Logo DigiBete School and Community Training Platform
Log In

Privacy Policy

Privacy Policy 

Last updated: March 2026

DigiBete CIC is committed to protecting your privacy and handling your personal information fairly, transparently, and securely. This Privacy Policy explains what information we collect when you use the Diabetes in Schools website (www.diabetesinschools.org), how we use it, and the rights you have under UK data protection law.

1. Who we are

DigiBete CIC Platform, 3rd Floor Tech Hub New Station Street Leeds, West Yorkshire LS1 4JB Company number: 10371773

DigiBete CIC is the data controller for the personal information collected through this website.

The Data Protection Officer (DPO) oversees data protection compliance and act as a contact point for users and the Information Commissioner’s Office (ICO). This supports the governance and accountability expected for secure digital services. 

DPO contact details:
· Role/Name: Data Protection Officer (DPO) / John Hughes
· Email: john@digibete.org
· Address: Platform, 3rd Floor Tech Hub, New Station Street, Leeds, LS1 4JB 

2. What information we collect

a) Information you provide directly

When you create an account or use the training platform, we collect:

  • Name
  • Email address
  • Login credentials (email and password)
  • Training progress and completion information
  • Any messages or enquiries you send to us

We do not collect health information or other special category data through this website.

b) Analytics and usage information

We collect aggregated information about how the website is used, such as:

  • Pages visited
  • Time spent on pages
  • Navigation patterns
  • Browser and device information
  • IP address (which may be processed in an anonymised form where possible)

c) Log file information

Our servers automatically collect:

  • IP address
  • Browser type
  • Referring and exit pages
  • Date/time of access
  • Device identifiers

This is necessary for security and technical operation.

d) Cookies and similar technologies

We use cookies to:

  • Make the site work reliably
  • Remember your preferences
  • Support training module functionality
  • Understand how visitors use the site

We do not use cookies for personalised advertising or remarketing.

3. Cookies and analytics (including Google Analytics 4)

Our website uses cookies (small files stored on your device) and similar technologies. Cookies help us:

  • make the website work and keep it secure (strictly necessary cookies)
  • understand how the website is used so we can improve it (analytics cookies)

We use Osano as our consent management platform. Osano sets essential cookies to remember your cookie choices and ensure that only the cookies you have agreed to are used. These cookies are necessary for the website to honour your preferences.

The law allows us to store strictly necessary cookies without asking for permission. For all other cookies — including analytics — we will ask for your consent first.

You can change your cookie choices at any time using the “Cookie settings” link on the website.

For more information about how we use cookies, please see our Cookie Policy.

Google Analytics 4 (GA4) – consent‑based analytics only

We use Google Analytics 4 (GA4) to understand how visitors use our website so we can improve content, performance, and user experience. GA4 helps us measure things like:

  • which pages are visited
  • how long pages are viewed
  • how visitors navigate through the website

GA4 only runs if you give us permission through our cookie banner/settings. If you do not consent, GA4 will not run and no analytics cookies (or similar technologies) will be set.

We use GA4 only for website measurement. We do not:

  • use Google Analytics advertising features
  • enable Google Signals
  • create remarketing or advertising audiences
  • use GA4 for targeted advertising

Google processes analytics data on our behalf as a data processor, following our instructions and applicable data protection law.

4. How we use your information

We use your information to:

  • Create and manage your user account
  • Provide access to training modules
  • Track your progress and issue certificates
  • Improve the website and user experience
  • Respond to enquiries
  • Maintain the security and integrity of the platform
  • Understand usage trends and performance (with consent for analytics)

We do not use your information for:

  • Personalised advertising
  • Behavioural profiling
  • Automated decision‑making with legal or significant effects

5. Sharing your information

We may share your information with:

  • Service providers who help us operate the website (e.g., hosting, analytics, email services)
  • Professional advisers
  • Regulators if required by law

We do not sell your personal information. We do not share identifiable personal data with third parties for advertising.

Any statistical information shared externally is anonymised.

6. Our lawful bases for processing (UK GDPR)

A. User accounts and training delivery

Article 6(1)(b) – Contract: To create and manage user accounts, provide access to training modules, track progress, and issue certificates. This processing is necessary to deliver the service you have registered for.

Article 6(1)(f) – Legitimate interests: To maintain the platform, ensure training continuity, and support returning users.

B. Responding to enquiries and communications

Article 6(1)(f) – Legitimate interests: To respond to enquiries, manage communications, and operate our organisation effectively.

Article 6(1)(b) – Contract (where applicable): Where your enquiry relates to taking steps at your request prior to entering into a contract.

C. Website security and technical operation

Article 6(1)(f) – Legitimate interests: To protect the website, systems, and users from security threats or misuse.

D. Analytics and website improvement

Article 6(1)(a) – Consent: Where you consent to analytics cookies and Google Analytics 4. You can withdraw your consent at any time using the website’s cookie settings.

E. Legal and regulatory obligations

Article 6(1)(c) – Legal obligation: Where we are required to comply with applicable laws or regulatory requirements.

7. International transfers

Some of our service providers may store or process data outside the UK. Where this happens, we ensure appropriate safeguards are in place, such as:

  • UK adequacy regulations
  • Standard Contractual Clauses (SCCs)
  • Additional technical and organisational measures

8. How long we keep your information

  • Account & training data: up to 36 months after your last activity. We retain this information so returning users can access their training history, re‑download certificates, and continue training without needing to create a new account. After this period, the data is securely deleted or anonymised.
  • Enquiries: up to 12 months
  • Analytics data: according to cookie retention settings
  • Logs: 30–90 days depending on hosting provider

9. Security

We use appropriate technical and organisational measures to protect your information, including:

  • Encryption where appropriate
  • Access controls
  • Secure hosting
  • Regular monitoring and testing

If we become aware of a data breach that affects your personal information, we will notify you and the ICO where legally required.

10. Children’s information

This website is designed for adults working with children, such as teachers, school staff, and parents. It is not intended for children to create accounts or submit personal information. 

If we become aware that a child has provided personal information without appropriate consent, we will delete it.

11. Your rights

Under UK GDPR, you have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Request deletion
  • Restrict or object to processing
  • Withdraw consent
  • Request a copy of your data in a portable format
  • You have a right to complain to the Information Commissioner’s Office (ICO) www.ico.org.uk

Contact: hello@digibete.org

12. Third‑party websites

Our website may contain links to third‑party sites. Their privacy practices are not covered by this policy.

13. Changes to this policy

We may update this policy from time to time. Any changes will be posted on this page with an updated “Last updated” date.

 

 

Brought to you by:

Digibete National Children & Young People's Diabetes Network JDRF Diabetes UK