Bywater Kent Support Services Limited
This Privacy Policy explains how Bywater Kent Support Services ("we", "our", or "us") collects, processes, and protects personal data in accordance with applicable laws, including the UK Data Protection Act 2018 (DPA 2018) and the UK General Data Protection Regulation (UK GDPR) as amended by the Data (Use and Access) Act 2025.
We provide HR consultancy and Data Protection Officer (DPO) services mainly within the education sector. This policy applies to the personal data we collect and process while delivering these services, including through our website and online client portal. It outlines how we ensure compliance with data protection principles.
Bywater Kent Support Services Limited
Email: dpo@bywaterkent.co.uk
For any questions or concerns about this Privacy Policy or your personal data, please contact us at the details provided above.
We process the following types of personal data as part of our services to schools, childcare providers, and other businesses that mostly support the education sector:
We process personal data in compliance with the UK GDPR, relying on the following lawful bases:
We use personal data for the following purposes:
When you visit our website or use our online client portal, we may collect personal data in order to provide you with our services, respond to enquiries, or ensure the functionality of the portal. This includes:
We use Rybbit Analytics, a privacy-focused, cookieless analytics service to understand how visitors use our website. This service:
By using our website, you consent to the use of Rybbit Analytics in accordance with this Privacy Policy.
Legal basis: Legitimate interests (improving our website and services).
We use cookies and similar tracking technologies to enhance the functionality and user experience of our website and client portal. Cookies help us:
Important: We only use essential cookies that are strictly necessary for our client portal to function. We do NOT use performance cookies, functional cookies, or targeting/advertising cookies. Our analytics service (Rybbit) is completely cookieless.
You can obtain up-to-date information about blocking and deleting cookies via these links:
Please note that blocking essential cookies may prevent you from logging into the client portal.
We will retain personal data only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal, regulatory, or contractual requirements. Once personal data is no longer needed, it will be securely deleted or anonymised.
For security and service improvement purposes, we maintain activity logs of client portal usage, including:
Retention Period: Activity logs are automatically deleted after 30 days to comply with data minimisation principles under GDPR.
Purpose: These logs help us monitor security threats (e.g., unauthorised access attempts), improve our services, and provide support to clients.
We may share personal data with third-party service providers who assist us in delivering our services, such as IT providers, cloud storage services, and legal advisors. These third-party processors will only process personal data in accordance with our instructions and in compliance with data protection laws.
We will never sell, rent, or otherwise share your personal data with third parties for marketing purposes.
We use ProductDyno, a course delivery and digital content platform provided by PromoteLabs, to host and manage our online training courses. When you enrol on or access any online course delivered by Bywater Kent Support Services Ltd, your name, email address, login details, course activity, and progress information will be processed within the ProductDyno system for the purpose of providing access to the course and managing your learning experience.
PromoteLabs (ProductDyno) acts as a data processor on our behalf. They process personal data solely for the purpose of providing the ProductDyno service and only in accordance with our overall instructions as the data controller, as required under the UK GDPR.
You can view PromoteLabs' Privacy Policy here: https://promotelabs.com/privacy-policy/
We process personal data within the United Kingdom and European Union. Our website analytics data is processed and hosted within the EU (Germany) by Rybbit Analytics, which is fully GDPR compliant.
When you submit our contact form, your enquiry is delivered via Resend, an email service based in the United States. Resend is fully GDPR compliant and processes this data solely to deliver your message to us. They operate under appropriate data protection safeguards including Standard Contractual Clauses (SCCs) for EU-US data transfers.
If we need to transfer personal data to other third countries in the future, we will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs), to protect the data in accordance with data protection law.
Under the UK GDPR, you have the following rights in relation to your personal data:
To exercise these rights, please contact us using the contact information provided above.
We implement appropriate technical and organisational measures to ensure the security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction, or damage.
We may update this Privacy Policy from time to time to reflect changes in our services, business practices, or legal requirements. Any updates will be posted on our website with the effective date of the changes. We encourage you to review this Privacy Policy periodically.
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.
If you remain unhappy with how we've used your data after raising a complaint with us, you can also complain to the ICO.
The ICO's address:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113