AECOM TECHNOLOGY CORPORATION LIMITED is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.

Introduction
AECOM TECHNOLOGY CORPORATION LIMITED (“we”, “our”, “us”) is committed to protecting your personal information and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your data when you use our services, website, or contact us. 

Information We Collect
We may collect the following types of information:
Personal details: Name, email address, phone number, billing address.
Payment information: Bank account details (processed securely via Direct Debit).
Educational details: Academic level, subjects of interest, learning goals.
Technical information: IP address, browser type, and website usage data.
Communication records: Messages, enquiries, or complaints submitted through our website or by email.

How We Use Your Information
We use your information to:
Provide one-on-one STEM tuition services.
Process fixed monthly subscription payments.
Manage bookings, cancellations, and rescheduling.
Communicate with you about sessions, billing, and service updates.
Improve our services and website.
Handle complaints, disputes, or enquiries.
Comply with legal and regulatory obligations.

Legal Basis for Processing
We process your data on the following lawful bases:
Contractual necessity: To deliver the services you have booked.
Consent: When you choose to provide optional information.
Legitimate interests: To improve our services and protect against misuse.
Legal obligation: To comply with tax, accounting, and regulatory requirements.

How We Share Your Information
We do not sell or rent your personal data. We may share information with trusted third parties strictly for the purposes described in this policy:
Payment providers – to securely process Direct Debit collections and manage billing.
Tutors/consultants – provided only with the minimum information necessary to deliver the agreed services.
IT and hosting providers – to operate and maintain our website, communication tools, and secure data storage.
Regulatory or legal authorities – where disclosure is required by law or regulation.
All third parties are contractually obliged to handle your information securely and in compliance with UK GDPR.

International Data Transfers
Where personal data is transferred outside the United Kingdom or European Economic Area, we ensure that adequate safeguards are in place. These may include:
The use of UK International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses (SCCs) approved by the UK government.
Requiring that overseas providers maintain data protection standards equivalent to those required in the UK.

Data Retention
We retain your personal information only for as long as is necessary for the purposes set out in this policy, or to comply with our legal and accounting obligations:
Billing and financial records – retained for up to six (6) years in line with HMRC requirements.
Educational and communication records – retained for up to twelve (12) months after the end of services unless required for ongoing support or disputes.
After these periods, data is securely deleted or anonymised.
 

Data Security
We implement appropriate technical and organisational measures to safeguard your personal data, including:
Secure servers and encrypted databases.
Access controls restricting data to authorised staff only.
Regular monitoring and review of security practices.
While we take all reasonable steps to protect your information, no system can be guaranteed to be 100% secure.
 

Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
Access – to request a copy of the personal data we hold about you.
Rectification – to request correction of inaccurate or incomplete data.
Erasure – to request deletion of your personal data (“right to be forgotten”).
Restriction – to limit how your data is processed.
Portability – to receive your data in a structured, commonly used format.
Objection – to object to processing based on legitimate interests.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Website: www.ico.org.uk
Helpline: 0303 123 1113

Cookies & Tracking Technologies
Our website uses cookies and similar technologies to improve user experience, analyze site performance, and deliver relevant content. Cookies are small text files placed on your device when you visit our website.
We use the following types of cookies:
Strictly Necessary Cookies – required for the operation of our website (e.g., login sessions, security).
Performance Cookies – help us understand how visitors use our site and improve functionality.
Functional Cookies – allow us to remember your preferences (e.g., language or region).
Analytics & Tracking Cookies – enable us to measure website traffic and usage trends.
You can control or disable cookies through your browser settings. Please note that disabling cookies may affect certain site features.

Privacy Settings
You have the right to control how your data is used online. On our website, you may:
Accept or reject non-essential cookies via your browser or device settings.
Withdraw your consent for optional data collection at any time by contacting us.
Adjust privacy preferences if cookie banners or settings panels are provided.
For further details on managing cookies, please visit www.aboutcookies.org. 

Policy Updates
We may update this Privacy Policy from time to time to reflect changes in law, regulation, or our services. The updated version will always be posted on this page with a revised “Last Updated” date. We encourage you to review this policy periodically.                                                           Last Updated: 21 August 2025.