4tefl logo

Privacy Policy

We only collect what we need to run your course, award qualifications and keep assessments fair. We don’t sell your data. You can access, correct or delete your data (with some regulatory limits), and you can opt out of marketing at any time.

Last updated: 30 August 2025

What data we collect

Depending on your interactions with us, we may process:

  1. Identity & contact: name, date of birth, email, phone, postal address.
  2. Account & enrolment: username, course(s) enrolled, progress and completion.
  3. Assessment data: submissions, feedback, grades, logs (incl. remote invigilation where used).
  4. Identity verification (Ofqual-regulated provision): verification result (pass/fail), session ID, timestamp and, where provided by our identity provider, limited document fields (e.g., full name, date of birth, document type/issuing country, truncated document number). We do not store biometric templates.
  5. Payments: payment status, amount, method, partial card details (last 4 digits). Full card data is processed by our payment provider and is not stored by us.
  6. Technical data: IP address, device, browser, approximate location, cookies and similar technologies.
  7. Communications: support requests, complaints/appeals, and call/meeting notes where relevant.

Why we use your data (purposes & lawful bases)

  • Deliver courses and manage your account — Contract (Art. 6(1)(b)).
  • Assessment, certification and quality assurance — Legitimate interests (integrity of assessment; fraud prevention) and Contract.
  • Identity verification for Ofqual-regulated qualifications — Legitimate interests and Contract.
  • Payments, invoicing and tax — Contract and Legal obligation.
  • Support and operations (security, troubleshooting, logs) — Legitimate interests.
  • Regulatory and awarding-body requirements (e.g., Ofqual) — Legal obligation/Legitimate interests.
  • Analytics and improvements — Consent (where cookies/trackers are non-essential).
  • Marketing communications — Consent; you can withdraw any time.

Cookies

We use essential cookies to run the site, and (with your consent) analytics/marketing cookies. See our Cookies Policy for details and to manage your preferences.

Identity verification (Ofqual-regulated provision)

To protect learners and uphold assessment integrity, we verify identity for regulated courses (e.g., TEFL Level 5 RQF). Automated checks use Stripe Identity (document + live selfie). We receive the verification outcome and limited “verified outputs” only; we do not store biometric templates. A manual fallback route is available on request or where accessibility adjustments are needed. See our Identity Verification Policy for full details.

Sharing your data (recipients)

We share personal data only as necessary with:

  • Service providers (processors): hosting, LMS, CRM/email, payment processing (e.g., Stripe), identity verification (Stripe Identity), support tools.
  • Awarding/regulatory bodies where required (e.g., to investigate malpractice or issue/verify certification).
  • Professional advisers, insurers and legal authorities (where we must).

We put in place data processing agreements and safeguards with all processors.

International transfers

Some processors may store or access data outside the UK. Where this happens, we rely on appropriate safeguards (e.g., the UK International Data Transfer Addendum to the EU SCCs) and assess provider security. You can contact us for details of the specific safeguards used for a given service.

How long we keep data (retention)

We keep data only as long as needed for the purposes above, or to meet legal/award requirements. In particular:

  • Identity verification — verification result and minimal audit: retained for the duration of study and up to six (6) years after the last certification outcome; manual uploads (ID/selfie) kept only until a decision is recorded (no longer than 90 days), then securely deleted.
  • Course and assessment records — typically up to six (6) years after completion.
  • Financial records — typically six (6) years (tax/accounting).
    See our Data Retention Schedule for details.

Your rights (UK GDPR)

Subject to certain limits, you can:

  • access your data;
  • correct inaccurate data;
  • request erasure;
  • restrict or object to processing (including a right to object to marketing at any time);
  • request portability (data you provided to us);
  • withdraw consent where processing relies on consent.

To exercise your rights, contact us at info@4tefl.com

Children

Our services are not directed at children under 16. If you believe a child has provided personal data without appropriate consent, please contact us and we will take appropriate steps.

Automated decision-making

We do not make decisions producing legal or similarly significant effects solely by automated means. Identity verification may include automated checks, but a manual route and review are available.

Security

We apply administrative, technical and organisational measures to protect personal data (role-based access, encryption in transit and at rest where applicable, logging and monitoring, and incident response). No system is perfect; we encourage you to use strong, unique passwords and keep your credentials safe.

Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top shows when changes were made. Significant changes will be communicated on this page or by email where appropriate.,

Contact us
For any questions about this policy or your data, contact:
Data Protection Lead, 4 TEFL LIMITED
Email: info@4tefl.com