Privacy Policy

Effective date: 14/04/2026

  1. Introduction

Lifestyle First Limited (“LSF”, “we”, “us”, “our”) provides a digital platform for schools, including:

  • Educational content for students
  • Wellbeing surveys and self-reporting tools for students and staff

This Privacy Policy explains how we process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 

  1. Our Role

LSF operates primarily as a Data Processor.

This means:

  • Schools are the Data Controllers
  • We process personal data on behalf of schools and under their instructions

For limited purposes (e.g. business contacts), LSF may act as a Data Controller.

 

  1. What Information We Process

We do not collect personal data directly from students or parents. All personal data is provided by schools.

Personal Data may include:

  • Names (students, staff)
  • Class and school information
  • Usernames or identifiers
  • Email addresses (staff only)

Special Category Data:

  • Wellbeing survey responses
  • SEN flags (indicator only)

We do not collect detailed medical or diagnostic data.

This aligns with the principle of minimising sensitive data collection reflected in school privacy practices .

 

  1. How Information is Used

We process data only to provide our services to schools, including:

  • Delivering educational content
  • Enabling wellbeing surveys and reporting
  • Supporting safeguarding and pastoral care
  • Providing platform functionality

We do not use personal data for marketing or profiling.

 

  1. Legal Basis for Processing

The legal basis is determined by the school (Data Controller), typically:

  • Public task (education and safeguarding)
  • Legal obligation
  • Consent (where required, e.g. wellbeing surveys)
  • Legitimate interests

 

  1. How Data is Collected
  • Schools upload and manage all personal data
  • Students and staff input survey responses directly
  • LSF does not independently source personal data

Schools are responsible for:

  • Data accuracy
  • Informing parents, students, and staff

 

  1. Who Has Access to Data

Access is strictly controlled:

  • School Administrators
    • Full access to school data
  • Teachers
    • Access only to their class data
  • LSF
    • Limited access for support and maintenance only

Each school’s data is:

  • Fully segregated
  • Not accessible by other schools

 

  1. Analytics and Usage Data

We may collect anonymised usage data such as:

  • Video views
  • Music plays
  • Feature engagement

This data:

  • Cannot identify individuals
  • Is used to improve the platform and provide aggregated insights

 

  1. Data Sharing

We do not sell personal data.

We only share data:

  • On instruction from the school
  • Where legally required

Any external sharing is:

  • Anonymised wherever possible

 

  1. Third-Party Providers (Subprocessors)

We use trusted third-party providers (e.g. hosting, email services such as Cloudways, Bunny, Brevo).

All providers:

  • Are GDPR compliant
  • Are contractually bound to protect data
  • Only process data as required to deliver services

 

  1. How Long We Keep Data

We retain data:

  • In line with school instructions
  • According to agreed retention periods

When a school leaves the platform:

  • Data is provided to the school (if requested)
  • Then securely deleted

 

  1. Your Rights

Individuals (students, parents, staff) have rights under data protection law, including:

  • Access to their data
  • Correction of inaccurate data
  • Request deletion
  • Restrict or object to processing

Requests should normally be made via the school.

We support schools in fulfilling these rights.

 

  1. Data Security

We implement strong security measures, including:

  • Encryption of data
  • Secure hosting
  • Access controls
  • Regular monitoring

We ensure data is protected against:

  • Unauthorised access
  • Loss or misuse

 

  1. Data Breaches

If a data breach occurs, we will:

  • Notify the school without undue delay
  • Investigate and contain the issue
  • Support reporting to the Information Commissioner’s Office where required

 

  1. International Transfers

Data is primarily processed within the UK/EEA.

Where data is transferred outside these regions, we ensure:

  • Appropriate safeguards are in place

 

  1. Children’s Data

Our services are designed for use by schools.

We:

  • Process children’s data only under school authority
  • Apply enhanced safeguards
  • Minimise sensitive data collection

 

  1. Changes to this Policy

We may update this Privacy Policy from time to time.

The latest version will always be available:

  • On our platform
  • On our website

 

  1. Contact Us

If you have questions about this policy, please contact:

Lifestyle First Limited
[[email protected]]

You may also contact the Information Commissioner’s Office if you have concerns.