Privacy Matters, Our Commitment to Protecting Your Data

Last updated on June 03, 2025


1. Who We Are and the Purpose of This Privacy Notice

We are Cortex Online Academy (the “ School”), a UK-based online homeschooling provider delivering education remotely to pupils. The School operates in accordance with applicable education, safeguarding, and data protection laws.

This Privacy Notice explains how we collect, use, store, and otherwise process personal data relating to:

  • Current, former, and prospective pupils; and
  • Parents, carers, or legal guardians of pupils (referred to in this Notice as “parents”).

This Privacy Notice does not apply to School employees or contractors, who are provided with a separate privacy notice relating to staff data.

This Notice should be read together with any other information we provide about specific uses of personal data and in addition to our other policies and documents, including:

  • Any agreement between the School and parents;
  • Our policy on taking, storing, and using images and recordings of children;
  • Our Data Retention Policy;
  • Our Data Protection Rights Policy;
  • Our Cookies Policy;
  • Our safeguarding, pastoral, health, and safety policies (including how concerns and incidents are recorded and managed); and
  • Our IT, online learning platform, and acceptable use policies.

We may update this Privacy Notice from time to time to reflect changes in law, regulatory guidance, or best practice. Any updates will be made available through appropriate channels.

2. What Information Is Collected About Pupils and Parents/Carers


The School may process a range of personal data, including (where relevant):

  • Names and contact details (such as postal address, email address, and telephone number) of pupils, parents, guardians, fee payers, and emergency contacts;
  • Pupil details including date and country of birth, nationality, ethnicity, gender, country of residence, and, where required, passport or national identity details;
  • Information relating to a pupil’s education history, including previous education providers, courses studied, dates of study, attendance records, behavioural records, safeguarding information, and examination results;
  • Academic information such as assessments, progress data, reports, learning plans, and timetables;
  • Information relating to pupils’ health, medical conditions, disabilities, special educational needs (SEND), and any relevant family or living circumstances;
  • Safeguarding and child protection records;
  • Correspondence with or about pupils and parents (past and present);
  • References provided to or received from previous schools, education providers, or relevant professionals;
  • Financial information relating to fees, payments, bursaries, scholarships, and (where legally required) source-of-funds or anti-money laundering checks;
  • Information required to support appropriate pastoral, welfare, or medical care, including where relevant to assessing eligibility for financial assistance; and
  • Images, audio, or video recordings of pupils participating in School activities, taken and used in accordance with our images of children policy.

Where appropriate, we anonymise, aggregate, or pseudonymise personal data so that it no longer identifies individuals. Such data may be used for research, evaluation, statistical analysis, and service improvement purposes and may be shared with third parties in anonymised form.

3. How the School Collects Information

In most cases, the School collects personal data directly from pupils or parents. However, we may also receive personal data from third parties or public sources.

The primary ways we collect personal data include:

  • Information provided during the admissions, registration, and enrolment process;
  • Information generated during a pupil’s time at the School, including academic progress, attendance, engagement, behaviour, and safeguarding records;
  • Information received from previous schools or education providers;
  • Information received from statutory bodies, regulators, or local authorities;
  • Information provided by third parties in connection with a pupil’s right to receive education or eligibility for funding, bursaries, or scholarships; and
  • Information collected through access to and use of our website, online learning platforms, and digital education tools.

4. Why the School Needs to Process Personal Data

The School’s primary purpose for processing personal data is to deliver education, support pupils’ learning and development, and ensure pupil welfare and safeguarding.

Some processing is necessary for the performance of a contract between the School and parents or pupils.

Other processing is carried out in accordance with the School’s legitimate interests, provided these are not overridden by the rights and freedoms of individuals. These legitimate interests include:

  • Managing pupil admissions and verifying the identity of pupils and parents;
  • Conducting identity, credit, or source-of-funds checks where required;
  • Delivering education services (including online, remote, or technology-assisted learning, including AI-supported tools where used in accordance with School policy);
  • Monitoring academic progress, engagement, and educational needs;
  • Communicating with parents regarding pupil progress, wellbeing, and development;
  • Organising meetings, online events, assessments, and educational activities;
  • Maintaining relationships with former pupils and the wider School community;
  • Planning, forecasting, research, and statistical analysis;
  • Promoting equality, diversity, and inclusion;
  • Monitoring and improving the quality, effectiveness, and management of the School;
  • Enabling oversight by relevant authorities where required;
  • Providing references and transferring information to other education providers or employers, where appropriate;
  • Managing fees, payments, and debt recovery;
  • Facilitating participation in examinations or assessments and publishing results or achievements;
  • Safeguarding pupils’ physical and emotional wellbeing and providing pastoral care;
  • Monitoring use of School IT systems in accordance with acceptable use policies;
  • Using pupil images for internal administrative purposes;
  • Preventing and detecting crime and supporting investigations;
  • Meeting regulatory, immigration, or compliance requirements where applicable;
  • Handling complaints, disciplinary matters, or investigations;
  • Promoting the School to prospective families; and
  • Obtaining professional advice, insurance, and legal support.

The School also processes personal data to comply with its legal obligations, including safeguarding duties, regulatory requirements, and record-keeping obligations.

We may additionally process personal data where:

  • It is necessary to protect the vital interests of a pupil or another person;
  • It is necessary for the establishment, exercise, or defence of legal claims; or
  • We have obtained consent, where required (for example, certain external uses of pupil images).

Special Category and Criminal Records Data

The School may process special category personal data (such as health, SEND, ethnicity, or safeguarding information) or criminal records data where permitted by law, including to:

  • Safeguard pupils and provide pastoral or medical care;
  • Respond to emergencies or incidents;
  • Make reasonable adjustments for disabilities or special educational needs;
  • Comply with public health requirements;
  • Support complaints, disciplinary, or safeguarding processes; and
  • Meet legal and regulatory obligations.

5. Who Personal Data May Be Shared With

Processing by Third Parties

Most personal data is processed internally by authorised School staff on a need-to-know basis. However, we use third-party data processors to support functions such as IT systems, cloud storage, online learning platforms, accounting, communications, and monitoring. All such processing is subject to contractual safeguards.

Data Sharing

We may share personal data with:

  • Health and education professionals;
  • Service providers and contractors;
  • Government bodies, local authorities, and regulators;
  • Examination boards and assessment providers;
  • Scholarship or bursary organisations;
  • Other schools or education providers (including destination schools);
  • Professional advisers (such as lawyers, insurers, and accountants);
  • Courts or debt collection agencies where necessary; and
  • Third parties involved in a merger, sale, or restructuring of the School.

Local Authorities and Regulators

We may share information with local authorities or regulators where required, including in relation to children educated outside traditional school settings. Only the minimum necessary data will be shared.

International Data Transfers

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR.

Marketing Activity

The School may use parents’ contact details for marketing communications based on legitimate interests or consent, where required. You have the right to object to such processing at any time.

6. How Long the School Keeps Personal Data

We retain personal data securely and only for as long as necessary for lawful purposes, including educational delivery, safeguarding, and regulatory compliance. Further details are set out in our Data Retention Policy.

Certain academic records may be retained for longer periods for archiving, research, or statistical purposes, with appropriate safeguards and access controls in place.

7. Keeping in Touch and Supporting the School

When pupils leave the School, they may become part of our alumni community. Relevant personal data may be transferred to alumni records to keep individuals informed about School updates and events.

You may withdraw consent or object to direct marketing at any time. We may retain minimal information to ensure communication preferences are respected.

8. Your Personal Data Rights

Under UK GDPR, you have the right to:

  • Access your personal data;
  • Request correction of inaccurate data;
  • Request erasure in certain circumstances;
  • Restrict processing;
  • Request data portability; and
  • Object to certain types of processing.

These rights are not absolute and may be subject to legal exemptions. We aim to respond to requests within statutory time limits.

To exercise your rights or raise data protection concerns, please contact:
📧 dpo@cortexonlineacademy.net

You also have the right to complain to the Information Commissioner’s Office (ICO) or another relevant Data Protection Authority.


10. Contact Details and Complaints

If you have any questions, concerns, or wish to exercise your data protection rights, please contact us at:

Email: privacy@cortexonlineacademy.net

You also have the right to raise a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters:

Website: www.ico.org.uk

If you contact our appointed representative or a supervisory authority, please ensure that you include our organisation name (Cortex Online Academy) in any correspondence to allow your enquiry to be handled efficiently.

You also have the right to lodge a complaint with a Data Protection Authority in the country where you live, work, or believe a data protection breach has occurred.

Last Updated: January 2026