Last updated: May 2026
Let’s Thrive is an education programme created and operated by Baasit Siddiqui trading as Siddiqui Education LTD (“we”, “us”, “our”).
We are the data controller for the personal information collected through this website and our programmes. This means we decide how and why your personal data is used.
We are registered with the Information Commissioner’s Office (ICO), the UK’s independent authority for data protection. You can verify our registration at https://ico.org.uk/ESDWebPages/Search.
This Privacy Policy explains:
It applies to all visitors to letsthrive.digital and anyone who engages with our programmes, services, or communications.
We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), and the Privacy and Electronic Communications Regulations 2003 (PECR). Where our services are accessed by or relate to children, we also follow the ICO’s Children’s Code (Age Appropriate Design Code).
When you complete our Discovery Call request form (hosted via Google Forms), we collect:
Why we collect this: To respond to your enquiry, arrange a discovery call, and explore how Let’s Thrive can support your setting.
Legal basis: Legitimate interests (Article 6(1)(f) UK GDPR) — it is in both your interest and ours to respond to a request you have initiated. We will also rely on this basis to follow up on your enquiry within a reasonable period if we have not heard from you.
If you subscribe to our email newsletter or marketing communications, we collect:
Our email marketing is delivered via Flowdesk, a third-party email marketing platform. By subscribing, your data is stored and processed by Flowdesk on our behalf.
Why we collect this: To send you updates about Let’s Thrive programmes, news, resources, and events.
Legal basis: Consent (Article 6(1)(a) UK GDPR). You can withdraw your consent at any time by clicking the unsubscribe link in any email we send, or by emailing us directly. Withdrawing consent does not affect the lawfulness of any processing that took place before you withdrew it.
The Passport to Thrive programme is a free, self-guided digital resource. When a learner chooses to share their progress with the Let’s Thrive team upon completion, they may provide:
Why we collect this: To acknowledge their completion, celebrate their achievement, and (where relevant) to invite them to the next stage of their Let’s Thrive journey.
Legal basis: Consent (Article 6(1)(a) UK GDPR) — submission of progress is voluntary and not required to access the resource.
Our programmes are designed for learners of all ages, including children under the age of 18. Where a learner is a child:
If you are a parent or guardian and have concerns about data relating to your child, please contact us using the details at the top of this policy.
When you visit letsthrive.digital, we (and the third-party services we use) may automatically collect certain technical data, including:
This data is typically collected through cookies and similar technologies. Please see the Cookies section below for more detail.
Why we collect this: To maintain and improve the performance and security of our website, understand how visitors use it, and improve the user experience.
Legal basis: Legitimate interests (Article 6(1)(f) UK GDPR) for technical/security data; consent (Article 6(1)(a)) for analytics cookies where these are used.
Our website uses Google Fonts, a web font service provided by Google LLC. When you visit the site, your browser requests the fonts directly from Google’s servers, which may result in your IP address being transmitted to Google.
Legal basis: Legitimate interests (Article 6(1)(f) UK GDPR) in providing a consistent and well-rendered website experience.
When a school or organisation books a paid Let’s Thrive programme, keynote, CPD session, or in-person event, we will collect and process information necessary to fulfil that contract, which may include:
Legal basis: Performance of a contract (Article 6(1)(b) UK GDPR), and legal obligation (Article 6(1)(c)) for financial record-keeping.
In summary, we use the information we collect to:
We will not use your information for any purpose that is incompatible with the reason it was originally collected, unless we have your consent or are required to do so by law.
We do not sell your personal data. We may share it with the following categories of third parties, only to the extent necessary and under appropriate data processing agreements:
| Third Party | Purpose | Location |
|---|---|---|
| Google LLC | Google Forms (enquiry submissions); Google Fonts (web typography) | USA (data transferred under UK adequacy arrangements) |
| Flowdesk | Email marketing platform | USA (data transferred under standard contractual clauses or equivalent safeguards) |
| Automattic / WordPress.com | Website hosting and content management (WordPress) | USA / Global |
| Elementor | Page builder plugin for our website | Israel / Global |
| [Your web hosting provider] | Website server hosting | [INSERT LOCATION] |
We may also disclose personal data to:
Any third parties we work with are required to handle your data securely and in accordance with UK GDPR.
Some of our third-party service providers are based outside the UK. Where we transfer personal data internationally, we ensure that appropriate safeguards are in place — such as adequacy decisions, standard contractual clauses, or equivalent mechanisms approved under UK data protection law — to protect your information to a standard equivalent to the UK.
Cookies are small text files placed on your device when you visit a website. They help the website function properly and allow us to understand how visitors use it.
These cookies are essential for the website to function. They cannot be switched off. They are usually set in response to actions you take, such as completing a form or setting your privacy preferences. These cookies do not store any personally identifiable information.
| Cookie | Provider | Purpose |
|---|---|---|
| WordPress session cookies | WordPress / Automattic | Maintain site functionality and security |
| Elementor cookies | Elementor | Website layout and display functionality |
If analytics tools are active on this site, they may set cookies to help us understand how visitors interact with our website — for example, which pages are most visited and how long people spend on the site. These cookies collect information in aggregate and do not identify you personally.
We will only use analytics cookies with your consent, where applicable under PECR.
You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies or delete them at any time. Please note that blocking some types of cookies may affect your experience of the site.
For more information about cookies, visit https://www.allaboutcookies.org or the ICO’s guide at https://ico.org.uk/for-the-public/online/cookies.
We keep personal data only for as long as necessary for the purpose it was collected, or as required by law.
| Type of data | Retention period |
|---|---|
| Enquiry / discovery call information (enquiry not progressed) | 12 months from last contact |
| Email marketing subscriber data | Until you unsubscribe, then deleted within 30 days |
| Learner progress submissions (Passport to Thrive) | 12 months from submission |
| Booking and contractual records | 7 years from end of the contract year (for financial/legal compliance) |
| Website technical/log data | Up to 12 months |
After the applicable retention period, data is securely deleted or anonymised.
Under UK GDPR, you have the following rights in relation to your personal data:
1. Right of access — You can request a copy of the personal data we hold about you (a Subject Access Request).
2. Right to rectification — You can ask us to correct inaccurate or incomplete data.
3. Right to erasure — You can ask us to delete your personal data where there is no compelling reason for us to continue processing it (the “right to be forgotten”).
4. Right to restriction of processing — You can ask us to restrict how we use your data in certain circumstances (e.g. while a dispute is resolved).
5. Right to data portability — Where processing is based on consent or contract, and carried out by automated means, you can ask us to provide your data in a structured, commonly used, machine-readable format.
6. Right to object — You can object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will always stop.
7. Rights relating to automated decision-making — You have the right not to be subject to decisions made solely by automated processing that have a significant effect on you. We do not carry out automated decision-making of this kind.
8. Right to withdraw consent — Where processing is based on your consent, you can withdraw it at any time. This does not affect the lawfulness of processing that took place before withdrawal.
To exercise any of these rights, please contact us at:
We will respond within one month of receiving your request. In complex cases we may extend this by a further two months, in which case we will let you know. We will not charge a fee for responding to your request, unless it is manifestly unfounded or excessive.
We may need to verify your identity before we can action your request.
We take reasonable and appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, alteration, or disclosure. These measures include:
No method of electronic transmission or storage is 100% secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately.
If we become aware of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, contact you directly.
Our website may contain links to third-party websites, including our sponsor and partner organisations. This Privacy Policy applies only to letsthrive.digital. We are not responsible for the privacy practices of any third-party sites, and we encourage you to read their own privacy policies.
We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or the way we operate. The “Last updated” date at the top of this page will always show when the most recent change was made.
We encourage you to review this page periodically. Where we make significant changes, we will take reasonable steps to bring them to your attention.
If you are unhappy with how we have handled your personal data, please contact us in the first instance so we can try to resolve the matter:
If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
This policy was prepared in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (PECR), and the ICO’s Children’s Code. It should be reviewed at least annually or whenever there is a material change to how personal data is collected or processed.