Privacy Policy

Last updated: 17/04/2026

1. Who we are

Foundry Education (“we”, “us”, “our”) is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, store and protect personal data when you:

visit our website;

contact us by email, phone or enquiry form;

request a quote, site visit or consultation;

sign up to receive marketing updates;

engage us for construction or professional services;

otherwise interact with us.

Data controller: Foundry Education

Registered address: Unit 1, Sanders Lodge Industrial Estate, Rushden, Northamptonshire NN10 6BQ

Email: enquiries@foundry-education.co.uk

Telephone: 01933 594094

If you have any questions about this Privacy Policy or how we handle your data, please contact us using the details above.

2. The personal data we collect

We may collect and use the following categories of personal data:

your name;

job title;

school, trust, organisation or company name;

email address;

telephone number;

postal address;

project details and enquiry information;

communications you send to us;

records of meetings, calls and correspondence;

website usage information, including IP address, browser type, pages visited and referring website;

cookie and analytics data;

marketing preferences.

In some cases, you may choose to share information relating to pupils, staff or school needs when discussing a project. Please do not send us unnecessary special category personal data or safeguarding information through website forms unless specifically requested and appropriate safeguards are in place.

3. How we collect personal data

We collect personal data:

directly from you when you complete a form, contact us or request information;

when you correspond with us by email, phone or in person;

when you purchase or enquire about our services;

automatically through cookies and similar website technologies;

from publicly available sources, such as school or organisation websites, where relevant to a business enquiry or relationship.

4. How we use your personal data

We use personal data to:

respond to enquiries and provide requested information;

arrange site visits, calls, meetings, quotations and consultations;

provide construction and professional services;

manage our client and supplier relationships;

send service-related communications;

improve our website, content and user experience;

maintain business records and internal administration;

send marketing communications where permitted;

establish, exercise or defend legal claims;

comply with legal and regulatory obligations.

5. Our lawful bases for processing

Under the UK GDPR, organisations must identify a lawful basis before processing personal data. Depending on the context, our lawful bases may include: contract, where processing is necessary to take steps at your request or perform a contract; legitimate interests, where we use data for ordinary business purposes that are not overridden by your rights; consent, where you opt in to marketing or certain cookies; and legal obligation, where we must keep or disclose data to comply with the law.

We generally rely on the following lawful bases:

Contract: to respond to your request for a quote, organise a site visit, provide services, manage a project, or take steps before entering into a contract.

Legitimate interests: to manage enquiries, maintain business relationships, improve our services and website, keep records, and market relevant services to business contacts where permitted.

Consent: for email marketing where consent is required, and for non-essential cookies where applicable.

Legal obligation: to comply with tax, accounting, health and safety, insurance, regulatory or other legal requirements.

6. Marketing

We may send you marketing communications about our services where we have your consent or another lawful basis to do so. You can unsubscribe from marketing emails at any time by clicking the unsubscribe link or contacting us directly.

Where we rely on consent, you have the right to withdraw it at any time. The ICO states that privacy notices should explain people’s rights, including the right to withdraw consent where consent is the lawful basis.

7. Cookies and analytics

Our website may use cookies and similar technologies to ensure the website functions properly, understand how visitors use it, and improve performance and content.

Where required, we will ask for your consent before placing non-essential cookies on your device. You can also manage cookies through your browser settings.

For more information, please see our Cookie Policy [or add cookie section here].

8. Who we share personal data with

We may share personal data with trusted third parties where necessary for our business operations, including:

website hosting providers;

IT and cloud storage providers;

CRM and email marketing providers;

analytics providers;

professional advisers, including lawyers, accountants and insurers;

contractors, consultants and service partners working on a project;

regulators, public bodies, law enforcement or courts where required.

We require third parties processing data on our behalf to protect it appropriately and only use it in accordance with our instructions and the law.

If a project involves children’s data, any sharing must be justified and handled carefully, with the child’s best interests taken into account. The ICO’s guidance states that children’s personal data can be shared where there is a compelling reason, including safeguarding, but commercial reuse is unlikely to justify sharing.

9. International transfers

Some of our third-party providers may store or process personal data outside the UK. Where this happens, we will ensure appropriate safeguards are in place, such as adequacy regulations or approved contractual protections.

10. How long we keep personal data

We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, tax, insurance and record-keeping obligations. Where we cannot state a fixed period, the ICO says you should explain the criteria used to decide retention.

Typical retention periods may include:

general enquiries: 12 months

quotation and project records: 10 years after completion

marketing records: until you unsubscribe or we refresh consent/lists

financial records: as required by law

website analytics/cookie data: according to the settings of the relevant tool

You should replace these examples with your actual retention schedule.

11. Data security

We take appropriate technical and organisational measures to protect personal data against accidental or unlawful loss, destruction, misuse, unauthorised access, disclosure or alteration.

12. Children’s data

Our website and services are primarily directed at schools, trusts, local authorities and other professional contacts, not children directly.

If we process personal data relating to children in connection with a project, we will do so with particular care, in line with data protection law. The ICO states that children must be given the same privacy information as adults, presented in a way they can understand where relevant.

13. Your rights

Under the UK GDPR, individuals have rights including the right to be informed, access their data, rectify inaccurate data, erase data in some circumstances, restrict processing, object to processing, and data portability in some cases.

You may have the right to:

request access to your personal data;

request correction of inaccurate or incomplete data;

request erasure of your personal data;

request restriction of processing;

object to processing based on legitimate interests;

withdraw consent where consent is relied on;

request transfer of your data in certain cases;

complain to the Information Commissioner’s Office (ICO).

To exercise any of these rights, please contact us at [insert email].

14. Complaints

If you are concerned about how we use your personal data, please contact us first so we can try to resolve the issue.

You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection. The ICO says privacy information should explain how people can complain.

15. Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page and, where appropriate, notified to you.