Skip to main content

Privacy Policy

1. Definitions used in this Privacy Statement

  • Effective Date – The date from which these Terms and Conditions of Use are effective
  • Mime Consulting Ltd (“we”, “our”, “us”) – The company (registered number 06306298)
  • responsible for processing sensitive data
  • Sensitive Data – Data on individual young people and adults
  • Services – Mime analytical services
  • Third Party – Another organisation which is legally separate to Mime Consulting Ltd
  • Website – Any Mime website used to analyse your data (for example, www.eyfstracker.com and datatransfer.mime.education)

2. Scope of this Privacy Statement

This privacy statement outlines the policies and practices that Mime employ in the use of the data that we process.

Note that our individual data collection and analysis websites (e.g. EYFS Tracker) have their own specific privacy policies.

3. Privacy

Many of the sections below relate to individual rights around our use of personal data. However, in some cases, we may work with unidentifiable personal data (for example when conducting approved research using anonymised data from the National Pupil Database). Therefore, these points relate only to personal information that we are the data controller for and that can be identified as relating to a specific person.

Additionally, we may need to retain and process some of your personal data to fulfil our legal obligations, or where we have a legitimate reason for doing so

A. Our principles of data protection and privacy

Privacy and the protection of personal data is of the utmost importance to us. We:

  • Adhere to all relevant data projection legislation include the General Data Protection Regulation (GDPR)
  • Are Cyber Essentials accredited
  • Only use data for the purposes we are permitted to use it for
  • Only store and process the data required to provide our services and fulfil our statutory duties
  • Use best practice security principles (see Data protection and security below)
  • Have data processing agreements with any organisation sharing sensitive data with us  which outlines how we will use that data and the security protocols we use

We will never:

  • Share information about individuals to marketing organisations without their explicit
  • consent
  • Make information about individuals public
  • Send spam emails

B. The personal data we store and how we use this data

We process the following personal data:

  • Data received from schools, multi-academy trusts, local authorities and other organisations to enable us to provide analysis to those organisations to help them in school improvement functions or otherwise to improve outcomes for young people. This may include information on unique pupil numbers, gender, special education needs, ethnicity, attendance and other educational outcomes
  • Information about the users of our website (see Use of cookies below) and readers of our communications to understand how our website and other communication tools are being used
  • Contact information for our clients and other people interested in our services in order to share analysis and communicate information about our services (e.g. through newsletters).
  • This contact information is held on a third party email application in order to manage our email correspondence and handle requests to unsubscribe
  • Information on our employees and sub-contractors in order to allow us to fulfil our legal and employment obligations. This information is shared with our payroll provider and accountants.

The lawful bases under GDPR we have for processing this information include explicit consent for employment and marketing data, legal obligations for employment data, and public task and public interest based in law for data processed to enable our clients to fulfil their statutory duties to improve outcomes or secure appropriate provision for young people. These legal obligations are covered by a range of legislation including Sections 13 to 15B of the Education Act 1996 and statutory guidance documents including “Participation of young people in education, employment or training”.

C. Requesting to be informed of what we do with the information we hold about you

If you wish to receive details on how we collect, process, store and analyse any personal data we hold about you, please contact us at privacy@mime.org.uk.

D. Requesting access to, or rectification of, the information we hold about you

If you wish to access or amend any personal data we hold about you, please contact us at privacy@mime.org.uk.

E. Requesting that we erase the information we hold about you

If you wish for us to remove the information we hold about you, please email us at privacy@mime.org.uk. We will delete your data within one month of receiving your request, subject to the conditions discussed above.

You may also request that we no longer send you marketing information by selecting the “unsubscribe” link at the bottom of our email newsletters or by emailing us at privacy@mime.org.uk.

F. Restricting or objecting to the processing of information we hold about you

If you wish to restrict or object to our processing of any personal data we hold about you, please contact us at privacy@mime.org.uk.

G. Requesting that we transfer information we hold about you

If you wish to request that we transfer any personal data we hold about you to you or another data controller, please contact us at privacy@mime.org.uk explaining the legal basis for the transfer of data.

H. Requesting not to be subject to a decision based on automated processing

If you wish to request not to be the subject of decision making based on automated processing, including profiling, please contact us at privacy@mime.org.uk. However, note that we do not currently carry out any automated decision making based on the personal data we are the data controller for.

I. Use of cookies

Cookies are small text files that are placed on your computer by websites that you visit. These text files can be read by these websites and help to identify you when you return to a website.

Where you use one of our websites to access our services, the website uses cookies to improve the user experience and to provide essential functionality.

To find out how to see what cookies have been set and how to reject and delete cookies, please visit www.aboutcookies.org. To opt-out of analysis by Google Analytics on the websites used in delivering the Services, please visit tools.google.com/dlpage/gaoptout.

4. Data security

Due to the importance and sensitivity of the data we hold, we take data security very seriously. As such:

  • Data is encrypted
  • All our employees that have access to sensitive data are DBS checked
  • Access to sensitive information is protected by username and password. All user passwords are encrypted
  • Mime Consulting Limited adheres to a strict information security policy (available on request) which all our employees and subcontractors sign
  • Mime is registered with the Information Commissioners Office (reference: Z1059351)
  • Data is only used for the purposes specifically agreed the person or organisation who supplied it to us
  • Your data is only retained for as long as is required for us to provide services to you, or where we are required to by law. The specific retention period is covered by the individual system or service data sharing agreement.

5. Changes and updates to this Privacy Statement

We may occasionally update this Privacy Policy and when we do so, we will revise the dates shown.

Last reviewed: 17/03/2025

By turning data into crystal clear insights, we make social impact easy.

Links

© 2026 Mime Consulting. All rights reserved.

Privacy & Cookies

Companies House Registration: 6306298

VAT Registration: 920256844

ICO Registration: Z1059351