United Kingdom Privacy Policy

1. Introduction

Reach Boarding Europe Limited (“we,” “us,” or “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It also outlines your rights and how to contact us.

We provide boarding management software (the “Reach Platform”) and related services to schools and institutions across Europe. This policy applies to all personal data we process about our customers, their representatives, end-users (for example, students, parents, or staff), and visitors to our website at https://reach.cloud.

2. Data Controller

Reach Boarding Europe Limited is the data controller responsible for your personal data. Our registered office is 4 Office Village Forder Way, Cygnet Park, Hampton, Peterborough, Cambridgeshire, England, PE7 8GX, United Kingdom.

For inquiries, please contact our Data Protection Officer:
Email: dpo@dataprotection.education
Phone: +44(0)800 0862018
Address: 1 Saltmore Farm, New Inn Road, Hinxworth, Baldock SG7 5EZ, United Kingdom

3. Personal Data We Collect

We collect and process the following categories of personal data:

• Identity and Contact Data: Names, email addresses, phone numbers, and postal addresses of customers, their representatives, or end-users.
• Account Data: Login credentials, user IDs, and preferences for accessing the Reach Platform.
• Usage Data: Information about how you interact with the Reach Platform, including IP addresses, device information, and usage logs.
• Student and Parent Data: For schools accessing the Reach Platform, this may include student names, dates of birth, medical information, attendance records, and parent contact details, as provided by the school.
• Financial Data: Billing information, such as payment details, for customers subscribing to our services.
• Marketing and Communications Data: Preferences for receiving marketing materials and communication records.
• Technical Data: Information collected via cookies or analytics tools, such as browsing behaviour on our marketing website.

We collect this data directly from you, through your use of the Reach Platform, or from third parties (for example, schools providing student data with your consent).

4. How We Use Your Personal Data

We process personal data for the following purposes, based on the legal bases outlined below:

Purpose	Categories of Data	Legal Basis
To provide and manage the Reach Platform and services	Identity, Contact, Account, Student, Parent, Usage	Performance of a contract
To process payments and manage billing	Financial, Identity, Contact	Performance of a contract; Legal obligation
To provide technical support and resolve issues	Identity, Contact, Usage, Technical	Performance of a contract; Legitimate interests
To improve our services and develop new features	Usage, Technical	Legitimate interests
To send marketing communications (where permitted)	Identity, Contact, Marketing	Consent; Legitimate interests (for existing customers, subject to opt-out)
To comply with legal obligations (for example, tax or safeguarding)	Identity, Financial, Student	Legal obligation
To ensure the security of our systems	Usage, Technical	Legitimate interests
To provide an evaluation service of the Reach Platform	Identity, Contact, Account, Student, Parent, Usage	Legitimate interests

5. International Data Transfers

We may transfer personal data to our sister companies, Academic Edge Inc. (Reach Student Life Americas) and Touchline Connect Pty Ltd (Reach Student Life Australia), located in Canada and Australia, respectively, for the sole purposes of:

• Technical Support: To assist with troubleshooting and resolving issues with the Reach Platform.
• Software Development: To enhance and maintain the Reach Platform.

These transfers are strictly limited to employees of these sister companies who require access to perform their roles. We ensure that all transfers comply with UK GDPR requirements through the following safeguards:

• Canada: Recognised by the UK as providing an adequate level of data protection under the UK GDPR adequacy decision.
• Australia: Transfers are subject to Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner’s Office (ICO), ensuring equivalent protection to UK standards.

We conduct regular assessments to ensure that these safeguards remain effective, and that personal data is protected during and after transfer.

6. Data Sharing

We do not share your personal data with third parties except in the following circumstances:

• With Sister Companies: As described in Section 5, for technical support and software development.
• Service Providers: With trusted third-party providers (for example, cloud hosting, payment processors, customer relationship management) acting as data processors under strict contractual terms compliant with UK GDPR.
• Legal Obligations: Where required by law, such as to comply with court orders or regulatory requirements.
• Business Transfers: In the event of a merger, acquisition, or sale, where personal data may be transferred as a business asset, subject to confidentiality agreements.

7. Data Retention

We retain personal data processed via the Reach Platform for the duration of the contract with our customers (for example, schools or institutions). Customers, as data controllers, can manage retention periods using tools provided within their Reach Platform instance to delete or archive data as needed. For example:

• Student and parent data is retained as instructed by the customer, typically until the student leaves the institution or the customer deletes the data.
• Customer account and financial data is retained for the duration of the contract plus 6 years to comply with UK tax and accounting obligations.
• Technical logs are retained for 12 months for security and analytics purposes, unless otherwise specified by the customer.

When personal data is no longer needed or upon customer instruction, it is securely deleted or anonymized.

8. Your Data Protection Rights

Under the UK GDPR, you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Ask us to correct inaccurate or incomplete data.
• Erasure: Request deletion of your data in certain circumstances.
• Restriction: Ask us to limit the processing of your data.
• Portability: Request your data in a structured, machine-readable format to transfer to another controller.
• Objection: Object to processing based on legitimate interests, including marketing.
• Automated Decision-Making: Not be subject to decisions based solely on automated processing that produce legal or significant effects (we do not currently engage in such processing).

To exercise these rights, please contact our Data Protection Officer using the details in Section 2. Alternatively, if you are an end-user (for example, parent or student), you may need to contact your school or institution, as they are the primary data controller for data entered into the Reach Platform. We will respond to all requests within one month, though complex requests may take longer and we will inform you if this is the case.

9. Data Security

 

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit and at rest.
• Access controls limiting employee access to necessary data only.
• Regular security audits and vulnerability assessments.
• Staff training on data protection obligations.

Despite our efforts, no system is completely secure. We will notify you and the ICO promptly in the unlikely event of a data breach, as required by law.

10. Cookies and Tracking

Our website at https://reach.cloud uses cookies and similar technologies to enhance user experience and analyse usage. You can manage your cookie preferences through our cookie consent tool. For details, see our Cookie Policy at https://reach.cloud/cookie-policy.

11. Marketing Communications

When you contact us

If you get in touch with us, whether by phone, email, post, or in person, you may provide us with personal information. For example, if you use our contact form, we ask for your name, email address, and contact phone number. Only information that is needed to deal with your enquiry will be shared internally or with selected third parties. We will use the information you provide to deal with your enquiry and for no other purpose.

We justify this processing on the basis of your consent. We will keep this information for no longer than six months from the last interaction with you.

For marketing purposes

We may add you to our marketing database in several ways.

When you sign up via our website to hear from us, we will collect your business contact details and add you to our marketing database as requested.

When you sign up for a webinar or other event that we are hosting

We will collect your business contact details to administer the event.

When you sign up for a webinar or other event that we are sponsoring and opt-in to marketing

Where the webinar is hosted by a third party, the event organiser may share your business contact details with us for marketing purposes if you provide consent at the point of registration.

Direct marketing

You have the right to opt out of direct marketing. If you do not specify which marketing you no longer wish to receive, we will stop sending you any marketing information. You will need to tell us the email addresses, phone numbers, and other relevant details, and you will understand that we will need to keep these details so that we can be sure not to add you back to marketing lists in error. You also have the right to opt back into marketing at any time.

12. Third-Party Links

The Reach Platform or our website may include links to third-party sites. We are not responsible for their privacy practices, and we encourage you to review their policies before providing personal data.

13. Complaints

If you have concerns about our data practices, please contact us first so we can address them. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

• Website: www.ico.org.uk
• Phone: 0303 123 1113
• Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes by email or through our website. The latest version is always available at https://reach.cloud/privacy-policy.

15. Contact Us

For any questions or to exercise your rights, please contact our Data Protection Officer: