Privacy Policy

Careers Navigator – Privacy Policy (UK)

Last updated: 16th April 2026

NetWORK NotWORK CIC (Company Number 15419367), trading as Careers Navigator

1. Who we are

This Privacy Policy is issued by NetWORK NotWORK CIC (Company Number 15419367), trading as Careers Navigator ('we', 'us', 'our'). Careers Navigator is not a separate legal entity - it is a trading name of NetWORK NotWORK CIC.
We are registered in England and Wales. Our registered address is: NotWORK Business Hub, 4b Evolution, Wynyard Avenue, Wynyard, TS22 5TB.
You can contact us about this policy at: privacy@careersnavigator.co.uk or by calling 07775 914711.

2. Who this policy covers

This policy explains how we collect, use, store, and share your personal data when you:

    • visit careersnavigator.co.uk (our Website)
    • take part in any of our programmes (including Ignite XP! and Ascend XP!),
    • purchase services from us, or
    • contact us or make an enquiry

It applies to learners, parents and guardians, schools, training providers, local authorities, and any other person or organisation that interacts with us.
We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025, the major provisions of which came into force on 5 February 2026.

3. Who is responsible for your data

NetWORK NotWORK CIC is the data controller for personal data collected through our Website and in our direct relationships with learners, parents, guardians, and organisations.
Where a school, training provider, or local authority purchases services for learners, that organisation is typically the data controller for learner data and we act as a data processor - processing data on their instructions to deliver the services and provide agreed reporting. We will confirm roles clearly in the relevant contract and data processing agreement.

4. What data we collect

A) Information you give us

When you contact us, make an enquiry, or purchase services, we may collect your name, email address, phone number, organisation name and role, and details of your enquiry or request.

B) Programme and learning data

When a learner takes part in our programmes (via DISCO LMS), we collect account details (such as username and email address), progress and activity data (including XP points and badges earned), participation and engagement records, and any feedback, reflections, or evidence submitted during activities.

C) Payment data

Payments from parents and guardians are processed via Stripe. Invoicing for organisations is managed via Sage. We do not store full card details. Payment providers handle payment data under their own privacy policies.

D) Website data

When you use our Website we automatically collect your IP address, browser and device type, pages visited and time spent, and referral source where available. We use Google Analytics (GA4) for this purpose. Please see our Cookie Policy for details.

5. Children and young people

Our programmes are designed for learners aged 8 to 24. We take the privacy and safety of all learners seriously, and especially those under 18.

Learners under 13

Children under 13 cannot create an independent account. A parent or guardian must hold the account on their behalf. We require a parent or guardian to provide consent for data processing at registration for this age group, where consent is the applicable lawful basis. The parent or guardian is the account holder and the child accesses the programme through their account.

Learners aged 13 to 17

Learners aged 13 to 17 are legally children under UK law. The lawful basis for processing their data depends on the specific activity. For delivering the programme, the basis is typically contract or legitimate interests rather than consent. Where consent is the appropriate basis for a specific optional feature (for example, appearing on a leaderboard or submitting a photo), a learner aged 13 or over may provide their own consent, provided it is informed, specific, and freely given.

How we protect children's data

We only collect data we need to deliver our services. All content submitted by learners is reviewed by a trained mentor or assessor before it is visible to others. If any submitted content gives rise to a safeguarding concern, it is escalated to our Designated Safeguarding Lead. We do not use children's data for advertising or profiling. We do not market directly to anyone under 18.

7. How we use personal data

We use personal data to:

respond to enquiries and requests,
provide information about our programmes and services,
deliver learning experiences and track progress,
provide reporting to schools/providers where agreed,
manage bookings, orders, invoices, and payments,
improve our Website and services,
send service messages (for example, onboarding and important updates),
send marketing communications where you have opted in, and
support safeguarding and safe delivery.

8. Legal bases for processing (UK GDPR)

We rely on the following legal bases:

Consent (for example, where you opt in to marketing)
Contract (where we need data to deliver paid services)
Legitimate interests (for example, improving services, preventing misuse, and service administration)
Legal obligation (for example, where required by law)

Where we process children’s data, we take additional care to ensure processing is fair and transparent.

9. Sharing your information

We may share personal data with:

Service providers who help us run the Website and services (for example, IONOS hosting, Google Analytics, Go High Level, Stripe, and Sage)
Schools, training providers, or organisations you are linked to (for example, for reporting and progress updates)
Professional advisers (for example, legal or accounting) where needed
Regulators, law enforcement, or safeguarding authorities where required
We do not sell personal data.

10. International transfers

Some of our service providers may store or process data outside the UK.

Where personal data is transferred outside the UK, we will take steps required by UK GDPR to protect it (for example, using appropriate safeguards such as the UK International Data Transfer Agreement or other approved mechanisms).

11. Data retention

We keep personal data only as long as needed for the purposes set out in this policy, including:

delivering services,
tracking learner progress and outcomes, and
meeting legal, tax, and safeguarding requirements.

12. Data security

We use appropriate technical and organisational measures to protect personal data, including:

access controls,
secure systems, and
regular review of data handling.
No system is completely secure, but we take reasonable steps to protect your information.

13. Your rights

Under UK data protection law, you have rights including:

    • access to your data
    • correction
    • deletion
    • restriction
    • objection
    • data portability (in some cases).

You can also withdraw consent at any time where we rely on consent.

To exercise your rights, contact: info@careersnavigator.co.uk

14. Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

15. Third-party links

The Website may include links to third-party websites. We are not responsible for their privacy practices.

16. Complaints

If you have concerns, please contact us first so we can try to resolve them.

You also have the right to complain to the UK Information Commissioner’s Office (ICO): https://www.ico.org.uk

17. Changes to this policy

We may update this Privacy Policy from time to time. We will post changes on this page and update the effective date.

End of Privacy Policy

×
Cookies
We serve cookies. If you think that's OK, just click "Accept all". You can also choose what kind of cookies you want by clicking "Settings". Read our cookie policy
Settings Refuse all Accept all
Cookies
Choose what kind of cookies to accept. Your choice will be saved for one year. Read our cookie policy
Save Refuse all Accept all