LearnCycle Limited Privacy Policy for Schools (January 2025)
1. Binding Agreement
This Privacy Policy constitutes a legally binding agreement between your institution (“School”, “you”, or “your”) and LearnCycle Limited regarding the collection, use, and protection of personal data.
By using LearnCycle Limited’s services, you acknowledge that you have read, understood, and agree to be bound by the terms outlined in this Privacy Policy.
The terms of this Privacy Policy are incorporated by reference into the Terms and Conditions between LearnCycle Limited and your institution. In the event of any conflict between this Privacy Policy and the Terms and Conditions, the terms of this Privacy Policy shall prevail with respect to data protection matters.
2. Definitions
For the purposes of this Privacy Policy:
Students: students and other non-adult end users who use the Service
Teachers: teachers, school staff, and other adult end users who use the Service
School / Customer: the educational institution that has entered into an agreement with LearnCycle Limited
School Data: data provided by the School, including MIS or school records
Usage Data: data collected during use of the Service
Service: all educational services and products provided by LearnCycle Limited
Data Controller: the School
Data Processor: LearnCycle Limited
3. Introduction
3.1 About LearnCycle Limited
LearnCycle Limited (company number 15311335) provides the Service.
Registered with the ICO: ZB741116.
3.2 Scope and Applicability
This Privacy Policy governs collection and processing of personal data in connection with the Service.
It applies to:
Schools
Students
Teachers
Use of the Service constitutes acceptance of this policy.
3.3 Policy Version and Updates
Published January 2025.
Compliant with UK GDPR and Data Protection Act 2018.
Substantial changes will be communicated with at least 30 days’ notice.
4. Roles and Responsibilities
4.1 Controller / Processor Relationship
Schools = Data Controller
LearnCycle Limited = Data Processor
4.2 School Responsibilities
Schools must:
ensure lawful basis for sharing data
provide accurate information
inform students/teachers/parents
handle rights requests
notify breaches promptly
notify processing changes
4.3 LearnCycle Responsibilities
LearnCycle will:
process only on School instruction
implement security measures
assist with rights requests
notify breaches
maintain confidentiality
support DPIAs
5. Legal Basis for Processing
Processing is based on:
Contractual necessity
Legitimate interests
Consent (including parental consent for under 13s)
6. Personal Data Processing
6.1 Student Data
Categories
Student School Data
name, gender, year group, class, DOB, UPN
optional demographic data
scans of student work
Student Usage Data
unique ID
assessment data
performance metrics
Students do not directly interact with the Service.
Purposes
Data is processed solely to:
deliver the Service
AI marking + reporting
apply anonymisation/pseudonymisation
provide support
improve the Service
measure effectiveness
perform administration
No other purpose without written school authorisation.
6.2 Teacher Data
Categories
Teacher School Data
name, role, email, classes
Teacher Usage Data
interaction metrics
email engagement
access patterns
feedback data
Purposes
Used to:
deliver the Service
manage accounts
provide usage insights
apply anonymisation
communications + support
AI routing of inquiries
product improvement
performance measurement
finance/admin
No additional use without school approval.
6.3 AI Processing
Use of AI
AI enhances marking and reporting.
Permitted Activities
analysing scanned work
handwriting transcription
assisted marking
feedback generation
Safeguards
human moderation
no training on student/teacher data
strict future training restrictions
purpose limitation
secure environments
regular bias/accuracy review
Transparency
Questions → see Section 14 contact details.
7. Additional Data Collection Channels
Contact via website/social media may share data with schools or third parties as necessary.
Social monitoring may occur for IP protection.
8. Data Sharing and Storage
8.1 Authorised Recipients
Student data may be shared with:
school teachers
MAT staff
LearnCycle staff
approved support companies
Teacher data may be shared with:
other teachers
MAT staff
LearnCycle staff
approved support companies
Support companies operate under GDPR-compliant contracts.
Anonymised data may be shared for research and development.
8.2 International Transfers
Transfers occur only via:
adequacy decisions
standard contractual clauses
binding corporate rules
explicit consent
Student data is not transferred outside the EEA unless:
necessary
school approved
safeguards implemented
9. Data Retention
Data retained during service use + up to 2 years after.
Then deleted or anonymised.
Anonymised data may be used for research/product development.
10. Cookies and Tracking
Cookies provide:
functionality
security
usage analytics
No advertising targeting.
Necessary cookies do not require consent.
Optional cookies require consent.
More info: www.aboutcookies.org
11. Data Subject Rights
Rights include:
being informed
access
rectification
erasure
restriction
portability
objection
protection from automated decisions
Requests should be directed to the School.
Complaints can be made to the ICO.
12. Data Security
Security Measures
Includes:
encryption
regular testing
confidentiality/integrity controls
backups
staff confidentiality
access controls
Breach Notification
LearnCycle will:
notify schools immediately
provide reporting info
document incidents
cooperate with authorities
Staff Training
All authorised staff receive data protection training.
13. Governing Law
Applicable law depends on school location:
England & Wales
Scotland
Northern Ireland