Pupil Asset Privacy Policy

Pupil Asset is committed to protecting and respecting your privacy

This Privacy Notice sets out how Pupil Asset collects, uses, maintains and discloses Personal Data, including any information provided through our website(s) (the “Website”) or the Pupil Asset Management Information System (the “Software”).

Your privacy is of the utmost importance to us. Please read this Privacy Notice carefully to understand our views and practices regarding your personal data and how we will treat it.

Whenever you provide Personal Information, we are legally obliged to use it in accordance with the laws concerning the protection of Personal Information.

By “Personal Information” we refer to information collected or held by Pupil Asset that identifies and relates to you as an individual.

Who we are

PUPIL ASSET LIMITED incorporated and registered in England and Wales with company number 07310870 whose registered office is at Conisford Court, 36 Rose Lane, Norwich, England, NR1 1PN (“Pupil Asset”).

For the purposes of the General Data Protection Regulations, the Data Protection Act 2018 and any other applicable data protection and privacy laws and regulations (“Data Protection Legislation”), Pupil Asset will be the ‘data controller’ for all Personal Information we determine the means and purpose of processing and has registered with the Information Commissioners Office under registration number Z259587X.

Information we collect and use at Pupil Asset

We gather and use Personal Information in the following circumstances.

When you engage with us as a client

When you become a Pupil Asset client we will collect the information required to set up an account including your name, email address, work, business address and details, your role within the organisation that contracts Pupil Asset and any additional information we need to identify what services you will require from us.

We collect transactional information informing us of the services you have purchased from Pupil Asset and we will also need to collect payment and invoice information to collect fees for our services.

We hold any Personal Information that you proactively enter into the Software regarding you as a customer and account holder of Pupil Asset. All other information we hold on your behalf within the Software is held in our capacity as a processor.

We may collect additional information you volunteer to us when calling our support staff regarding any elements of our service. We will only retain the Personal Information pertinent to delivering your services.

We require of all this information to process the contract you have us asked to perform for you.

When you express an interest in our services

If you have opted in to receive our updates and marketing communications we will handle your Personal Information (including: your name, email address and business details) to provide you with marketing communications in line with any preferences you have told us about.

You are not under any obligation to provide us with your Personal Information for marketing purposes.

Every email we send to you for marketing purposes will also contain instructions on how to unsubscribe from receiving them. You can withdraw your consent to process Personal Information at any time by emailing [email protected].

If we rely on the legitimate interest of our business as the legal grounds to process your information for marketing purposes, we will always notify you of this and your right to object to this processing. Please see “Your right to object” below. All of our marketing communications will always contain clear instructions on how to unsubscribe from future communications.

The information we request via the contact form on our “Contact” web page is processed specifically to provide you with the services you have requested or respond to your enquiry appropriately.

When you use our website

We may also collect technical information about you when you visit the Website. This information may include the IP address used to connect your computer to the Internet, your browser type, time zone setting, operating system and platform, browser plug-in types and version, the full URL clickstream to, through and from the Website, page response times, download errors, length of visits to certain pages, page interaction (such as scrolling, clicks and mouse-overs) and methods used to browse away from the page.

This information is stored and used for aggregated and statistical reporting. The collected information is used to provide an overview of how people are accessing and using the Website.

When you phone us

When you phone us, we may also handle your Personal Information (your name, contact details and the other details you provide to us during the call) in order to service your enquiry or provide the customer services you have asked us to perform.

If you apply to join us, become a member of our staff or provide services to Pupil Asset

If you apply for a role with us, we may receive Personal Information directly from you or via a third party (such as a recruitment specialist) which we will only use for the purposes of helping you progress your application. Further details regarding the Personal Information we process in these situations will be provided in our candidate or employee/worker privacy notices. A copy of these privacy notices will always be available to the applicable Data Subjects by contacting the address below.

We collect Personal Information from our providers to ensure they meet our criteria for fitness to work with our clients (such as qualifications and professional experience) as well as invoice details to allow us to pay you for your services to Pupil Asset.

We will process this information under the lawful basis of requirement to perform the terms of your employment contract or service the agreement between yourself and Pupil Asset. If we are collecting sensitive information from or about you, we will always ensure that an exemption to the prohibition to processing such data always applies and the relevant policies are in place.

If you fail to provide us with personal information

You always reserve the right to withhold your Personal Information, but this may affect how we provide our services.

Where we need to collect Personal Information by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.

Lawful basis of processing

We will only process your information for as long as we have a relevant legal basis to do so. This is usually in order to provide you with the services you have requested from Pupil Asset and unless stated, all processing is conducted under the legal basis of performance of a contract.

If we are required to retain any of your Personal Information for our own management records or to enable us to establish or defend and legal claims, we shall do so under our legitimate interest to manage and protect our business. We will also rely on our legitimate interests when using any Personal Information to secure and improve our business, Website and Software offerings.

We will only use your Personal Information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we consider the new purpose to be incompatible with the original purpose of collection, we will conduct a Privacy Impact Assessment or contact you to request your consent for further processing. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at [email protected].

Protecting your Information

We take our security obligations very seriously and constantly monitor for breaches and potential weaknesses.

Pupil Asset is committed to ensuring that data is stored, archived or disposed of in a safe and secure manner. We have procedures in place to try and prevent any unauthorised access or disclosures and to safeguard and keep secure the information that we collect.

We use computer safeguards such as firewalls and data encryption. Data is encrypted in transit and at rest to AES-256 level. Physical access controls to our buildings and files are enforced, and we authorise access to Personal Information only for those employees who require it to fulfil their job responsibilities.

However, you should be aware that providing information over the internet can never be guaranteed as being completely safe and if you choose to send such information to us via the internet, you do so at your own risk.

Transfer of data outside of the EU

We shall not transfer any Personal Information to any country outside of the European Economic Area unless we ensure that such Personal Information is subject to an adequate level of protection and appropriate legal safeguards in accordance with Data Protection Legislation. If you wish to access your Personal Information, we will inform you of the transfers we make (if any) and the legal safeguards we have employed to ensure the ongoing security and protection of your data.

Data Protection Officer

To ensure we continue to monitor our obligations under Data Protection Legislation, Pupil Asset has appointed a data protection officer (DPO). If you wish to contact the DPO regarding any specific elements of Pupil Asset’s data handling, please send your enquiries for attention of the DPO to [email protected].

Sharing your Information with others

If and when we share your data, we always do so under a legal obligation or a written agreement governing how your data must be protected.

Please be assured that we will not share your information for any other reason unless we are required by law or permitted to do so under this Privacy Policy. The main circumstances in which we will be permitted or required to disclose this is by law will be by court order, to government bodies and law enforcement agencies. However, sometimes we may share your information with third parties in the following ways:

– we may use carefully selected sub-processors to help us collect, store or manage your information. This will always be managed under the terms of a written data processing agreement; during the course of providing our services we may use professional contractors who will receive the Personal Information required to perform their role, this will always be governed by written terms of business and an accompanying data processing agreement;

– analytics and search engine providers that assist us in the improvement and optimisation of the Website; and

– if Pupil Asset is acquired by a third party, in which case Personal Information held by it about its customers will be one of the transferred assets. We process your Personal Information for this purpose because we have a legitimate interest to ensure our business can be continued by the buyer. If you object to our use of your Personal Information in this way, the relevant seller or buyer of our business may not be able to provide services to you.

Retailing your Personal Information

We will only retain your Personal Information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your right to object

You have the right to object to us handling your Personal Information when:

– we are handling your Personal Information based on our legitimate interests. If you ask us to stop handling your Personal Information in this way, we will stop unless we can show you that we have compelling grounds as to why our use of your Personal Information should continue; or

– for marketing purposes. If you ask us to stop handling your Personal Information on this basis, we will stop.

Your rights to control your personal information

You can exercise the following rights to your data by contacting us at [email protected].

Right of access

You are entitled to receive confirmation as to whether your Personal Information is being processed by us, as well as various other information relating to our use of your Personal Information. You also have the right to a copy of the Personal Information which we are handling regarding you.

Right to rectification

You have the right to require us to rectify any inaccurate Personal Information we hold about you. You also have the right to have incomplete Personal Information we hold about you completed, by providing a supplementary statement to us.

Right to restriction

You can restrict our processing of your Personal Information where:

– you think we hold inaccurate Personal Information about you;

– our handling of your Personal Information breaks the law, but you do not want us to delete it;

-we no longer need to process your Personal Information, but you want us to keep it for legal reasons; or

– we are handling your Personal Information because we have a legitimate interest (as described in the “Information we collect and use” section above, and are in the process of objecting to this use of your Personal Information.

Where you exercise your right to restrict us from using your Personal Information, we will then only process your Personal Information when you agree, except for storage purposes and to handle legal claims.

Right to data portability

You have the right to receive the Personal Information we hold about you in a structured, standard machine-readable format and to send this to another organisation controlling your Personal Information.

Right to erasure

You have the right to require us to erase your Personal Information which we are handling in the following circumstances:

– we no longer need to use your Personal Information for the reasons we told you we collected it for;

– where we needed your consent to use your Personal Information and you have withdrawn your consent;

– you object to our use of your Personal Information and we have no compelling reason to carry on handling your Personal Information;

– our handling of your Personal Information has broken the law; or

– we must erase your Personal Information to comply with a law we are subject to.

Right to complain

You have the right to issue a complaint directly with the Information Commissioners Office, the data protection supervisory authority for England and Wales (https://ico.org.uk/concerns/).


A cookie is a small data file that certain websites write to your hard drive when you visit them. The only Personal Information a cookie can obtain is information supplied by the user. A cookie cannot read data from your hard disk or read cookie files created by other sites.

You can refuse cookies by turning them off in your web browser and you do not need to have cookies turned on to successfully use our website. Most browsers are defaulted to accept and maintain cookies and you can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it or not.

We use the following cookies:

Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.

Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

Changes to this Privacy Notice

We may change this Privacy Notice at any time to ensure it always accurately reflects the way we collect, use and safeguard your Personal Information.

Please check this notice from time to time to ensure you are aware of any updates we may have made to our Personal Information handling practices. The date of the changes will be listed in the ‘Last updated’ section below. We will endeavour to notify all of our current clients of any updates to this notice via email and we will post the relevant announcement on our website homepage.

We recommend that you print a copy of this page for your reference.

Contacting us

Please contact us at [email protected] if you have any questions, comments or requests regarding this Privacy Notice.