Crux Education Privacy Policy
Your confidence in the way your data is handled is incredibly important. This Privacy Policy outlines the types of personal data collected prior to, during, or after an online diagnostic assessment, specialist tuition block, or workplace consultancy, alongside how that information is securely managed, stored, and protected.
It also outlines your statutory rights under current UK data protection legislation, how to reach out with updates, and how to contact the relevant supervisory body if you have a data handling concern.
1. Who I Am
Crux Education (operating via www.not-broken.co.uk) provides specialized educational support, independent diagnostics, and consultancy services. All services are developed and delivered by a fully qualified Specialist Teacher, Independent Assessor, and Special Educational Needs and Disabilities (SEND) Consultant with over 22 years of professional sector experience. Professional credentials held include:
- Post Graduate Certificate in Specific Learning Difficulties (Dyslexia)
- Post Graduate Certificate in SEN and Inclusion
- Graduate Diploma in Education (Middle Years of Schooling)
- Graduate Certificate in Education (Cognitive Psychology and Educational Practice)
- Member of the Chartered College of Teaching (MCCT)
- Member of the Dyslexia Guild (MDG)
- National Award for SEN Co-ordination (NASENCO)
To protect professional boundaries and clear online identity isolation necessary for school-integrated provisions, services are managed corporate-first under the Crux Education banner. The practice operates almost entirely online, delivering all consulting, specialist tuition, and remote testing evaluations through secure digital platforms.
2. Protecting Your Data & Current Legislation
When collecting or processing personal data, this practice operates under the strict regulations of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. As the designated 'controller' of this personal information, full professional registration is maintained with the Information Commissioner’s Office (ICO) under registration number: ZB363967.
3. The Personal Information Collected and Used
The information collected is limited strictly to items required to deliver secure online educational services (diagnostic assessments, individual tuition, or workplace evaluations) or to keep you informed about milestones you reasonably expect within a professional relationship. This includes:
- Identity Data: Full name, title, and date of birth.
- Contact Data: Valid email address (utilized as the core, primary pathway for all service scheduling, secure file distribution, and remote reporting).
- Background, Educational & Professional Data: Pre-assessment checklists, historical schooling or workplace overviews, job specifications, and previous evaluation profiles to accurately tailor tuition strategies or diagnostics.
- Family Data: Where contact is initiated by a parent or legal guardian, essential information relating directly to the child or young person.
- Technical Data: Minimal digital session footprints technically necessary to securely log into digital video consultations, execute specialized remote testing batteries, or verify document downloads.
4. Website Forms & Information Security
To provide a completely modern, high-privacy user experience, none of the web forms built into this website store your data inside a web-accessible database. When you input details into the online contact form, the form acts exclusively as an instantaneous transit vehicle to securely package and route your message straight to the primary secure email address. The contact form is the single element on this entire website that handles or transmits information outward; no information remains sitting on a public web server database.
5. Cookies Statement
This website operates a minimal tracking architecture. No tracking cookies, marketing cookies, or behavioral analytics codes are active across the domain. The platform uses small session-based technical variables strictly for user experience, ensuring visual scripts run smoothly, interface features render fast, and layout settings remain structurally balanced during your visit.
6. How Personal Information is Used
Personal information is processed specifically to:
- Deliver requested online consulting or educational provisions (such as compiling diagnostic assessment reporting, formatting tailored remote tuition sessions, or processing corporate adjustments).
- Formulate individualized strategy profiles, advice, and guidance plans regarding dyslexia and related neurodiverse learning preferences.
- Fulfill legal and statutory accounting rules, including tax declarations and internal audit trails.
7. Lawful Bases for Processing
Data processing is justified under the following statutory UK GDPR lawful foundations:
- Contractual Obligation: Processing is required to complete the specific agreements entered into to execute your educational assessment, tuition path, or corporate evaluation.
- Legitimate Interests: Running a specialized advisory practice that produces legally robust, highly customized educational support and workplace accommodations.
- Explicit Consent (Special Category Data): Because diagnostic investigations track neurodiversity markers and health profiles (and occasionally involve minors), explicit, signed consent forms are gathered prior to initiating online services to handle this special category information safely.
8. Who Information is Shared With
Your privacy is rigorously preserved. Because services span private clients, tuition blocks, and corporate workplace agreements, files are never broadcasted or standardly cross-shared unless explicitly authorized:
- Schools, Colleges, or Universities: Completed diagnostic evaluations or academic summaries are shared with an educational institution only if you have provided clear, written authorization to distribute them.
- Workplaces & Corporate Employers: For workforce accommodations or evaluation consultations, reports are issued directly to pre-approved HR contacts or line managers exclusively with your explicit prior consent.
- Legal Mandates: Data would only be disclosed to statutory UK law enforcement or regulatory departments if explicitly compelled under strict UK law.
9. International Data Transfers
As a digital-first operation, all client communications, reporting modules, and documentation systems leverage modern secure encryption. No personal data is exported or transferred outside of the United Kingdom, keeping all information permanently within the jurisdiction of UK data protection boundaries.
10. Data Retention Rules
Files and data logs are managed and preserved according to standard UK statutory limitations and professional insurance frameworks:
- Children and Young Persons: Case histories and reports are safely stored until exactly 6 years past the individual's 18th birthday (i.e., when they reach age 24).
- Adults (Diagnostics, Tuition, and Corporate Workplace Consultancy): Records are stored for a standard timeline of 6 years from the final point of service conclusion.
11. Data Security Measures
To preserve total privacy and exclude third-party visibility, technical workflows utilize the following architecture:
- Client background documentation is pseudo-anonymized or anonymized using local secure reference keys unless absolute identifiable traits are needed for statutory or certificate formatting.
- All operational reports, evaluation sheets, and core communications are fully password-protected.
- Digital storage systems are kept fully on locally isolated, encrypted physical drives rather than unprotected public cloud clouds.
- A robust internal data breach plan is maintained. You and the ICO will be alerted immediately if an unauthorized data exception ever occurs where legally required.
12. Your Statutory Rights & The Right to be Forgotten
You have extensive rights under UK data protection laws, which can be invoked at any time without charge:
- The Right of Access: You can ask for a full copy of all personal records held about you.
- The Right to Rectification: You can instruct me to update or fix obsolete or incorrect details immediately.
- The Right to Erasure (The Right to be Forgotten): You have the right to request the deletion of your personal records. Important Exception: This right is not fully absolute under UK law; it can be superseded where professional indemnity rules or legal defense requirements mandate keeping diagnostic records open across the statutory 6-year retention terms noted above.
- The Right to Restrict Processing: You can ask to halt active data processing under distinct administrative conditions.
- The Right to Data Portability: You can request your data files in an organized, standard machine-readable file format.
- The Right to Object: You can challenge processing models founded on legitimate interest parameters.
To invoke any statement or rights detailed above, simply send an email directly to hello@not-broken.co.uk detailing your request, full name, and relevant service window framework.
13. How to Raise a Complaint
Every effort is made to resolve any system questions or structural data updates cleanly. Please email any immediate questions directly to resolve them without delay.
If you remain unsatisfied with a data response, you maintain the full legal right to lodge a formal report with the UK supervisory body, the Information Commissioner’s Office (ICO). They can be formally researched or reached below:
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline Number: 0303 123 1113
Official Website: https://www.ico.org.uk