Last updated: 13 September 2025

PM Interview Prep (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you visit our website, use our tutoring and mentoring services, or otherwise interact with us.

Important: Please read this Policy carefully. By using our services, you agree to the practices described here. If you do not agree, please do not use our services.
 

1) Who we are (Data Controller)

• Legal entity: [PM Interview Prep Ltd]
   
• Registered address: [Full postal address]
   
• Email (privacy): [privacy@…]
   
• Telephone: 07490236731
   
• Data Protection Lead / DPO (if appointed): [Name, email]
   

This Policy covers our website, communications, and all tutoring services delivered online or in person.

2) The personal data we collect

We may collect and process the following categories of data:

• Identity & contact data: name, title, date of birth/age band, email, phone, address, parent/guardian details (for students under 18).
   
• Education & application data: school/college, year group, subjects, grades, test scores, UCAS timelines, medical school interests, interview history and notes, goals.
   
• Service data: session bookings, attendance, learning preferences, progress notes, homework or practice materials, feedback forms, recordings (where applicable and lawful).
   
• Financial & transaction data: invoices, payments (handled by our payment processor), bursary eligibility information you provide.
   
• Correspondence: emails, messages, survey responses, testimonials (with consent).
   
• Technical & usage data: IP address, device/browser info, site usage analytics, cookies (see §10).
   
• Special category data (only if voluntarily provided and strictly necessary): e.g., information about disabilities or learning needs to facilitate reasonable adjustments. We rely on your explicit consent or another lawful basis where applicable and store such data with heightened protections.
   
• Children’s data: We work with students under 18. See §12 for how we protect children’s data and obtain appropriate consents.
   

Sources: We collect data directly from you (or your parent/guardian), from returning alumni who become tutors, from schools/referrers (where authorised), and from service providers (e.g., payment or video platforms).

3) Purposes & legal bases for processing

We process your personal data for the purposes below, under the UK GDPR/Data Protection Act 2018 (and EU GDPR where applicable):

• Providing our services (deliver tutoring, mentoring, scheduling, session matching, feedback, resources).
   
  • Legal bases: Contract (to perform a contract with you/your parent), Legitimate interests (to run and improve our services), and Consent (where required, e.g., recordings or special category data).
     
• Admissions and learning support (designing a tailored plan, tracking progress, producing reports for families).
   
  • Legal bases: Contract, Legitimate interests; Consent for any sensitive data.
     
• Communications (service updates, reminders, administrative messages).
   
  • Legal bases: Contract, Legitimate interests.
     
• Marketing (newsletters, promotions, success stories).
   
  • Legal basis: Consent where required; you can opt out anytime (see §9).
     
• Bursary administration (assessing eligibility, processing awards).
   
  • Legal bases: Legitimate interests, Consent where sensitive data is involved, Legal obligation for financial records.
     
• Payments & invoicing (processing payments, preventing fraud).
   
  • Legal bases: Contract, Legal obligation, Legitimate interests.
     
• Analytics & site improvement (measure performance, diagnose issues).
   
  • Legal basis: Legitimate interests; Consent for non-essential cookies (see §10).
     
• Legal, regulatory & safeguarding (comply with law, respond to requests, protect vital interests).
   
  • Legal bases: Legal obligation, Vital interests, Legitimate interests.
     

We do not use your data for automated decision-making that produces legal or similarly significant effects.

4) Disclosures & recipients of personal data

We share data only as needed and with appropriate safeguards:

• Tutors & staff (including returning alumni engaged by us): to deliver sessions, track progress, and provide feedback.
   
• Service providers / processors acting on our instructions, such as:
   
  • Payment processors, accounting software
     
  • Video platforms and scheduling tools
     
  • Learning management and document storage systems
     
  • Email/CRM and analytics providers
     
  • Cloud hosting and IT support
     
• Schools or referees (where you ask us to coordinate or provide reports).
   
• Professional advisers (lawyers, auditors, insurers) under confidentiality.
   
• Authorities (regulators, law enforcement) where legally required or to protect rights/safety.
   
• Business transfers (merger, acquisition). We will notify you where required by law.
   

We do not sell your personal data.

5) International data transfers

Some processors may be located outside the UK/EEA. Where we transfer data internationally, we implement lawful safeguards such as:

• Adequacy regulations (UK/EU recognised countries), and/or
   
• Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA), plus supplementary measures where appropriate.
   

You can request details of specific safeguards (see §15).

6) Data security

We implement appropriate technical and organisational measures, including (as relevant):

• Role-based access controls; staff/tutor confidentiality obligations
   
• Encryption in transit and at rest (where supported)
   
• Secure configuration and patching; multi-factor authentication where feasible
   
• Data minimisation and retention controls
   
• Vendor due diligence and contractual data protection clauses
   
• Incident response procedures
   

No system is 100% secure; we work to prevent, detect, and respond to risks promptly.

7) Data retention

We keep personal data only as long as necessary for the purposes in §3 and to meet legal, accounting, or reporting requirements. Typical periods (subject to change):

• Prospective enquiries (no ongoing services): up to 24 months from last contact.
   
• Students & families: up to 7 years from the end of services (to support records and potential queries).
   
• Financial records: at least 6 years (statutory requirements).
   
• Recordings/materials (if applicable): retention stated at the time of collection or until consent is withdrawn.
   

We will securely delete or anonymise data when it is no longer needed.

8) Your rights

Subject to conditions and applicable law (UK/EU GDPR), you have the right to:

• Access your personal data and receive a copy
   
• Rectify inaccurate or incomplete data
   
• Erase data (right to be forgotten)
   
• Restrict processing
   
• Object to processing based on legitimate interests or direct marketing
   
• Portability (receive/transmit certain data)
   
• Withdraw consent at any time where processing relies on consent (this won’t affect prior lawful processing)
   

To exercise your rights, see §15.

9) Marketing preferences

We send marketing communications only in line with applicable law. You can:

• Click unsubscribe in emails; or
   
• Email us at [privacy@…] with your request.
   

We may still send service/transactional messages (e.g., booking confirmations).

10) Cookies & tracking

We use cookies and similar technologies to operate our site, remember preferences, and measure performance. Categories include:

• Strictly necessary (site security, session management)
   
• Functional (preferences, improved experience)
   
• Performance/analytics (traffic and usage)
   
• Advertising (only if used; requires consent where applicable)
   

Where required, we’ll ask for your consent for non-essential cookies. You can change preferences via our cookie banner or your browser settings. For more detail, see our Cookie Policy [link to your cookie policy].

11) Third-party links

Our site may link to third-party websites or platforms. We are not responsible for their privacy practices. Please review their policies before providing personal data.

12) Children’s privacy

We support students under 18 and treat children’s data with heightened care.

• For online services directed to children in the UK, if a child is under 13, we obtain parental/guardian consent where required.
   
• We generally involve a parent/guardian in contracting and communications for under-18 students.
   
• We collect only data necessary to provide our services and apply additional safeguards (access limits, shorter retention where appropriate).
   

13) Special category data & accessibility

If you choose to share information about health, disabilities, or learning needs to help us make reasonable adjustments:

• We will process it only with your explicit consent or where otherwise lawful and necessary.
   
• We limit access to those who need to know and apply enhanced protections.
   
• You can withdraw consent at any time (we may then be unable to provide certain adjustments).
   

14) Bursaries

To administer bursaries, we may ask for limited financial or eligibility information. We use this only to assess and manage bursary support and keep it as briefly as necessary. Supporting documents are stored securely and access is restricted.

15) How to contact us & exercise your rights

To make a request or ask a question about this Policy or our data practices, contact:

• Email: [privacy@…]
   
• Post: [PM Interview Prep Ltd, Full postal address]
   
• Telephone: [Company phone]
   

We aim to respond within one month (extensions are possible for complex requests, permitted by law). We may need to verify your identity.

16) Complaints

You have the right to lodge a complaint with the UK regulator:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113

We would appreciate the chance to address your concerns before you approach the ICO, so please contact us first.

17) International users

If you reside in the EEA or other regions with specific privacy laws, we will honour your local rights where applicable and use appropriate transfer safeguards (see §5). For EU residents, our legal bases mirror those set out in §3.

18) Changes to this Policy

We may update this Policy from time to time. Changes take effect when posted on our website (see “Last updated” date above). If changes are material, we will provide a prominent notice or contact you directly where required.

19) Definitions (plain English)

• Personal data: Information that identifies or can identify an individual.
   
• Processing: Any operation on personal data (collecting, storing, using, sharing, etc.).
   
• Controller/processor: The controller decides why/how data is processed; a processor acts on the controller’s instructions.
   
• Legitimate interests: Our reasonable business interests balanced against your rights.