Step One GDPR Privacy Policy

Your privacy is very important to us. We want you to be confident that the information you give us when using our site is safe and secure. In this Privacy Policy we’ll explain how we use it to give you the best, most secure experience.

We’ll also tell you how and why we collect your personal data that you or your school provides to us in relation to the education and careers assessment programs that we offer to students. It also explains your rights and choices when it comes to these details, as well as the steps we take to keep it secure and confidential.

Updated: 23rd May 2018

What this Privacy Policy covers

This is the Privacy Policy for Step One Ltd, our related tools and Forum (the “Site”). Our Privacy Policy explains:

  • The personal information we collect
  • How and why we collect and use your personal information
  • Why we process your personal information
  • When and why we will disclose your personal information to your school
  • The rights and choices you have when it comes to your personal information
  • The steps we take to ensure your information is kept secure and confidential
  • How long we will hold your information for, and
  • How to contact us.

  1. Personal information we collect
    1. For Students:
      When you participate in Step One’s assessment programs, you must provide us with your email address so that Step One can enable you to complete your assessments and to access the resulting reports, within your own secure Step One webspace. When you register to use our personalised tools, you or your parent may provide us with: Your personal details, possibly including without limitation your name, billing address, email address, school year group or grade. If your parent chooses to pay via PayPal, you should refer to PayPal’s Privacy Policy for more information. When you register for certain products via forms on our Site you may provide us with: Your personal details, including your email address, name and school details. We do not collect information via browsers or make use of cookies for this purpose.
    2. For Customers eg. Schools:
      Direct interactions. You may give us your personal information when meeting us at events or by filling in forms on our website or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you purchase our products, subscribe to our newsletter or other publications, request marketing to be sent to you or give us some feedback.
  2. How we collect and use your personal information:
    We collect your information through your registering to use our services online either independently or via a school. We use the personal information you give us to enable you to take our assessments and then to formulate and send you a personal guidance report that will help you to understand your strengths and skills and to make the best future educational or vocational decisions
  3. Why do we process your personal information?
    Your personal information is used to deliver a personal guidance package for you – this could be one of a number we work with; for example InterQuest, Prospero, Aspire, Pioneer. Information is processed through European based servers working with Step One and Cambridge Occupational Analysts and the Just Host server based in the USA.
  4. Use of personal information:
    We only process personal information if a student has agreed to take part in Step One’s guidance assessments either through their school paying for this service or their parents paying for this service. This information is only used to enable us to deliver personalized guidance and advice to students.
  5. Disclosure of your personal information to other organisations:
    We do not disclose your personal information to organisations other than Cambridge Occupational Analysts (COA) who process some reports including InterQuest are responsible for processing yours. You may view COA’s privacy policy on their website. Your school may be responsible for ensuring you receive your report in hard copy format as these are usually sent to your school, and your school will ensure you receive your report. Online reports are accessed through your own personal and secure Step One webspace.
  6. Data Security:
    We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees or agents who have a need to know: for example if you are having an interview, your Guidance Advisor would need to see your information.
  7. How long will Step One keep your personal information?
    We will not keep your personal information for longer than is necessary but, in case you want us to provide follow-up services to you at a later date, we will keep your personal information for a certain number of years after you have completed the program. The number of years will depend on the program but usually is no longer than 6 years. We may anonymise (make anonymous) the results of your assessment and keep indefinitely to aid research and analyse career and education trends. If you prefer that we didn’t keep your information over this period of time, please let us know (see section 11 below for contact details). We will not disclose the results of your assessment program to your parent or guardian if you write to us and ask us not to (in which case, any such disclosure will be a matter for you to decide with your school).
  8. How you can change permissions:
    Your privacy is of huge importance to us. All emails or other forms of communication directly from us to you will be timely and relevant to your use of our services. Other communications will include clear instructions on how to unsubscribe. Plus, if you don’t want to be contacted by us you can email Section 9 below also sets out your other information rights.
  9. Your information rights and responsibilities:
    1. You already have certain rights under existing data protection legislation, including a right to request a copy of the personal information we hold on you, if you request it in writing. From 25 May 2018 you will have the following rights:
      1. Right to correct: the right to have your personal information rectified if it is inaccurate or incomplete; this however is very unlikely as we only use information you have supplied directly to Step One.
      2. Right to erase: the right to request that we delete or remove your personal information from our systems, where there is no good reason for us continuing to process it.
      3. Right to restrict: our use of your information: the right to ‘block’ us from using your personal information or limit the way in which we can use it.
      4. Right to data portability: the right to request that we move, copy or transfer your personal information.
      5. Right to object: the right to object to our use of your personal information including where we use it for our legitimate interests. If you raise an objection we will stop processing your personal information unless very exceptional circumstances apply, in which case we will let you know why we’re continuing to process your personal information. Remember, we only use your personal information to deliver the guidance and advice you need. We will use reasonable efforts consistent with our legal duty to provide you with your rights in accordance with data protection legislation.
    2. To make enquiries, exercise any of your rights set out in this Privacy Policy and/or make a complaint please email: or write to: Step One Ltd 310 Woolwich Road, London SE7 7AL.
    3. If you’re not satisfied with the way any complaint you make in relation to your personal information is handled by us then you may be able to refer your complaint to the relevant data protection regulator. In the UK, this is the Information Commissioner’s Office.
  10. Keeping your personal information secure:
    Keeping information about you secure is very important to us so we store and process your personal information in accordance with the high standards required under data protection legislation. From time to time and for operational reasons the personal information we collect from you may be transferred to and stored in countries outside of the European Economic Area (“EEA”) Your information may also be processed by some of our service providers which operate outside the EEA. Currently we only use Just Host servers outside of the EEA; they are based in Ohio, USA and you may view their privacy policy on their website. Different countries have different data protection and security laws and some of these do not offer the same level of protection as you enjoy under UK data protection legislation. However, when we appoint our service providers to help us provide products and services to you , we take care to ensure that they have appropriate security measures in place.
  11. How to contact us:
    Our Data Protection lead is the Director of Step One Ltd. Email: or write to: Step One Ltd 310 Woolwich Road, London SE7 7AL.
  12. Changes:
    This policy is effective from 25th May 2018. We may, from time-to-time, make changes to this Privacy Policy to reflect any changes to our privacy practices in accordance with changes to legislation, best practice or Site enhancements. We will let you know what these changes are by posting them to this page. Where the changes are significant, we may also choose to email you with the new details and get your consent to make these changes where required by law.