GDPR Compliance Statement

Business Name: Thrive Dyslexia
Website: www.thrive-dyslexia.co.uk
Effective Date: 20 February 2025
Contact Email: info@thrive-dyslexia.co.uk
Data Controller: Thrive Dyslexia / Natalie Alderton

1. Our Commitment to GDPR

Thrive Dyslexia is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We value the privacy of our clients and website visitors and strive to ensure that all personal data is handled lawfully, transparently, and securely.

2. What Personal Data We Collect

We may collect the following data depending on your interaction with our services:

  • Name, address, email, and phone number

  • Child's name, age, and education information (if applicable)

  • Medical or diagnostic details (e.g. dyslexia-related assessments)

  • Payment and billing details (handled by secure third-party processors)

  • IP address, browser information, and session data via cookies

We only collect data that is necessary for the delivery of our services or to meet legal obligations.

3. Legal Basis for Processing

Under the UK GDPR, we must have a lawful basis for processing your data. Thrive Dyslexia may rely on:

  • Consent – when you have clearly agreed to our use of your data

  • Contractual obligation – when processing is necessary to deliver a service

  • Legal obligation – for safeguarding, recordkeeping, or tax purposes

  • Legitimate interest – for improving services and business operations

You can withdraw consent at any time by contacting us.

4. How We Use Your Data

We use your personal data to:

  • Provide educational, consultation, and support services

  • Manage bookings, communication, and billing

  • Monitor and improve the user experience on our website

  • Comply with safeguarding and professional obligations

We do not use personal data for automated decision-making or profiling.

5. Data Sharing

We only share data when necessary and with appropriate safeguards:

  • With educators, assessors, or therapists (with consent)

  • With payment providers (e.g. Stripe, PayPal)

  • With regulatory bodies if required by law (e.g. safeguarding disclosures)

  • With IT or admin support partners under strict confidentiality agreements

We do not sell or trade personal data.

6. Data Retention

We only retain personal data for as long as necessary:

  • Client records: up to 7 years after the end of service

  • Financial and tax records: at least 6 years

  • Enquiry emails and contact form submissions: up to 12 months

  • Mailing list data: until you unsubscribe

7. Your Rights Under GDPR

You have the right to:

  • Access your personal data

  • Correct or update inaccurate data

  • Request erasure (the "right to be forgotten")

  • Restrict or object to certain types of processing

  • Request data portability (in some cases)

  • Withdraw consent at any time

  • Lodge a complaint with the ICO (Information Commissioner's Office)

8. Data Security

We take data protection seriously. Measures include:

  • Secure systems with password-protected access

  • Encrypted communications where appropriate

  • Regular data audits and reviews

  • Staff awareness of GDPR obligations

9. Contact Information

If you have any questions or concerns about how we handle your data, please get in touch:

Thrive Dyslexia
Email: info@thrive-dyslexia.co.uk
Phone: 07790025431
Website: www.thrive-dyslexia.co.uk

You also have the right to contact the ICO at www.ico.org.uk or by calling 0303 123 1113.