Privacy Policy
eMock LTD
Privacy Policy
1. Background
This notice is issued to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We respect your privacy and are committed to protecting your personal information. This policy explains how personal information is collected, used and looked after. Although we predominantly work with parents and schools, we inevitably collect personal information about individuals (e.g., names, email addresses and phone numbers). This document sets out how that information will be used and explains your rights.
2. Our commitment to you
Our commitment is to:
- Keep the personal information you provide safe and private.
- Use personal information only for the purposes connected with providing and improving our services, running our business, account management, and meeting legal/regulatory obligations, as set out in this Privacy Policy.
- Make it easy for you to contact us with questions or concerns about your personal information.
3. Who we are and how we operate (Controller details)
eMock LTD (“eMock”, “we”, “us”) is a UK-based software company providing an online exam preparation platform for primary and secondary school entrance examinations. For data protection purposes, eMock LTD is the “controller” of your personal data.
- Registered office: EMOCK LTD, 20-22 Wenlock Road, London, England, N1 7GU
- Company number: 10088529
- Privacy contact: Data Protection Lead — info@emock.co.uk
To access and use the eMock platform, parents register a parent account. Pupil logins are created and managed by the parent or guardian. Parents should read our Terms of Use, Privacy Policy, Cookie Policy and Disclaimer before registering.
4. How we collect information
- Information you provide directly (e.g., when creating an account, making a purchase, or contacting support).
- Information generated by your use of our services (usage, logs, device and connection data).
- Information from payment providers (e.g., Stripe or PayPal) confirming transactions.
- Cookies and similar technologies (see Section 8 on Cookies).
5. What personal information we collect
Parent account information
- Parent full name
- Parent email address
- Parent mobile number
- Pupil full name
Customer support information
Details you send to us about issues, feedback or queries (including contact details and message content) so we can assist you.
Usage and log information
Service-related, diagnostic and performance information (e.g., how you use our platform, log files, diagnostic/crash/performance reports).
Transactional information
Payment confirmations and receipts from payment providers or app stores.
Device and connection information
Device model, operating system, browser type, IP address and device identifiers.
Payment processing
All payments are handled securely by third-party processors (e.g., PayPal or Stripe). Only parents can purchase subscriptions, credit packs or classroom mock exams via the parent portal. Transactions take place on the provider’s secure checkout pages. We do not store card details on our platform.
5A. Children’s privacy
We provide our services to parents/guardians, who create and manage accounts and then add pupil profiles. Pupils do not create their own accounts. Pupil users may be any age from 5+ and will receive a username and password to access learning features.
We process children’s personal data to provide the service to the parent/guardian and the pupil. Our main lawful bases are Contract (with the parent/guardian) and Legitimate interests (to run and improve the service and support users). We do not rely on a child’s consent for core service use. Where a feature requires consent (e.g., non-essential cookies/analytics), we seek consent from the parent/guardian.
- Age-appropriate design: We follow the ICO’s Age-Appropriate Design Code (Children’s Code), including high privacy by default and child-friendly explanations where pupils interact with the service.
- Parental control: Parents/guardians create, view and manage pupil profiles, and can request correction or deletion of a pupil profile by contacting us.
- Marketing: We do not send direct marketing to pupils. Marketing messages are sent to parents/guardians only, and include an unsubscribe option.
- Profiling: Any AI-assisted feedback or scoring is for learning support only and is reviewable; we do not make decisions based solely on automated processing that have legal or similarly significant effects.
- Cookies: Non-essential cookies (e.g., analytics) are used only with consent and can be managed via our cookie banner. See our Cookie Policy.
6. Who we share personal information with (recipients)
We do not sell your personal information. We may share it with trusted recipients for the purposes set out in this policy:
- Hosting and cloud infrastructure providers
- Payment processors (e.g., Stripe, PayPal)
- Email delivery, communications and customer support tools
- Analytics providers (where you have consented — see Cookies)
- Professional advisers (accountants, auditors) and regulators where required by law
7. Why we use your information and our lawful bases
We must have a lawful basis to process personal data. The table below explains the key purposes and lawful bases we rely on:
| Purpose | Lawful basis | Typical data | Retention (summary) |
|---|---|---|---|
| Create and manage parent & pupil accounts | Contract (Art.6(1)(b)) | Names, contact details, login data | Life of account + up to 7 years (see Section 10) |
| Provide the platform and support | Legitimate interests (Art.6(1)(f)) — to run and improve our services and assist users | Usage, logs, support messages | Operational need (typically up to 24 months for support) |
| Process payments and keep records | Contract (Art.6(1)(b)); Legal obligation (Art.6(1)(c)) for tax/records | Transaction details, receipts | Up to 7 years after financial year end |
| Service communications (e.g., exam results, changes) | Legitimate interests (Art.6(1)(f)) — to keep users informed about their service | Contact details | Life of account |
| Product updates and offers to existing customers | Legitimate interests (Art.6(1)(f)) + PECR soft opt-in; you can opt-out anytime | Contact details, purchase history | Until you opt-out or account closes |
| Analytics via non-essential cookies | Consent (Art.6(1)(a)) via our cookie banner | Usage data, device/interaction data | As per cookie lifetimes (see Cookie Policy) |
Marketing emails: We include an unsubscribe link in every marketing email. You can also email info@emock.co.uk to opt out at any time.
8. Access via our websites and Cookies (PECR)
- We administer our websites, perform troubleshooting, testing, data analysis and research, and present content effectively for your device.
- Where you choose, you may participate in interactive features.
- We measure and understand the effectiveness of our service communications and make relevant suggestions to you.
We use essential cookies to run the site. Non-essential cookies (e.g., analytics) are used only with your consent via our cookie banner. You can manage or withdraw consent at any time through the banner controls. See our separate Cookie Policy for details. For general information about cookies, visit aboutcookies.org.
9. If you choose not to provide personal information
We need certain information to provide our services. If you do not provide required information, we may be unable to create or maintain your account or deliver parts of the service.
10. How long we keep personal information
- For as long as necessary to fulfil the purposes set out in this policy.
- Enquiries that do not lead to a contract: normally up to 1 year after the last communication.
- Customers: for the life of the account/service and up to 7 years thereafter for tax and record-keeping.
- In some cases you can request erasure (see Your rights).
11. Your rights
- Access — obtain a copy of your personal information (usually free, within one month).
- Rectification — ask us to correct or complete inaccurate or incomplete data.
- Erasure — ask us to delete your data where there is no good reason for us to keep it.
- Restriction — request we suspend processing in certain circumstances.
- Portability — receive certain data in a structured, commonly used, machine-readable format and have it transmitted to another controller where technically feasible.
- Object — object to processing based on our legitimate interests and to direct marketing at any time (we will stop).
- Withdraw consent — where we rely on consent (e.g., analytics cookies), you can withdraw it at any time; this will not affect processing before withdrawal.
To exercise any of your rights, contact info@emock.co.uk. We may request additional information to verify your identity before acting on a request.
We do not make decisions based solely on automated processing that have legal or similarly significant effects. Where we use AI-assisted marking or feedback, results are for learning support and are reviewable.
12. Keeping personal information safe
We use appropriate technical and organisational measures to prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Access is limited to employees and contractors who have a business need to know and who process personal information under our instructions. We maintain procedures to respond to suspected data incidents and will notify you and/or the ICO of significant breaches where required.
13. Complaints
We hope you won’t need to complain. If you do, please contact the Data Protection Lead at info@emock.co.uk in the first instance. You can also complain to the Information Commissioner’s Office (ICO) at any time:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF — ico.org.uk — Tel: 0303 123 1113
14. International transfers
We are based in the United Kingdom. Some processors may be located outside the UK. Where personal data is transferred internationally, we use UK-approved safeguards such as the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses. You can request a copy of the relevant safeguards for your data.
15. How to contact us
- Email: info@emock.co.uk
- Registered office: EMOCK LTD, 20-22 Wenlock Road, London, England, N1 7GU
- Company number: 10088529
16. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version on our website and, if changes are material, we will notify you via your account or by email. Please review this page periodically.
Effective date: 08 May 2019
Last updated: 26 August 2025