GDPR Compliance

We are fully committed to protecting your personal data and complying with UK data protection laws.

Last updated: 21 January 2026

Dray's Learning Hub is fully committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR) and UK data protection laws. This page outlines how we ensure your rights are protected.

Our GDPR Principles

We adhere to the following data protection principles:

  • Lawfulness, fairness, and transparencyWe process data legally and fairly, with clear communication about how we use it.
  • Purpose limitationWe only collect data for specified, explicit, and legitimate purposes.
  • Data minimisationWe only collect data that is necessary for our services.
  • AccuracyWe keep personal data accurate and up to date.
  • Storage limitationWe only keep data for as long as necessary.
  • Integrity and confidentialityWe ensure appropriate security of personal data.

Your Data Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

Request a copy of all personal data we hold about you

Right to Rectification

Request correction of inaccurate or incomplete personal data

Right to Portability

Receive your data in a structured, machine-readable format

Right to Erasure

Request deletion of your personal data in certain circumstances

How to Exercise Your Rights

To exercise any of your data protection rights:

1

Log into your account and visit the Privacy Settings page

2

Use our automated tools for data access and portability

3

Contact our Data Protection Officer for complex requests

4

We will respond to your request within 30 days

Legal Basis for Processing

We process personal data based on:

  • Contract:To provide our educational services
  • Consent:For marketing communications and optional features
  • Legitimate interests:To improve our services and ensure security
  • Legal obligations:To comply with applicable laws
  • Vital interests:In emergency situations involving safety

Data Security Measures

We implement comprehensive security measures including:

End-to-end encryption for sensitive data
Regular security audits and penetration testing
Strict access controls and authentication
Data minimisation principles
Privacy by design in all new features
Regular staff training on data protection

International Data Transfers

All core platform data is stored in the UK. We do not transfer personal data outside the UK. Our commitments:

  • All data hosted on AWS eu-west-2 (London region)
  • No international data transfers
  • Full transparency about data location and usage
  • UK GDPR compliant data handling throughout

Data Retention

We retain personal data according to our retention policy:

  • Account data: Retained for the duration of your account
  • Learning data: Kept only as long as necessary for educational purposes
  • Financial records: Retained as required by law
  • Support data: Maintained for reasonable support purposes
  • Marketing data: Until consent is withdrawn

Your Right to Complain

If you're not satisfied with how we handle your data, you have the right to lodge a complaint with:

Information Commissioner's Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AFHelpline: 0303 123 1113ico.org.uk

Contact Data Protection Officer

For any questions about GDPR compliance or to exercise your rights:

Subject LineGDPR Inquiry - [Your Request]
Response TimeWithin 30 days

Our Commitment: Our ICO registration is currently in progress. In the meantime, we operate in full accordance with UK GDPR and the Data Protection Act 2018, maintaining the highest standards of data protection. Your privacy is fundamental to our mission of providing safe, effective educational technology.