Privacy Policy

1. Who is the Data Controller?

Kids in Techs UK Ltd is the designated Data Controller for all personal information gathered via our digital services. If you have any inquiries regarding our data handling procedures, you may contact our Compliance Team:

2. What Information Do We Collect?

We only collect information necessary to coordinate educational workshops, provide active student logins, and clear bank-wire registration statements.

• Parent / Guardian Data: Names, contact email addresses, mobile telephone numbers, and account credentials (usernames and hashed passwords).
• Student / Child Data: Student usernames, custom avatar pictures (optional profile photos), and course completion history. We collect minimal child data under parental guidance.
• Transaction & Billing Data: Records of workshop seat bookings, pricing metrics, bank reference codes (e.g. reference identifiers), and bank receipt proof uploads. We do not store or process debit/credit card details directly.
• Technical Logs: IP addresses, browser types, and session tokens generated when logging into the Student, Tutor, or Administrative portals.

3. Our Lawful Bases for Processing

Under the UK GDPR, we rely on the following lawful bases to process your personal data:

1. Contractual Necessity: To process course bookings, verify payments, grant access to unlocked PDF study guides, and issue verified completion certificates and gate admission passes.
2. Consent: For custom child profile avatar photo uploads, parents explicitly consent when uploading files via their secure portal profile settings. Consent can be withdrawn instantly by deleting the avatar photo.
3. Legal Obligation: For financial corporate records, tax reporting, and audit verification as required by HMRC and United Kingdom corporate guidelines.
4. Legitimate Interests: To monitor portal security, prevent unauthorized login attempts, and optimize class syllabus configurations.

4. Data Retention and Security

We employ robust security practices to safeguard all collected personal data:

• All databases are protected with SQLite PDO prepared statements to defend against SQL injections.
• Account passwords are secure and irreversibly hashed using standard BCrypt logic before storage.
• Profile pictures and uploaded receipt files are stored in restricted access folders with random, time-stamped filenames.
• We retain parent account details as long as the account remains active. Transaction statements and registration histories are retained for up to 6 years following the financial year-end to comply with UK accounting laws.

5. Your Legal Rights Under UK GDPR

As a UK resident, you hold complete autonomy over your personal data under the Data Protection Act 2018. Your rights include:

• Right of Access (Subject Access Request): You have the right to request copies of your personal data stored in our databases.
• Right to Rectification: You can edit parent/student emails, usernames, and passwords at any time via the **Edit Profile** portal settings.
• Right to Erasure ("Right to be Forgotten"): You may request that we delete all your account history, subject to our statutory UK financial record keeping obligations.
• Right to Restrict or Object to Processing: You may object to data processing for marketing or profiling objectives.
• Right to Data Portability: You can request a structured copy of your dashboard history.

To exercise any of these rights, please submit an explicit email to **hello@kidsintechs.co.uk**. We will respond to all verified requests within one calendar month, free of charge.

6. Right to Lodge a Complaint with the ICO

If you believe we have processed your personal data in an unlawful manner, we encourage you to contact us immediately to resolve the issue. However, you retain the absolute right to lodge a formal complaint with the UK supervisory authority: