Privacy Policy.

Pearltech UK Ltd, registered in England and Wales, company number 09833975. Registered office: 1st Floor Wilson House, Lorne Park Road, Bournemouth, BH1 1JN.

For all data protection enquiries, including subject access requests, contact our Data Protection Lead at sales@epearl.co.uk.

Pearl is the data controller for personal data collected directly through this website (e.g. demo request forms, newsletter signups, sales enquiries).

Pearl is the data processor for personal data uploaded by FE colleges, ITPs and other educational customers into the Pearl platform (learner records, submissions, assessor activity). For platform data, the customer is the controller and Pearl processes on their behalf under a Data Processing Agreement.

From website visitors

• Identity data, name, job title.
• Contact data, work email, organisation name, phone number where you choose to give it.
• Technical data, IP address, browser type, device type, pages viewed, referral source.
• Marketing data, your communication preferences.

From platform users (where Pearl is processor)

• Learner identity, contact, demographic and eligibility data as configured by the customer.
• Assessment submissions, grades, feedback, IQA and EQA records.
• System activity, login times, page views, click events for safeguarding and audit purposes.

We do not knowingly collect data from children under 13. The platform is configured for use with learners aged 16 and above unless a customer explicitly enables a younger cohort under their controller responsibility.

We share data only where necessary:

• Sub-processors, our hosting and infrastructure providers (UK and EU data centres only), email delivery, analytics. A full sub-processor list is available on request.
• Customers and their auditors, where Pearl processes data on a customer's behalf, the customer controls who sees it.
• Regulators, Ofsted, Ofqual, the ESFA and the ICO where there is a legal requirement.
• Professional advisers, lawyers, accountants, insurers, under confidentiality.

We do not sell personal data. We do not transfer personal data outside the UK or EEA without appropriate safeguards (UK IDTA, EU Standard Contractual Clauses, or adequacy decisions).

• Sales enquiry data, retained for 24 months after last contact, then deleted.
• Customer platform data, retained for the duration of the contract plus statutory retention periods (typically 6 years for ESFA-funded learner records).
• Marketing data, retained until you withdraw consent.
• Backups, rolling 35-day cycle then permanently deleted.

Under the UK GDPR you have the right to:

• Access the personal data we hold about you.
• Have inaccurate data corrected.
• Request erasure (the "right to be forgotten") where applicable.
• Restrict or object to processing.
• Data portability where applicable.
• Withdraw consent at any time where consent is the lawful basis.
• Lodge a complaint with the Information Commissioner's Office at ico.org.uk.

To exercise any of these rights, email sales@epearl.co.uk. We will respond within one month.

See our Cookie Policy for full details of cookies used on this site.

We hold Cyber Essentials certification. The Pearl platform is accessible only over HTTPS, with role-based access controls, audit logging on all assessor and admin actions, and encryption at rest and in transit. Sub-processor security is reviewed annually.

We may update this policy from time to time. Material changes will be notified via email to active customers and posted on this page with an updated "Last updated" date.