Legal

Privacy Policy

This policy explains how personal data is handled when you use the Unveiling Black History Platform.

Last updated: 9 July 2026

1. Data controller

Unveiling Black History acts as the data controller for account data collected directly through the Platform. Where content is used within a school or trust, the school or trust acts as data controller for their pupils' data, and we act as a data processor on their behalf under a written Data Processing Agreement (DPA).

2. What we collect

  • Account information: name, email, organisation, role.
  • Licence and billing information: organisation name, purchase order references, invoice records.
  • Usage data: pages viewed, lessons opened, quiz completions and similar analytics needed to provide the service and improve content.
  • Support correspondence: messages you send us.

We do not knowingly collect special-category data through pupil accounts. Pupil accounts are provisioned by school staff and are limited to what is needed to deliver lessons and quizzes.

3. Lawful bases

  • Contract — to provide the service to you or your organisation.
  • Legitimate interests — to secure the Platform, prevent misuse and improve content quality.
  • Legal obligation — to comply with applicable law.
  • Consent — for optional communications, where required.

4. Retention

We retain account data for the duration of the active licence and for twelve months afterwards for audit, billing and legal purposes, unless a longer period is required by law. Retention periods for pupil data are set out in the DPA offered to schools and trusts.

5. Sharing and subprocessors

We use a small number of vetted subprocessors to host and operate the Platform (hosting, database, email, analytics, payment processing). A current list of subprocessors will be maintained and made available to schools on request. We do not sell personal data.

6. International transfers

Where personal data is transferred outside the UK/EEA, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or Standard Contractual Clauses.

7. Your rights

Under UK GDPR you have rights of access, rectification, erasure, restriction, portability and objection. Requests should be sent to the data protection contact below. Where a school or trust is the data controller, requests concerning pupil data should be raised with that school or trust in the first instance.

8. Cookies and analytics

We use a small number of strictly necessary cookies for authentication and session management, and privacy-respecting analytics to understand aggregate usage. A cookie notice will be provided at launch.

9. Data protection contact

Data protection enquiries should be sent to Karl Newton, Unveiling Black History — newtonwebdesign.co.uk@gmail.com.

10. Complaints

You have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.