Privacy Policy

For the purposes of the UK GDPR and the Data Protection Act 2018, IB Doctor Limited is the "data controller" of your personal data.

• Company Name: IB Doctor Limited
• Company Number: 13923605
• Registered Office: 27 Old Gloucester Street, London, England, WC1N 3AX
• Email: hello@ibdoctor.co.uk
• Phone: +44 7418 608857

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: hello@ibdoctor.co.uk
• Address: 27 Old Gloucester Street, London, England, WC1N 3AX

We may update this Privacy Policy from time to time. Any changes will be posted on this page, and where appropriate, notified to you by email. Please check back frequently to see any updates or changes.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

We may collect, use, store, and transfer different kinds of personal data about you, including:

• Identity Data: First name, last name, username or similar identifier, date of birth, gender.
• Contact Data: Billing address, delivery address, email address, telephone numbers.
• Financial Data: Payment card details and transaction history.
• Profile Data: Username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
• Usage Data: Information about how you use our Website and Services.
• Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties, and your communication preferences.
• Technical Data: Internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform.

We do not intentionally collect any special categories of personal data about you (such as details about your race, religious beliefs, sexual orientation, health information, etc.). If you voluntarily provide such information to us, it will be subject to this Privacy Policy.

You may provide personal data when you:

• Register for an account on our Website.
• Purchase our Services.
• Subscribe to our newsletters.
• Request marketing materials to be sent to you.
• Complete surveys or provide feedback.
• Contact us via email, phone, or otherwise.

As you interact with our Website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data using cookies, server logs, and other similar technologies.

We may receive personal data about you from various third parties:

• Technical Data from analytics providers such as Google Analytics.
• Contact, Financial, and Transaction Data from providers of technical, payment, and delivery services.

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Performance of Contract: Where we need to perform the contract we are about to enter into or have entered into with you.
• Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Legal Obligations: Where we need to comply with a legal or regulatory obligation.
• Consent: Where you have given consent to process your personal data for a specific purpose.

We may use your personal data for the following purposes:

• To Register You as a New Client: Identity Data, Contact Data.
• To Process and Deliver Your Order: Identity Data, Contact Data, Financial Data, Transaction Data.
• To Manage Your Account and Provide Customer Support: Identity Data, Contact Data, Profile Data.
• To Improve Our Services and Website: Technical Data, Usage Data.
• To Administer and Protect Our Business and Website: Technical Data.
• To Deliver Relevant Website Content and Advertisements: Identity Data, Contact Data, Profile Data, Usage Data, Marketing and Communications Data, Technical Data.
• To Make Suggestions and Recommendations About Services That May Interest You: Identity Data, Contact Data, Technical Data, Usage Data, Profile Data.

We do not engage in automated decision-making processes that produce legal or similarly significant effects on you. If we implement such processing in the future (e.g., for tutor-student matching or session prioritization), you will be notified and provided with the option to request human intervention and contest the decision, in accordance with your rights under UK GDPR.

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. You can manage your marketing preferences by contacting us at hello@ibdoctor.co.uk.

You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us.

We may share your personal data with the following parties:

• Service Providers: Companies that provide services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.
• Professional Advisors: Lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
• Regulatory Authorities: HM Revenue & Customs, regulators, and other authorities who require reporting of processing activities in certain circumstances.
• Third Parties: Third parties to whom we may choose to sell, transfer, or merge parts of our business or assets.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

We use trusted third-party providers to deliver certain features and functionalities of our Services, such as payment processing, session hosting, and analytics. These providers include, but are not limited to, Stripe (payment processing), Lessonspace (online tutoring sessions), and Google Analytics (website usage analysis). Each of these providers is contractually required to protect your data in accordance with applicable data protection laws and our own standards.

All third-party service providers who process personal data on our behalf are subject to written data processing agreements. These agreements ensure that such providers implement appropriate security measures, act only on our instructions, and comply with UK GDPR requirements to protect your personal data.

We do not routinely transfer your personal data outside the UK. If we do, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• Transferring to countries that have been deemed to provide an adequate level of protection for personal data by the UK.
• Using specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorized way. These measures include:

• Technical Measures: Encryption, secure servers, firewalls, and SSL technology.
• Organizational Measures: Limiting access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.

We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator where we are legally required to do so.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your personal data, and whether we can achieve those purposes through other means.

To improve transparency, we provide the following examples of how long we retain certain data:

• Account information (e.g., name, email): retained for up to 6 years after your last interaction with us.
• Payment and transaction data: retained for 6 years to comply with financial regulations.
• Inactive accounts: deleted after 12 months of inactivity.

These periods may be extended if necessary for legal, regulatory, or dispute resolution purposes.

Under certain circumstances, you have rights under data protection laws in relation to your personal data:

• Right to Access: Request access to your personal data.
• Right to Rectification: Request correction of incomplete or inaccurate data.
• Right to Erasure: Request deletion of your personal data.
• Right to Restrict Processing: Request suspension of processing your personal data.
• Right to Data Portability: Request transfer of your personal data to you or a third party.
• Right to Object: Object to processing of your personal data where we are relying on legitimate interests.
• Right to Withdraw Consent: Withdraw consent at any time where we are relying on consent to process your personal data.

If you wish to exercise any of the rights set out above, please contact us at hello@ibdoctor.co.uk.

You will not have to pay a fee to access your personal data or exercise any other rights. However, we may charge a reasonable fee if your request is unfounded, repetitive, or excessive.

We may need to request specific information from you to confirm your identity and ensure your right to access your personal data or exercise any other rights.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer if your request is complex or you have made several requests.

Our Website uses cookies and similar technologies to enhance your browsing experience, analyse traffic, and personalise content. By using our Website, you consent to our use of cookies. For detailed information on the types of cookies we use and how you can manage your preferences, please refer to our Cookie Policy.

Our Website may include links to third-party websites, plug-ins, and applications. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

Our Services are intended for individuals aged 16 and above. If you are under 18, you must ensure that you have obtained parental or guardian consent before using our Services. We do not knowingly collect personal data from children without appropriate consent. If we become aware that personal data has been collected from a minor without parental consent, we will take reasonable steps to delete such information. Parents or guardians with concerns should contact us at hello@ibdoctor.co.uk.

We reserve the right to update this Privacy Policy at any time. Any changes will be posted on this page with an updated revision date. Where appropriate, we may notify you by email.

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

If you are not satisfied with our response to any complaint or believe our processing of your personal data does not comply with data protection law, you can make a complaint to the Information Commissioner's Office (ICO):

• Personal Data: Any information relating to an identified or identifiable individual.
• Processing: Any operation performed on personal data, such as collection, use, storage, and disclosure.
• Data Controller: The person or organization that determines the purposes and means of processing personal data.