Data protection

GDPR Compliance

Last updated: 1 July 2026

Data controller: AskColin Ltd  ·  Contact: neil@askcolin.uk  ·  ICO: ico.org.uk

AskColin is committed to handling all personal data in line with UK GDPR and the Data Protection Act 2018. This page explains our approach — both as a business and as a service that supports schools with their own AI and data governance.

1. Our role as data controller

AskColin acts as a data controller for personal data collected through this website and in the course of our business. This includes contact form submissions, email correspondence and any personal data provided in the context of a service enquiry or agreement.

Where we work with schools, the school remains the data controller for all pupil and staff data. AskColin does not process, store or have access to any pupil or staff personal data as part of its service delivery. We do not connect to your MIS system, your safeguarding platform, your assessment data or any internal school system. We never ask for access to these, and our service does not require it.

Our service is delivered entirely through training, coaching and document production. The documents we produce — such as your AI policy — are created from scratch based on your school's context as described to us. No school data, pupil data or staff records are involved in that process.

2. The fundamental rule we follow with schools

The most important data protection principle in AskColin's service is this:

No pupil personal data — names, dates of birth, SEND information, medical details, attendance or welfare records — ever enters any AI tool. This is an absolute rule with no exceptions.

This rule is embedded in every AI policy document we produce for schools, in every training session we deliver, and in the Acceptable Use Agreements signed by school staff. It is non-negotiable.

3. AI tools — what we use and what we don't do with your data

A core part of what AskColin does is helping schools use AI tools safely — and that starts with us practising what we preach. When we use AI tools in the course of our work, we follow the same rules we teach schools to follow.

We do not enter any school-specific, pupil or staff data into any AI tool, ever. When we use AI to produce draft documents for your school — such as your AI policy or parent letters — we work from general frameworks and publicly available information. We do not input your pupils' names, your staff data, your assessment results or any personal information about your school community.

The tools we approve and recommend for schools:

We do not recommend or approve the use of personal consumer AI accounts (such as a personal ChatGPT account) for school-related work.

4. Data we collect about you

Through this website we collect:

We do not collect sensitive personal data through this website. We do not use advertising trackers or sell data to third parties.

5. Your rights under UK GDPR

You have the right to:

To exercise any right, contact neil@askcolin.uk. We respond within 30 days.

6. Reporting a concern

If you have a concern about how AskColin handles personal data, please contact us in the first instance at neil@askcolin.uk. If you are not satisfied with our response, you have the right to complain to the ICO:

7. For schools: our AI compliance document set

Every school we work with receives a full AI compliance document set — including an AI policy aligned to UK GDPR, staff Acceptable Use Agreements, and a parent communication explaining the school's data protection approach. These documents are designed to meet the requirements of UK GDPR and DfE guidance on AI in education.

See our packages page for what is included, or get in touch to discuss your school's specific needs.

8. Full privacy policy

For our complete privacy policy including data retention periods and third-party processors, see our Privacy Policy.