Legal

Privacy Policy

Last updated: 16 May 2025 · Effective: 16 May 2025

1. Who We Are

BookMyInstructor ("we", "us", "our") is the data controller for personal data collected through bookmyinstructor.co.uk. We are committed to protecting your privacy and processing your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Contact: [email protected]

2. Data We Collect

We collect the following categories of personal data:

Category	Examples
Identity	Name, profile photo
Contact	Email address, phone number
Location	City, postcode
Professional (Instructors)	ADI licence number, qualifications, experience
Financial	Stripe customer ID, payment history (amounts, dates)
Usage	Pages visited, search queries, booking history
Communications	Messages sent through the Platform

We do not collect sensitive personal data (such as health information, racial or ethnic origin, or criminal records) unless you voluntarily provide it.

3. How We Use Your Data

We process your personal data for the following purposes and on the following legal bases:

Providing the Platform and processing bookings

Legal basis: Contract performance (Article 6(1)(b) UK GDPR)

Processing payments via Stripe

Legal basis: Contract performance

Sending booking confirmations, reminders, and notifications

Legal basis: Contract performance and legitimate interests

Displaying your profile to other users

Legal basis: Contract performance

Improving the Platform and analysing usage

Legal basis: Legitimate interests

Complying with legal obligations

Legal basis: Legal obligation (Article 6(1)(c) UK GDPR)

Marketing communications (where you have opted in)

Legal basis: Consent (Article 6(1)(a) UK GDPR)

4. Sharing Your Data

We share your personal data only in the following circumstances:

With Instructors/Learners: to facilitate bookings (e.g. your name and contact details are shared with the other party upon booking confirmation).
With Stripe: to process payments. Stripe's privacy policy applies to data they process.
With service providers: hosting, analytics, and email delivery providers acting as data processors under appropriate agreements.
With law enforcement or regulators: where required by law or to protect the rights, property, or safety of BookMyInstructor or others.
In a business transfer: if we sell or merge our business, your data may be transferred to the new owner.

We do not sell your personal data to third parties.

5. Data Retention

We retain your personal data for as long as your account is active or as necessary to provide our services. Upon account deletion, we will delete or anonymise your personal data within 30 days, except where we are required to retain it by law (e.g. financial records must be kept for 6 years under UK tax law). Message history is retained for 12 months after the last message.

6. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right of Access

Request a copy of the data we hold about you.

Right to Rectification

Request correction of inaccurate data.

Right to Erasure

Request deletion of your data ('right to be forgotten').

Right to Restriction

Request we limit how we use your data.

Right to Portability

Receive your data in a machine-readable format.

Right to Object

Object to processing based on legitimate interests.

Right to Withdraw Consent

Withdraw consent at any time where processing is consent-based.

Right to Complain

Lodge a complaint with the ICO (ico.org.uk).

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

7. Cookies

We use essential cookies to maintain your login session. We do not use advertising or tracking cookies. You can control cookies through your browser settings, but disabling essential cookies may prevent you from using the Platform.

8. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. All data is transmitted over HTTPS. Passwords are never stored; authentication is handled via OAuth. Payment data is processed entirely by Stripe and never stored on our servers.

9. International Transfers

Your data is stored on servers within the European Economic Area (EEA). Where we transfer data outside the EEA (e.g. to Stripe's US-based infrastructure), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or in-app notification. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact & Complaints

For privacy-related enquiries: [email protected]

If you are unhappy with how we handle your data, you have the right to complain to the UK Information Commissioner's Office (ICO): ico.org.uk · Helpline: 0303 123 1113