Data Protection and Compliance Policy
FastPass Education Limited
Last Updated: [June 2025]

1. Introduction

FastPass Education Limited (“FastPass”, “we”, “our”, or “us”) is committed to safeguarding the privacy and personal data of our clients, students, school partners, staff, and all stakeholders. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant privacy laws.

This policy outlines our responsibilities, procedures, and the rights of individuals under data protection law. It ensures all data is collected, processed, stored, and disposed of securely and lawfully.

2. Scope

This policy applies to:

  • All staff, contractors, and volunteers of FastPass Education Limited.

  • All data processing activities involving personal data of:

    • Students

    • Parents/guardians

    • School staff

    • Website users

    • Partner organisations

This policy covers all systems, people, and processes that involve data processing, including our website, workshops, CRM, and marketing communications.

3. Legal Framework

We adhere to the following regulations:

  • UK General Data Protection Regulation (UK GDPR)

  • Data Protection Act 2018

  • Privacy and Electronic Communications Regulations (PECR)

  • ICO Guidance and Codes of Practice

4. Data Protection Principles

Under UK GDPR, we commit to the following data protection principles:

  1. Lawfulness, Fairness and Transparency
    Data must be processed lawfully, fairly, and in a transparent manner.

  2. Purpose Limitation
    Data must be collected for specified, explicit and legitimate purposes.

  3. Data Minimisation
    Data collected must be adequate, relevant, and limited to what is necessary.

  4. Accuracy
    Data must be accurate and kept up to date.

  5. Storage Limitation
    Data should not be kept longer than necessary.

  6. Integrity and Confidentiality
    Data must be processed securely to protect against unauthorised access or loss.

  7. Accountability
    We are responsible for, and must be able to demonstrate, compliance with the above principles.

5. Personal Data We Collect

We may collect and process the following personal data:

  • Student data: name, email, school, academic year, career interests.

  • Parent/guardian data: name, contact details (if provided).

  • School staff: name, job title, work email, telephone.

  • Workshop feedback and attendance.

  • Website data: IP address, contact forms, newsletter subscriptions.

  • Application information: CVs, personal statements, or other submitted materials.

We do not knowingly collect special category data unless explicitly required and consented to (e.g., disability accommodations for workshops).

6. Lawful Basis for Processing

We rely on the following lawful bases for processing:

  • Consent: for marketing, newsletters, and optional services.

  • Contractual necessity: to deliver workshops and support services agreed with schools or individuals.

  • Legal obligation: for safeguarding or statutory reporting.

  • Legitimate interests: to evaluate and improve our services, unless overridden by individual rights.

7. Data Sharing and Third Parties

We will never sell personal data.

We may share data with trusted third parties, including:

  • CRM and email marketing platforms (e.g., SalesHandy, Mailchimp)

  • Workshop hosts and venues

  • Freelance coaches or mentors under NDA and data sharing agreement

  • Data storage providers (e.g., Google Workspace, Notion)

We ensure all third-party providers are GDPR-compliant and only process data in accordance with our instructions.

8. Data Security Measures

We implement appropriate technical and organisational measures to protect personal data, including:

  • Password-protected systems and encrypted cloud storage

  • Role-based access controls

  • Staff training in data protection and confidentiality

  • Regular risk assessments and data audits

  • Secure destruction of outdated records (both digital and paper)

9. Data Retention

We retain personal data only for as long as necessary for the purpose it was collected.

  • Student and school data: retained for up to 3 years after last contact, unless consent is withdrawn sooner.

  • Financial and contractual data: retained for 6 years for audit and compliance purposes.

  • Marketing data: retained until consent is withdrawn or the user unsubscribes.

After these periods, data is securely deleted or anonymised.

10. Individual Rights

Under UK GDPR, individuals have the following rights:

  • Right to be informed about data processing

  • Right of access to personal data (Subject Access Request)

  • Right to rectification of inaccurate or incomplete data

  • Right to erasure (“right to be forgotten”) under certain circumstances

  • Right to restrict processing

  • Right to data portability

  • Right to object to processing

  • Rights in relation to automated decision-making and profiling

To exercise any of these rights, contact:
📧 info@fastpass.org.uk

We will respond within one month of receiving your request.

11. Cookies and Website Tracking

We use cookies on our website to:

  • Analyse usage patterns (via Google Analytics)

  • Improve website functionality

  • Facilitate newsletter opt-ins

Users can manage cookie preferences via their browser or our website pop-up banner.

12. Data Breach Procedure

We follow a strict incident response process:

  1. Assess the nature and scope of the breach

  2. Contain and mitigate further risk

  3. Notify affected individuals and the ICO within 72 hours (if necessary)

  4. Document all findings and remedial steps

All breaches are logged and reviewed.

13. Staff Responsibilities

All employees, contractors, and volunteers must:

  • Handle data only for authorised purposes

  • Follow secure practices in storing, sharing, and disposing of data

  • Report suspected breaches immediately to the Data Protection Lead

14. Data Protection Officer (DPO)

For FastPass Education Limited, our designated Data Protection Lead is:

📍 Imran Reza
📧 imran@fastpass.org.uk

15. Complaints

If you believe your data has been handled inappropriately, contact our DPO in the first instance. If unresolved, you may lodge a complaint with:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
📞 0303 123 1113
🌐 https://ico.org.uk

Apprenticeships

Connecting students with expert online mentors today.

Learn

Achieve

info@fastpass.org.uk

© 2025. All rights reserved.

Privacy Policy
Terms and Conditions

Educating young people to succeed in the corporate world.

Educating