GDPR Compliance
We are fully committed to protecting your personal data and complying with UK data protection laws.
Last updated: 21 January 2026
Dray's Learning Hub is fully committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR) and UK data protection laws. This page outlines how we ensure your rights are protected.
Our GDPR Principles
We adhere to the following data protection principles:
- Lawfulness, fairness, and transparencyWe process data legally and fairly, with clear communication about how we use it.
- Purpose limitationWe only collect data for specified, explicit, and legitimate purposes.
- Data minimisationWe only collect data that is necessary for our services.
- AccuracyWe keep personal data accurate and up to date.
- Storage limitationWe only keep data for as long as necessary.
- Integrity and confidentialityWe ensure appropriate security of personal data.
Your Data Rights
Under GDPR, you have the following rights regarding your personal data:
Right to Access
Request a copy of all personal data we hold about you
Right to Rectification
Request correction of inaccurate or incomplete personal data
Right to Portability
Receive your data in a structured, machine-readable format
Right to Erasure
Request deletion of your personal data in certain circumstances
How to Exercise Your Rights
To exercise any of your data protection rights:
Log into your account and visit the Privacy Settings page
Use our automated tools for data access and portability
Contact our Data Protection Officer for complex requests
We will respond to your request within 30 days
Legal Basis for Processing
We process personal data based on:
- Contract:To provide our educational services
- Consent:For marketing communications and optional features
- Legitimate interests:To improve our services and ensure security
- Legal obligations:To comply with applicable laws
- Vital interests:In emergency situations involving safety
Data Security Measures
We implement comprehensive security measures including:
International Data Transfers
All core platform data is stored in the UK. We do not transfer personal data outside the UK. Our commitments:
- All data hosted on AWS eu-west-2 (London region)
- No international data transfers
- Full transparency about data location and usage
- UK GDPR compliant data handling throughout
Data Retention
We retain personal data according to our retention policy:
- Account data: Retained for the duration of your account
- Learning data: Kept only as long as necessary for educational purposes
- Financial records: Retained as required by law
- Support data: Maintained for reasonable support purposes
- Marketing data: Until consent is withdrawn
Your Right to Complain
If you're not satisfied with how we handle your data, you have the right to lodge a complaint with:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AFHelpline: 0303 123 1113ico.org.uk
Contact Data Protection Officer
For any questions about GDPR compliance or to exercise your rights:
Our Commitment: Our ICO registration is currently in progress. In the meantime, we operate in full accordance with UK GDPR and the Data Protection Act 2018, maintaining the highest standards of data protection. Your privacy is fundamental to our mission of providing safe, effective educational technology.