimisation: We only collect the information we genuinely need to provide our tutoring services – we do not collect or store payment card details or unnecessary personal data.
- Staff awareness: We understand our responsibilities under data protection law and handle your information with care.
We regularly review our security practices to ensure your information remains protected. In the unlikely event of a data breach that could affect your rights or freedoms, we have procedures in place to notify the Information Commissioner’s Office (ICO) within 72 hours and to inform you without undue delay.
9. Data Retention
We keep your personal data only for as long as we need it for the purposes we collected it.
Our retention periods are as follows:
Enquiry data (messages sent via our contact form or by email):
- If you do not become a client, we keep these for one month after our last message to allow for follow-up communication. If you have told us you wish to continue the conversation at a later date (for example, nearer the start of the school year), we will keep your data until one month after that date, unless we receive a new message from you, in which case the one-month period resets. We will then securely delete your data.
- If you do become a client, your enquiry data becomes part of your client record (see below).
Client data consists of names, contact details, student’s year of study, subjects, and the full email history relating to your tutoring. We keep this for the duration of your tutoring sessions and for one year after your last session for administrative purposes (for example, to handle follow-up questions about payments or which sessions took place). After this period, we securely delete it.
Financial records (invoices, payment confirmations, emails relating to payments): We are required by HMRC to keep these records for at least 5 years after the 31 January submission deadline of the relevant tax year (for sole traders). After this period, we securely delete them.
Gmail and Google Meet data: Your emails and session data are stored on Google’s servers. Please see Google’s Privacy Notice for information on how they handle retention.
Your right to request deletion: You can ask us to delete your personal data at any time by emailing us at admin.yorkmedictutors@gmail.com. However, this right is not absolute. We may refuse deletion if we still need the data for a legitimate reason, such as:
- Performing our contract with you (for example, we need to keep a record of what was agreed during your tutoring).
- Defending against potential disputes (for example, if there is a disagreement about what was promised or delivered).
- Complying with legal obligations (for example, HMRC requires us to keep financial records for a minimum period).
If you request deletion while you are still an active client, we will typically need to keep your data until your tutoring has ended, so we can continue to provide the service you have asked for. If you are a former client, we will delete your data in line with the retention periods above, unless we have a specific legal reason to keep it longer.
We regularly review the personal data we hold and securely delete or anonymize any data we no longer need.
10. Your Data Protection Rights
Under UK data protection law, you (and your child) have the following rights:
- Right to Access: You have the right to request access to the personal data we hold about you or your child.
- Right to Rectification: You have the right to request that we correct any incomplete or inaccurate data.
- Right to Erasure: You have the right to request that we delete or remove your personal data in certain circumstances.
- Right to Restrict Processing: You have the right to request that we suspend the processing of your personal data.
- Right to Object: You have the right to object to our processing where we are relying on a legitimate interest.
- Right to Data Portability: You have the right to request the transfer of your personal data to you or to a third party.
If you wish to exercise any of these rights, please contact us at admin.yorkmedictutors@gmail.com.
11. Cookies
Our website uses only strictly necessary cookies required for the operation of our website. Specifically, we use the wordpress_test_cookie to check whether your browser accepts cookies. This cookie contains no personal data and is deleted when you close your browser.
We do not use any third-party tracking cookies, advertising cookies, or social media cookies, nor do we use cookies for any of the main functionalities provided on the website.
12. Contact Forms and Email
Our website uses a contact form to manage enquiries. When you submit a contact form, we receive your name, email address, and the message you send us.
We keep these submissions in our email system to track enquiries and provide customer service. We do not use the information submitted through the form for marketing purposes, nor do we add it to any mailing lists without your explicit consent.
13. Analytics and Third-Party Plugins
We do not use any analytics tracking software (such as Google Analytics) on our website.
We do collect basic technical data (IP address, browser) for security and performance monitoring, but we do not use this data to create profiles or target advertising.
14. Data Breach Procedures
We take data security seriously. We have internal procedures in place to detect, report, and investigate a personal data breach. In the event of a breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform you directly without undue delay.
15. Third Parties We Receive Data From
We do not receive personal data about you from any third parties (such as advertisers or data brokers).
16. Changes to This Privacy Notice
We keep our Privacy Notice under regular review. Any changes we make will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see updates.