Your privacy and security whilst browsing our site and during the period you use our services is very important. Please read below how we use customer information and feel free to get in touch if you need any clarification.

1. The categories of customer information that we collect and hold


  • Parent/legal guardian information

    • Personal information - name, address, phone number(s), e-mail address

    • Finance information – bank details (as provided by you during BACS payments)

    • Personal information of alternative emergency contact person - name, address, phone number(s), e-mail address

  • Pupil information

    • Personal information - name, address, school attending

    • Characteristics - gender, date of birth/age

    • Health information – medical/behavioural conditions, allergies, medication, doctor's name, address & contact numbers

    • Attendance information – lessons attended, number of absences, absence reasons

    • Incident information – incident reports (where applicable)

2. Why we collect and use this information


  • We use the parent/guardian information for the purposes of:

    • General communication

    • Providing operational information

    • Promoting our services

  • We use the pupil information for the purposes of:

    • Supporting pupil learning and development

    • Monitoring and reporting on pupil progress

    • Assessing the quality of our services

    • Safeguarding and promoting the welfare of pupils

    • Ensuring pupil’s health and safety


3. The lawful basis on which we use this information


  • We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

    1. Where we need to perform the contract we have entered into with you or to process your application as a prelude to entering into a contract with you;

    2. Where we need to comply with a legal obligation;

    3. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;

    4. Where we need to protect your interests (or someone else's interests);

    5. Where it is needed in the public interest.

  • We may also process special categories of personal information in the following circumstances:

    1. In limited circumstances, with your explicit written consent;

    2. Where we need to carry out our legal obligations and in line with our Data Protection Policy;

    3. Where it is needed in the public interest, such as for equal opportunities monitoring and in line with our Data Protection Policy;

    4. Where it is needed to assess capability on health grounds and/or health and safety considerations, subject to appropriate confidentiality safeguards.


4. Collecting pupil information


The information provided by customers is given to us on a voluntary basis. We will collect additional personal information in the course of service-related activities throughout the period of you being a customer.


If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you or we may be prevented from complying with our legal obligations (such as health and safety).

5. Storing customer information


We hold customer data on a secure database that is hosted by Google G Suite services. Access is restricted to authorised individuals.

6. Who we share customer information with and why


We routinely share customer data with:


  • Our workshop managers

  • Our administrative staff


In addition, our IT support/database developer has access to the database for maintenance purposes.


We do not share customer data with any other third parties nor transfer information outside the EU.

7. How long will customer information be held?


We hold customer data for 6 years from the end of the company financial year in which a customer ceases to be a paying customer. This provides a contingency should customers return to us within that timescale, as well as being necessary for accounting purposes.


Should a customer not return to us within that timescale, then we securely delete customer data from our database.


You may, of course, request that we delete your data at any time after a 12 month period once you have ceased to be a paying customer, with the exception of data which must be held for accounting purposes.


8. Customer rights


Under data protection legislation, parents/legal guardians and pupils have the right to:


  • Make a request for access to the personal information that we hold about them;

  • Object to the processing of their personal information that is likely to cause, or is causing, damage or distress;

  • Have inaccurate data rectified, erased or restricted;

  • Withdraw consent to the processing of their personal data;

  • Prevent processing for the purpose of direct marketing.


If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Contact details are shown below.


Alternatively, you can contact the Information Commissioner’s Office at

9. Identity and contact details of the Data Controller


Georgios Gotsinas trading as Yellow Brick Lab is the Data Controller and is committed to protecting the rights of individuals in line with the Data Protection Act 1998 (DPA) and the General Data Protection Regulation (GDPR).


10. Contact


If you would like to discuss anything in this Privacy Notice, please contact:


Georgios Gotsinas

Yellow Brick Lab

2, Hurstbeech Close


West Sussex BN6 9FP