Privacy Policy

Effective Date: 05/09/2025

Introduction & Organisational Info

We, at Otem, are dedicated to serving our customers and contacts to the best of our abilities. Part of our commitment involves the responsible management of personal information collected through our website otem.co.uk, and any related interactions. Our primary goals in processing this information include enhancing the user experience on our platform, providing timely support, and improving our products and services.

We process personal information with the utmost respect for privacy and security, adhering to all relevant regulations and guidelines. Our practices are designed to safeguard the confidentiality and integrity of your personal information while enabling us to deliver the products and services you trust us with.

We have a designated point of contact for all data protection matters. If you have any questions or require further information about how we manage personal information, please feel free to contact us at privacy@otem.co.uk.

Your privacy is our priority. We are committed to processing your personal information transparently and with your safety in mind. This commitment extends to our collaboration with third-party services that may process personal information on our behalf. All activities are conducted in strict compliance with applicable privacy laws.

Scope and Application

This policy applies to all visitors, registered users, and customers of our website otem.co.uk and our services. It outlines our practices and your rights concerning the collection, use, and protection of your personal information, ensuring it is processed with the highest standards of privacy and security.

Data Collection and Processing

We use cookies to deliver and improve our services, analyse site usage, customise your experience, and market our services to you. We use Cookiebot, a Consent Management Platform (CMP), to manage your cookie preferences and to obtain and document your consent. Upon your first visit, our website will present you with a cookie consent banner, where you can accept, reject, or customise your preferences. You can update or withdraw your consent at any time by using the privacy trigger, which is a small icon on our website, or by visiting our Cookie Policy page.

Our commitment to transparency and data protection extends to how we collect and use your personal information. We gather personal data through various interactions, including when you use our services or products such as tutoring, online teaching, AI support, scheduling, and booking.

We do not knowingly collect personal data from individuals under 16 years of age without verifiable parental consent. If we discover that we have inadvertently collected such data, we will delete it promptly. For any of our services that require verifiable parental consent, such as AI-based products, a parent or legal guardian is responsible for creating any accounts and providing explicit consent. They must also register, maintain bookings, and make payments on behalf of the minor, as well as ensure appropriate supervision.

The following list details the types of personal information we may process:

  • First and Last Name
  • Email address and/or Phone number
  • Address and City
  • Payment Information
  • Purchase history
  • Interaction logs (e.g., clicks, time spent on pages)
  • Details about your service usage and preferences

Please note that we only process information that is essential for delivering our services, complying with legal obligations, our legitimate interests, or enhancing your user experience.

Our Use of Third-Party Integrations

We integrate with trusted third-party service providers to offer a seamless user experience. We share personal information with these providers only as necessary to provide the services you have requested, and all data sharing is covered by Data Processing Agreements (DPAs) and other appropriate safeguards.

Calendly (for Scheduling and Bookings)

We use Calendly to manage our booking and scheduling services. When you use our embedded Calendly form, the following personal data is collected:

  • Data Processed: Name, email address, phone number, educational information, session requirements, and booking preferences.
  • Legal Basis: Contract. This processing is necessary to fulfill our service agreement with you by confirming and managing your booking.

Zoom & Google Meet (for Online Tutoring Sessions)

As part of our service, we use Zoom and Google Meet to facilitate online tutoring sessions.

  • Data Processed: We share your name and email address with Zoom or Google Meet to create and manage the meeting invitation.
  • Session Data: We may process and retain transcripts and notes from your sessions, including diagrams and formulas, to improve the quality of our services. These are processed under our Legitimate Interests to enhance and develop our teaching content. We will only record a session with your explicit consent, which you can withdraw at any time.
  • Legal Basis: Contract (for sharing data to create the meeting) and Legitimate Interests (for processing notes and transcripts).

Planned Integrations (Stripe & PayPal)

In the future, we plan to integrate payment processing services (Stripe and PayPal) into our Calendly booking flow. When this is active, we will process your payment information to securely complete your transactions. The legal basis for this processing will be Contract. We will update this privacy policy with specific details on the data shared with these providers at that time.

Tutor Registration

Direct Collection (Tutor registration via Website Form)

  • Data Processed: Name, email address, contact number, subject specialism, preferred level of teaching, and additional user-provided information.
  • Legal Basis: Contract and Legitimate Interests. This data is essential for taking the necessary steps to enter into a contract with you as a tutor. We also have a legitimate interest in collecting this information to assess your suitability for the role and to match you with appropriate students.
  • Enhanced DBS Certificate: We process information about your Enhanced DBS Certificate status to comply with our Legal Obligation to protect minors in educational settings. It is also in our Legitimate Interests to verify the backgrounds of our tutors to ensure the safety of our students and their families.

AI Learning Companion Service

  • Purpose: To provide AI support and learning resources. We are currently collecting interest registrations for this service.
  • Data Processed: Email address, role identification, educational level, and interest registration.
  • Legal Basis: Legitimate Interests. Our legitimate interest is to gauge market demand and to inform interested individuals when the service becomes available.
  • Deployment: When this service is deployed, we will process conversations with the AI to provide personalised responses. This may include personal data you choose to share. We will use Google's AI services to operate this feature, and your chat history will be retained for a limited period (e.g., up to 90 days) to improve the service, which is also based on our Legitimate Interests. You will have the option to delete your chat history at any time.

Data Storage and International Transfers

Data Storage: Personal information is stored on secure servers located in the GB, EU, and US.

International Transfers: When we transfer your personal data to countries outside of the UK and EU, we do so using a legally compliant transfer mechanism. For transfers to the US, we rely on Standard Contractual Clauses (SCCs), which are legally binding agreements that require the recipient to adhere to GDPR-level data protection standards. We ensure all data transfers are protected by robust technical and organisational safeguards.

User Rights and Choices

At Otem, we recognise and respect your rights regarding your personal information, in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We are committed to ensuring you can exercise your rights effectively.

Below is an overview of your rights and how you can exercise them:

  • Right of Access (Article 15 GDPR): You have the right to request access to the personal information we hold about you and to obtain information about how we process it.
  • Right to Rectification (Article 16 GDPR): If you believe that any personal information we hold about you is incorrect or incomplete, you have the right to request its correction or completion.
  • Right to Erasure (‘Right to be Forgotten’) (Article 17 GDPR): You have the right to request the deletion of your personal information when it is no longer necessary for the purposes for which it was collected, among other circumstances.
  • Right to Restriction of Processing (Article 18 GDPR): You have the right to request that we restrict the processing of your personal information under certain conditions.
  • Right to Data Portability (Article 20 GDPR): You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit those data to another controller.
  • Right to Object (Article 21 GDPR): You have the right to object to the processing of your personal information, under certain conditions, including processing for direct marketing.
  • Right to Withdraw Consent (Article 7(3) GDPR): Where the processing of your personal information is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to Lodge a Complaint (Article 77 GDPR): You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable data protection laws.

To exercise any of these rights, please contact us at privacy@otem.co.uk. We will respond to your request in accordance with applicable data protection laws and within the timeframes stipulated by those laws.

Direct Marketing and Communications

At Otem, we may use your personal information to send you direct marketing communications about our products, services, promotions, and other relevant information that we believe may be of interest to you. We are committed to ensuring that our direct marketing practices are transparent, lawful, and in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the ePrivacy Directive.

  • Obtaining Consent: We will only send you marketing communications if you have given us clear consent. Every direct marketing communication we send will include clear instructions on how to unsubscribe or opt-out. You can exercise your right to opt-out at any time, and we will promptly honor your request.
  • Managing Your Preferences: You have control over the direct marketing communications you receive. You can manage your communication preferences by using the unsubscribe link provided in our marketing emails or text messages.

Data Breach Notification Procedures

At Otem, we understand the importance of protecting your personal information and take proactive measures to safeguard it. In the event of a data breach that poses a risk to your privacy rights and freedoms, we have established clear procedures for promptly identifying, assessing, and mitigating the impact of the breach. Our data breach notification procedures are designed to comply with applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR).

  • Notification Obligations: If required by law, we will notify the relevant data protection authorities of the data breach within 72 hours. If a data breach poses a significant risk to your privacy rights and freedoms, we will notify you without undue delay.
  • Point of Contact: If you have any questions or concerns about a data breach or believe you may have been affected, please contact us immediately at privacy@otem.co.uk.

Policy Updates and Changes

We may update this privacy policy from time to time to reflect changes in legal requirements, industry standards, or our business operations. In the event of significant changes, we will provide notice through prominent means, such as email, website notifications, or other appropriate channels. We will also indicate the effective date of the updated policy at the top of the document.1

Contact Us

If you have any questions or concerns about our privacy policy or any updates to it, please do not hesitate to contact us at privacy@otem.co.uk. We are here to address any inquiries you may have and to ensure that you feel confident about how your personal information is handled.

Cookie PolicyPrivacy PolicyTerms of Service