Step One Privacy Policy - Customers

Your privacy is very important to us.  We want you to be confident that the information you give us when using our site is safe and secure. Here we tell you how and why we collect your personal data It also explains your rights and choices when it comes to this information, as well as the steps we take to keep it secure and confidential.

If you are an educator wanting to know about how we keep our students’ data safe, please refer to our separate student private policy, also available online at

Updated: 2 February 2021

  1. What this Privacy Policy covers

This is the Privacy Policy for Step One Ltd, our related tools and Forum (the "Site").

Our Privacy Policy explains:

  • the personal information we collect;
  • how and why we collect and use your personal information;
  • why we process your personal information;
  • when and why we will disclose your personal information to third parties
  • the rights and choices you have when it comes to your personal information
  • the steps we take to ensure your information is kept secure and confidential
  • how long we will hold your information for; and
  • how to contact us.
  1. Personal information we may collect and store
  • Your personal details, possibly including without limitation your name, billing address, email address, bank details, purchase history
  • We collect certain information in the form of cookies. We have a Cookie policy which is available on our website – please refer to this for more details

Unless we tell you otherwise, we do not collect and process any special categories of data.

  1. How we collect your personal information:

We collect your information through your purchasing our services either independently, most likely as a parent/carer, or as an educator. We use the personal information you give us to enable your students to take our assessments and then to formulate and send them a personal guidance report that will help them to understand their strengths and skills and to make their best future educational or vocational decisions.

We may also collect your information via our website, when you sign up to receive some information or our newsletter.

  1. How we use your personal information:

We use the personal information you give us to enable your students to take our assessments and then to formulate and send them a personal guidance report that will help them to understand their strengths and skills and to make their best future educational or vocational decisions.

If you have given us permission to do so, we may also use send you information about services that may be of interest.

We may also use data analytics to improve our website and keep the content relevant, and to inform our marketing strategy.

  1. Legal basis

To provide our guidance services to you. Step One’s legal basis for processing your information is that of legitimate interests. You do not have to provide us with your personal information, but it would be difficult for us to provide your students with guidance if you didn’t.

Where we contact you for marketing purposes, it is because we have previously obtained your consent to do so. This may be withdrawn at any time.

  1. Disclosure of your personal information to other organisations

We may share your personal information with third parties where required by law, where it is necessary to deliver our services to you, or where we have another lawful basis for doing so.

  1. Data Security:

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees or agents who have a need to know: for example the guidance counsellor appointed to your school or student would need to see the student reports and be given your email address in order to liaise with you over interview logistics.

How long will Step One keep your personal information?

We will not keep your personal information for longer than is necessary. By law we have to keep basic information about our customers (including contact, identity, financial and transaction data) for six years after they cease being customers for legal and tax purposes.

  1. How you can change permissions

Your privacy is of huge importance to us. All emails or other forms of communication directly from us to you will be timely and relevant to your use of our services. Other communications will include clear instructions on how to unsubscribe. Plus, if you don't want to be contacted by us you can email

Section 9 below also sets out your other information rights.

  1. Your information rights and responsibilities

9.1. You already have certain rights under existing data protection legislation, including a right to request a copy of the personal information we hold on you, if you request it in writing. From 25 May 2018 you have the following rights:

9.1.1. Right to correct: the right to have your personal information rectified if it is inaccurate or incomplete; this however is very unlikely as we only use information you have supplied directly to Step One.

9.1.2. Right to erase: the right to request that we delete or remove your personal information from our systems, where there is no good reason for us continuing to process it.

9.1.3. Right to restrict our use of your information: the right to 'block' us from using your personal information or limit the way in which we can use it.

9.1.4. Right to data portability: the right to request that we move, copy or transfer your personal information.

9.1.5. Right to object: the right to object to our use of your personal information including where we use it for our legitimate interests. If you raise an objection we will stop processing your personal information unless very exceptional circumstances apply, in which case we will let you know why we're continuing to process your personal information. Remember, we only use your personal information to deliver the guidance and advice you need

.9.1.6. Right to withdraw consent: In any circumstances where we have relied on your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.  This will not affect the lawfulness of any processing carried out before you withdrew your consent.

We will use reasonable efforts consistent with our legal duty to provide you with your rights in accordance with data protection legislation.

9.2. To make enquiries, exercise any of your rights set out in this Privacy Policy and/or make a complaint please email or write to Step One, 46 Tallis Grove, London SE7 7LA .

9.3. If you're not satisfied with the way any complaint you make in relation to your personal information is handled by us then you may be able to refer your complaint to the relevant data protection regulator. In the UK, this is the Information Commissioner's Office.

  1. Keeping your personal information secure – international transfers

Our company is based in the UK, so we store and process your personal information in accordance with the high standards required under data protection legislation.

The personal information we collect from you will only be transferred to and stored in countries outside of the European Economic Area ("EEA") or those countries not on the adequacy list, often called ‘third countries’, if you or your school are based in a third country. There will be appropriate safeguards, for example use of the European Commission’s Standard Contractual Clauses for data transfers between EU and non-EU countries.

  1. How to contact us: Email: or write to Step One Ltd 46 Tallis Grove, London SE7 7LA.

If you have any queries relating to our use of your personal information or any other related data protection questions, please contact us at guidance or write to us at Step One Ltd, 46 Tallis Grove, London SE7 7LA.

If you are based in the EU, we have appointed DataRep as our data representative in the European Union.

DataRep can be reached by email at quoting ‘Step One Limited’ in the subject line, or by contacting them online at

You can also contact us by mailing DataRep’s office in your home country. Click here if you are based in the EU and would like to contact Step One’s European data protection representative by post.

DataRep is also our data representative in Switzerland. They can be contacted using the email or link above, and by post at: DataRep, Leutschenbachstrasse 95, ZURICH, 8050, Switzerland

  1. Changes:

This updated policy is effective from 2 February 2021. We may, from time to time, make changes to this Privacy Policy to reflect any changes to our privacy practices in accordance with changes to legislation, best practice or Site enhancements. We will let you know what these changes are by posting them to this page. Where the changes are significant, we may also choose to email you with the new details and get your consent to make these changes where required by law