ParentPay Group Marketing Privacy Policy

This policy explains to ParentPay customers how ParentPay Group (“we/us”) gathers and uses your personal information.

Privacy Notice

ParentPay (Holdings) Limited (“ParentPay Group”) through its subsidiaries ParentPay Limited (including its division trading as Schoolcomms), Cypad Limited and Just Education Limited is engaged in the design, development, sales, marketing, supply, operation and maintenance of, in the case of ParentPay Limited (“PPL”) and Cypad Limited, payment collection, payment processing, school meal management, parent communication and management information systems and services for the education market, in the case of Nimbl Limited, youth banking, payment and debit card issuing services, and, in the case of Just Education Limited, education recruitment services (together the “Group Products and Services”).

This notice explains how ParentPay Group (“we/us”) gathers and uses personal information for marketing.



ParentPay may use your personal data to help ensure that the marketing material we send reflects your preferences and is of interest. In this Marketing Privacy Notice, we explain how we may use your data for marketing purposes.


This privacy notice covers

  • Why you receive marketing from ParentPay Group
  • What personal information we use
  • How we get the information and why we do have it
  • The legal basis for processing
  • How we use your personal information
  • How long we may keep your information
  • Your rights under data protection legislation
  • Sharing personal information with third parties
  • Changes to our privacy notice
  • Contact details for our Data Protection Officer


Why you receive marketing from ParentPay Group

We send information about our products and services to prospective customers whose contact information we have legitimately obtained through a 3rd party, gathered through publicly accessible records, or collected from you.

We believe we have a legitimate interest in sending you information that we feel is relevant to your job role. We may also send marketing to persons who have expressed an interest in purchasing ParentPay Group products or services.

We also send targeted customer notices which can include competitions and surveys, with the aim of gathering feedback or encouraging more usage of the system.

We offer everyone the option to opt-out from receiving email marketing, but we reserve the right to place promotional content within ParentPay group products e.g. banners within the ParentPay application or website.

If you no longer wish to receive marketing from ParentPay Group, or you would like to update your preferences, you simply need to email:; using the subject line: opt-out. Or, you can follow the opt-out or unsubscribe links which are provided in any communications that we send.


What personal information we use

We currently collect and process the following information:

Your basic identification and organisation contact details:
This may include for example your name, company, telephone number, email address, job title and other information that you or a legitimate third party have provided us.

Information about your customer relationship with ParentPay Group
We collect personal data when you purchase our products and services. This data may include for example information about your previous purchases from ParentPay Group, your billing information and any feedback or customer support requests.

Information on how you use our website and emails
We use cookies and web beacons to collect data on how you use our websites and view our marketing emails. This may include for example information on which ParentPay Group websites you have visited, the length of the visit, and which items you clicked on. To know more about the use of cookies, please see our User Privacy Notice.

Information derived from your use of our services
With the help of the personal data you have given us (or a legitimate 3rd party has provided) and/or the information we have collected on how you use our services, we use analytics to build up a profile based on your interests. These profiles are often based on job function and / or data collected about the institution you work for. In certain situations, we may also combine this information with data provided to us by third parties.

You might choose to provide further information if you engage with our sales team.


How we get the information and why we have it

Some of the personal information we process is provided to us directly by you for one of the following reasons:

  • You have made a direct enquiry to us by telephone
  • You have made a direct enquiry to us by email
  • You have made a direct enquiry to us by submitting a web-based form
  • You have made a direct enquiry to us, in person, at an event

We also receive personal information from the following sources:

  • Purchased data from GDPR compliant data companies such as The Education Company
  • Data made available by the Department for Education via their website


The legal basis for processing

Under Data Protection Law, ParentPay are the Data Controller for this processing activity. The legal basis for processing is based on:

‘processing is necessary for the purposes of legitimate interests pursued by the controller’

We have undertaken a full Data Protection Impact Assessment, and Legitimate Interests Assessment to document this legitimate interest decision, and to ensure that it continues to be fair and reasonably expected.


How we use your information

We use the information to offer new products and services to you which are relevant and appropriate, and only to the extent that would be reasonably expected.

Our communications can be by email, telephone or post.

These activities are strictly limited to business-to-business marketing only. We will not contact you to offer products or services on an individual basis outside of your professional capacity at the relevant organisation, unless we have received your explicit consent to do so.

We may share this information with the subsidiaries of ParentPay (Holdings) Limited.

If we plan to introduce further processes for the use of your information, we will provide information about that purpose prior to such processing.


How long we may keep your information

We keep your contact information for as long as you remain at the organisation/institution that you are employed by, or as long as you want to receive marketing information from us.

If you decide to opt-out or withdraw your consent; we will no longer use your personal data for this purpose. If the data is not required for customer relationship use or adherence to data retention legislation – we will delete the data without delay.


Sharing personal information with third parties

We use a range of trusted service providers to help with various processing activities. All of our suppliers are subject to appropriate safeguards, operating in accordance with our specific instructions and limitations, and in full compliance with Data Protection Law.

These service providers may include:

  • Hosting Providers – to manage the enterprise infrastructure (including 6Degrees, AWS and Azure).
  • CRM Services – such as Microsoft Dynamics (hosted and managed by PreAct), Spirit, Salesforce and Hubspot.
  • Security Providers – to protect our systems from attack (such as Imperva).
  • Telephony Providers – we might record calls for training, quality and security purposes.
  • Support Portal (ZenDesk) – so that you can easily ask for help.
  • Cloud email delivery – working with Sendgrid (USA hosted), Communigator, MailChimp and ClickDimensions.
  • Anonymous Web Analytics – working with Google and Hotjar.

If we need to change or add additional third parties, we will always update our Privacy Notice accordingly. We will only disclose your information to other parties in the following limited circumstances:

  • Where we are legally obliged to do so, e.g. to law enforcement and regulatory authorities
  • Where there is a duty to disclose in the public interest
  • Where disclosure is necessary to protect our interest e.g. to prevent or detect crime and fraud
  • Where you give us permission to do so e.g. by providing consent within the PPL Products and Services or via an online application or consent form


Your rights under Data Protection Law

Right to Access
You have the right of access to your personal information that we process and details about that processing.

Right to Rectification
You have the right to request that information is corrected if it’s inaccurate.

Right to Erasure (Right to be Forgotten)
You have the right to request that your information is removed; depending on the circumstances, we may or may not be obliged to action this request.

Right to Object
You have the right to object to the processing of your information; depending on the circumstances, we may or may not be obliged to action this request.

Right to Restriction of Processing
You have the right to request that we restrict the extent of our processing activities; depending on the circumstances, we may or may not be obliged to action this request.

Right to Data Portability
You have the right to receive the personal data which you have provided to us in a structured, commonly used and machine readable format suitable for transferring to another controller.

Right to lodge a complaint with a supervisory authority
If you think we have infringed your privacy rights, you can lodge a complaint with the relevant supervisory authority. You can lodge your complaint in particular in the country where you live, your place of work or place where you believe we infringed your right(s).

You can exercise your rights by sending an e-mail to Please state clearly in the subject that your request concerns a privacy matter, and provide a clear description of your requirements.

Note: We may need to request additional information to verify your identity before we action your request.


Changes to our Privacy Notice

This policy will be reviewed regularly and updated versions will be posted on our website.


Contact details for our Data Protection Officer

We have appointed a Data Protection Officer (DPO); their contact details are as follows:


Data Protection Officer
Coventry Building Society Arena
Phoenix Way

Important Notice:
© ParentPay (Holdings) Limited 2023. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means or stored in any retrieval system of any nature without prior written permission except as expressly permitted by any written contract signed by ParentPay Limited with the recipient.