1. Policy Statement
Ember Learning Ltd (trading as Ember Tutors) records all tutoring sessions delivered via its online platform. Session Recordings are made exclusively for safeguarding purposes. They are not made for quality assurance, training, performance management, marketing, or any other purpose. This Policy applies to all Company staff, tutors, and any third party with access to Session Recordings.
2. Purpose of Session Recordings
Recordings may only be reviewed when a safeguarding concern is raised, a tutor's conduct is called into question, a student discloses information indicating risk to their welfare, or a statutory body requests access as part of a lawful investigation. Any use beyond these purposes requires prior written agreement with the commissioning body (as Data Controller) and a data protection impact assessment.
3. Lawful Basis for Recording
Session Recordings involve personal data of students and are processed under Article 6(1)(c) UK GDPR (legal obligation arising from safeguarding duties) and Article 6(1)(f) UK GDPR (legitimate interests in ensuring a safe online environment). The commissioning body is responsible for obtaining parental/carer consent prior to referral; confirmation of consent is a condition of the Service Agreement.
4. Access Controls
Access to Session Recordings is strictly limited to the Designated Safeguarding Lead (DSL) and the Deputy DSL. Statutory bodies (police, children's social care, LADO) may access Recordings only where lawfully required, with DSL authorisation and documentation. No other individual — including tutors, directors, Commissioners, parents, or carers — has access. All access requests are directed to the DSL, who documents every decision.
5. Storage and Technical Security
Recordings are stored in encrypted, access-controlled cloud storage provided by the approved session platform. They are encrypted at rest, transmitted over HTTPS/TLS, and protected by strong authentication. Access logs are reviewed periodically by the DSL. No Recording may be stored on a personal device or transferred to a personal email account. Any suspected breach is treated as a Personal Data Breach and reported immediately.
6. Retention and Deletion
Recordings are retained for 12 months from the date of recording. Where a safeguarding concern has been raised, the Recording is retained for the duration of any investigation or proceedings and for at least six months after their conclusion. At the end of the retention period, Recordings are permanently and securely deleted by the DSL. A deletion log is maintained for five years.
7. Prohibition on Unauthorised Use
No person may access, copy, share, or use any Recording for a purpose not authorised by this Policy. Tutors are explicitly prohibited from making independent recordings of sessions. Commissioners, students, and parents do not have a right of access under this Policy; such requests are managed by the DSL in accordance with data protection legislation.
8. Recording Failure and Spot Checks
If a session is not captured, the tutor must complete a written session log from memory and notify the DSL immediately. The DSL conducts a monthly spot check of a sample of Recordings to confirm they are capturing correctly and are accessible. Spot checks are for operational assurance only — not for reviewing tutor performance.
9. Transparency and Communication
The existence of Session Recording is communicated to Commissioners in the Service Agreement and confirmed as a condition of referral. Commissioners are responsible for informing parents and carers that sessions are recorded for safeguarding purposes and for obtaining appropriate consent. This Policy is available to commissioning bodies on request.
10. Policy Review
This Policy is reviewed annually by the DSL, and following any change to the session platform, a change of DSL, a data breach involving Recordings, or a change in data protection law or guidance.
The full policy document is available on request. Contact hello@embertutors.co.uk.