Data protection
GDPR Policy
Last updated: June 2026
This page sets out how pprep approaches the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It sits alongside our Privacy Policy, which describes in plain English what we hold and why.
Who is responsible
Cliq Health Technologies Ltd, a UK company, is responsible for personal data collected through pprep. You can reach us at hello@pprep.io, or by post at Oakpark Business Centre, Office Suite G1c, St Neots, Cambs, PE19 6WA.
The principles we follow
We aim to handle personal data in line with the core principles of the UK GDPR:
- Use it lawfully, fairly and in a way you'd expect.
- Collect only what we need for a clear purpose.
- Keep it accurate and up to date.
- Keep it no longer than we need it.
- Keep it secure.
- Be accountable for how we look after it.
Our basis for using your data
We only process personal data where we have a proper basis to do so under data protection law — principally to provide the pprep service that you, as a parent or guardian, have asked us to provide, and with your consent where that is required. If you'd like to understand the basis for a particular use, please contact us.
Your rights
Under the UK GDPR you have the right to:
- Be informed about how your data is used — that's what these pages are for.
- Access a copy of the personal data we hold about you.
- Rectification — ask us to correct anything inaccurate.
- Erasure — ask us to delete your data.
- Restrict how we use your data.
- Portability — ask for your data in a portable form.
- Object to certain uses of your data.
pprep does not make automated decisions that produce legal or similarly significant effects about you or your child. To exercise any of these rights, email hello@pprep.io. We'll respond within the time the law requires.
Children's data
pprep is set up and managed by a parent or guardian, with no public profiles, messaging or social features, and we keep the data held about a child to the minimum needed for the learning experience. Parents and guardians can review, correct or delete their child's information by contacting us.
International transfers
Some of the providers we rely on — for example, for hosting or web fonts — may process limited information outside the UK. Where that happens, such transfers should be covered by appropriate safeguards recognised under UK data protection law. If you'd like more detail, please get in touch.
Keeping data secure
We use reputable providers, encryption of data in transit, and access controls to help protect personal data. No service can guarantee perfect security, but we design pprep to hold as little as possible and to keep what we do hold safe.
If something goes wrong
In the unlikely event of a data breach that's likely to risk your rights, we take it seriously and will follow our legal obligations, including notifying the ICO and affected people where required.
Complaints
If you have a concern, please contact us first at hello@pprep.io — we'd like the chance to help. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
This is a plain-English summary of our approach to data protection. If you need more detail on any specific point, please get in touch.