Privacy Policy

Who we are

We are Lawford Education Ltd, company number 07659874.

Website address:

Registered office address (for tax purposes):
Fitzroy House, 3 Crown Street, Ipswich, IP1 3LY.

Office address for all other correspondance:
11 Waldegrave Way, Lawford, Manningtree, Essex CO11 2DX.

What personal data we collect and why we collect it

Contact forms

Our contact form obtains your name, organisation name, contact telephone number and email address along with your message.  This data is purely stored for administrative purposes and so that we can reply to your message accordingly.  Please do not send personal or sensitive information via our contact form.  If you notify us that you would like to send us personal or sensitive information, we will provide a secure URL where such data can be submitted.


To improve your experience on our site, we may use ‘cookies’. Cookies are an industry standard and most major web sites use them. A cookie is a small text file that our site may place on your computer as a tool to remember your preferences. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

Content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Our website may contain links to other websites. Please be aware that we are not responsible for the privacy practices of such other sites. When you go to other websites from here, we advise you to be aware and read their privacy policy.


Our website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.

By using this website, you consent to the processing of data about you by Google in the manner described in Google’s Privacy Policy– external site and for the purposes set out above. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google– external site.

Who we share your data with

We do not share your data with third parties unless you specifically request us to do so in your correspondence with us.  We do not sell your data to third parties.

How long we retain your data

Data collected via our contact form may be retained indefinitely so that we can track previous communication with you and your organisation.  We retain this data because such communication may be legally binding, if a quote is formally accepted via the contact form, for example.

What rights you have over your data

You can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you.  This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Additional information

How we protect your data

This online service is hosted in London, UK in a secure data centre. To help protect the privacy of data and personal information we collect and hold, we maintain physical, technical and administrative safeguards.  Furthermore, security is updated and tested on an ongoing basis.

Our employees are trained about the importance of confidentiality and maintaining the privacy and security of your information.  In addition, access to your Personal Information is restricted to employees who need it to provide services to you.

What data breach procedures we have in place

Containment and recovery – where we have identified a data breach, the designated data controller will investigate and use all appropriate resources to contain the situation by preventing further loss of data and / or recover lost data.  If deemed necessary, the data controller will inform the police of the incident.

The data controller will assess the risks of the data loss.  This will be determined by whether it involved a criminal act such as theft of data or unauthorized access, whether the data included sensitive data, the number of people affected, and the potential consequences for individuals.

Notification of breaches – the data controller will notify users for who we have contact details.  Where possible the email will contain details on what occurred, when it occurred, the status of containment, what data was revealed and to whom, and any recommended actions to mitigate risks associated with the breach.  If the breach included personal data, the data controller will inform the ICO.