Privacy Policy

Curve Learn is the trade name of Curve Learn Limited, a company incorporated in England and Wales under registration number 09043355. This privacy policy explains how Curve Learn uses and protects any information that it collects about you when you use this website –


This privacy notice aims to give you information on how Curve Learn collects and processes your personal data through your use of this website, including any data you may provide through this website when you create an account.
We do not knowingly collect data relating to children. Parental supervision is required if children are to use this website.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
Our website operates in accordance with the General Data Protection Regulation (the “GDPR”), (Regulation (EU) 2016/679), which is a directly binding legislative act. Curve Learn Limited is committed to maintaining the trust and confidence of our visitors to our website. This Privacy Policy explains the types of personal data that we may collect from you, how we use it, the limited conditions under which we may disclose it to others, how we keep it secure, and your rights regarding your personal data.
Curve Learn Limited is the controller and is responsible for your personal data (collectively referred to as “we”, “us” or “our” in this privacy notice).
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights under the GDPR, please contact the DPO at
Our full details are:
Curve Learn
Postal address: 12 Boltro Road, Haywards Heath, RH16 1BB
Email address:
Phone number: +44 7552 775 675
Data Protection Officer
Email address:
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to address your concerns before you approach the ICO so please contact us in the first instance.


Contact Data includes your name, email address, telephone number.
Technical Data includes your IP address, browser details, operating system details, pages visited, actions taken.
Student Profile Data (only applicable to students) includes the subject in which you desire tutoring and your level of education.
Messaging Data includes any information provided by you to us by email.
Aggregate Data. Aggregate data may be derived from your personal data but this data does not directly or indirectly reveal your identity. For example, we may aggregate certain usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregate data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.


Where we need to collect personal data by law, under the terms of a contract we have with you, or where we will be otherwise unable to provide you with service, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel the service we provide to you or our website may not work for its intended purpose, but we will notify you if this is the case.
We collect your personal data in several ways, but always in compliance with the law. We will collect your personal data in the following manners:
Online Forms. Most information collected from you is collected via an online form that you fill out.
Cookies And Automatic Collection. Certain information is collected by placing a cookie on your computer. Some cookies are required for the operation of our website and are automatically loaded onto your computer. Other cookies are non-essential cookies and require you to opt-in before they will be loaded onto your computer. See our Cookie Policy. In addition, certain information may be collected automatically, including your IP address, your type of operating system, browser type, and the pages you visited and actions you have taken on our website.
We will only use your personal data in compliance with the law. Most commonly, we will use your personal data in the following circumstances:
Internal record keeping.
To provide you with services.
To improve our products and services.
To customise the website according to your interests.
If you have opted to receive direct marketing materials, we will send you promotional e­mail about new products, special offers, or other information which we think you may find interesting.
From time to time, we may also use your information to contact you by e­mail or text regarding offers or promotions from carefully selected third parties if you have agreed to being contacted in this way.
The following table outlines the various purposes and activities for which we will use your data as well as the lawful basis that allows us to use the data:
Type of data
Lawful basis for processing
General Website
To improve the security of our website and protect against online attacks (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data).
Technical Data
Legitimate Interests (provision of network and IT services, network security, and administration, to prevent fraud)
To use data analytics to improve our website, services, marketing, customer relationships, and experiences.
Technical Data
Legitimate Interests (to define types of users of our services, to keep our website updated with relevant content, to develop our business, and to inform our marketing strategy)
Enable all users to contact us via email.
Contact Data
To manage our relationship with you, including notifying you about changes to this privacy policy or any other changes or updates related to the website.
Contact Data
Legal Obligation
To administer Student relationships, and use of the website, including statistical analysis to better understand their use of the website and website maintenance.
Contact Data
Technical Data
Login Data
Tutor Profile Data
Student Profile Data
Messaging Data
Legitimate Interests (comply with user requests, and ensure the integrity of the user’s experience)
Performance of a Contract
To administer payment processing.
Contact Data
Performance of a Contract
To provide Students with Tuition.
Contact Data
Student Profile Data
Academic Data (i.e. student work)
Performance of a Contract


We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical, and physical safeguards to protect personal data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the personal data in our possession. All live servers utilise firewalls and the latest Linux security patches are installed and updated regularly. We also ensure data encryption, password protection, and other access and authentication controls.
Third party businesses who process payments on our behalf.
Third party businesses who help us develop our business, inform our marketing strategy, and maintain our website with relevant services.
Third party businesses who provide cloud storage services.
Third party businesses who provide communication software we use to contact you in accordance with this Privacy Policy.
Another organisation if we sell or buy (or negotiate to sell or buy) any business or assets.
With our professional advisers who have a reasonable need to see it.
We will disclose your information if we are required to by law. We may disclose your information to enforcement authorities if they ask us to, or to a third party in the context of actual or threatened legal proceedings, provided we can do so without breaching data protection laws.
We may transfer, process, and store personal data we collect in centralised databases located in the United States of America. The United States of America may not have the same data protection framework as the country from which you may be accessing our website. When we transfer personal data to the U.S., we will protect it as described in this Privacy Policy and we will comply with applicable legal requirements providing adequate protection for the transfer of personal information from Europe to the United States of America. In addition, we maintain enforceable contracts with all third parties we may send your data to binding them to this Privacy Policy, standard contractual clauses, the European Union’s General Data Protection Regulation, and other standards for data protection that we may set.
We respect your desire to maintain the privacy of your data, and will always work with you to ensure your data is being used responsibly. Please always feel free to contact us regarding any questions or concerns you may have regarding your data.
You will always have the following rights with respect to your personal data:
Right to Revoke Consent. You always have the right to revoke any consent you have given for us to use your data.
Right of Access. You have the right to access any of your personal data we hold. While you may always access your data via your account and account settings, we may also provide your information to you in a structured format, if you so choose.
Right to Object to Processing. You have the right to object to our processing of your data except where we can demonstrate that our compelling interests, or the compelling interests of a third party, override your interests.
Right of Rectification. You have the right to rectify or correct any of your data we hold that is incorrect or inaccurate.
Right of Erasure. Your right to erasure may be accomplished by deleting your account or by contacting us (and we can delete your account). After your account is deleted, any of your personal data we hold is deleted or anonymized except for a brief record demonstrating our compliance with your request.
Right to Restrict Processing. You have the right to prevent us from processing your data:
for a period to enable use to verify the data’s accuracy, if you believe the data is inaccurate or incorrect;
if our processing is unlawful;
if you require us to maintain the data for purposes of the establishment, exercise, or defence of a legal claim; or
for a period pending the verification of our legitimate interests, if you have objected to our legitimate interests in using your data.
Right of Data Portability. You have the right to request we provide you your data in a structured, commonly used, and machine-readable format and the right to transmit that data to another controller.
Right to Opt-Out of Marketing. You always have the right to opt-out of any marketing emails or other correspondence we may send to you.
Right to Opt-Out of Automated Profiling. Tutors have the right to opt-out of our automated profiling of tutors related to search result ranking. You may opt-out in your account settings.
You can exercise your rights in several ways:
By checking (or not checking) certain boxes on the forms we use to collect your data;
by opting out or exercising certain of your rights via the settings in your account; or
by contacting
For further information on how your data is used, how we maintain the security of your data, and your rights to access information we hold on you, please contact:
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. Please contact our DPO at for more information.


Like many other websites, Curve Learn’s website uses cookies. Cookies are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. Most web browsers allow some control to restrict or block cookies; however, disabling cookies may affect your ability to use certain parts of our website. For more information about cookies and instructions on how to adjust your browser settings, visit the Internet Advertising Bureau website See our Cookie Policy.
Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
We will notify you of any changes to this Privacy Policy either by email, in your account, by banner notification on the website, or by any other means that is likely to to make you aware of the changes.
Any questions regarding this Policy and our privacy practices should be sent by email to us at or by writing to Curve Learn Limited 12 Boltro Road, Haywards Heath, RH16 1BB


Goal of the data protection policy
The goal of the data protection policy is to depict the legal data protection aspects in one summarising document. It can also be used as the basis for statutory data protection inspections, e.g. by the customer within the scope of commissioned processing. This is not only to ensure compliance with the European General Data Protection Regulation (GDPR) and Data protection Act (DPA) 2018 but also to provide proof of compliance.
Brief description of the company and motivation to comply with data protection.
Security policy and responsibilities in the company
For a company, in addition to existing corporate objectives, the highest data protection goals are to be defined and documented. Data protection goals are based on data protection principles and must be individually modified for every company.
Determination of roles and responsibilities (e.g. representatives of the company, operational data protection officers, coordinators or data protection team and operational managers)
Commitment to continuous improvement of a data protection management system
Training, sensitisation and obligation of the employees
Legal framework in the company
Industry-specific legal or conduct regulations for handling personal data
Requirements of internal and external parties
Applicable laws, possibly with special local regulations
Conducted internal and external inspections
Data protection need: determination of protection need with regard to confidentiality, integrity and availability. 
Existing technical and organisational measures (TOM)
Appropriate technical and organisational measures that must be implemented and substantiated, taking into account, inter alia, the purpose of the processing, the state of the technology and the implementation costs.
The description of the implemented TOM can, for example, be based on the structure of ISO/IEC 27002, taking into account ISO/IEC 29151 (guidelines for the protection of personal data). The respective chapters should be substantiated by referencing the existing guidelines.
Examples of such guidelines include:
Guideline for the rights of data subjects
Access control
Information classification (and handling thereof)
Physical and environmental-related security for end users such as:
Permissible use of values
Guideline for information transfer based on the work environment and screen locks
Mobile devices and telecommuting
Restriction of software installation and use
Data backup
Information transfer
Protection against malware
Handling technical weak points
Cryptographic measures
Communication security
Privacy and protection of personal information
Supplier relationships: Noting regular inspection and evaluation of data processing, especially the efficacy of the implemented technical and organisational measures.