1. Who we are
1.1. We are LexiaUK Limited of Level 8 Trinity Gate, 32 West Street, Gateshead, England, NE8 1AD (“we”, “us” or “our”). We resell licenced access to online SaaS-based educational language-learning, literacy and assessment software subscriptions and associated hosting and support services (the “Software“) on behalf of Lexia Learning Systems LLC, (a Cambium Learning Group company, registered and based in the USA) (“Lexia US“), as well as our own support services including training in connection with the implementation and use of the Software (“Services“).
2. About this policy
2.1. Your personal privacy is of great importance to us. We will only use your personal information in accordance with this privacy policy (“Privacy Policy“).
2.2. Please read this Privacy Policy carefully to understand our practices regarding your personal data and how we will treat it. By visiting our website, registering for or purchasing the Software and/or accessing our Services, or otherwise engaging with us, you are accepting the terms outlined in this Privacy Policy and agreeing to the practices described in this Privacy Policy.
2.3. When you choose to purchase the Software from us, the information you submit will largely be processed by Lexia US who is the developer and host of the Software purchased through us. However, to provide you with a complete service, we will also need to process certain information that relates to you. This Privacy Policy provides information about how we use your personal data. However, you should also review the Lexia US’ application privacy policy for more information about how Lexia US processes your personal data within the Software: https://www.lexialearning.com/privacy
2.4. If you have any questions regarding this Privacy Policy you can contact our Data Protection Representative at:
2.4.1. Post: LexiaUK, Level 8 Trinity Gate, 32 West Street, Gateshead, Tyne & Wear, NE8 1AD; or
2.4.2. Email: dataprotection@lexiauk.co.uk.
2.5. We reserve the right to amend this policy at any time. Any amended versions of this Privacy Policy will be published on our website at https://www.lexiauk.co.uk/privacy-policy/ and we advise that you check this webpage periodically for any updated versions of this Privacy Policy. This Privacy Policy was last updated on 30/09/25.
2.6. This policy is provided in download a pdf version of the policy here.
3. Data protection principles
3.1. We will comply with the data protection principles in UK GDPR, which say that personal data must be:
3.1.1. processed fairly, lawfully and in a transparent manner;
3.1.2. obtained for specified, explicit and lawful purposes and processed compatibly with those purposes;
3.1.3. adequate, relevant and not excessive for the purpose(s) for which it is processed;
3.1.4. accurate and up-to-date;
3.1.5. kept in a form which enables identification of individuals no longer than necessary for the purposes for which it is processed; and
3.1.6. processed subject to appropriate security measures.
3.2. Where we refer to “special category data” in this Privacy Policy, this means particularly sensitive personal data including information about a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data (such as data relating to the inherited or acquired genetic characteristics of an individual), biometric data (for the purpose of uniquely identifying an individual), data concerning an individual’s health (including both physical and mental health), sex life or sexual orientation.
3.3. Where we refer to “profiling” in this Privacy Policy, this means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement.
4. What information do we collect about you?
4.1. Personal data means any information about an individual from which that person can be identified. It does not include data which has been anonymised.
4.2. The categories of personal information we may collect for the purpose of managing the Services we provide to you as either a customer or website visitor include the following:
4.2.1. Contact Data: your name, telephone number, e-mail address and any other contact details you may provide. If you are a teacher or other staff member, this will include the educational establishment you work for (including its location) and details of your job title.
4.2.2. Marketing Data: we may collect information about your marketing preferences where we are entitled to send you marketing materials;
4.2.3. User Data: your first name, last name and title, your user ID and password, your internet protocol (IP) address, the type of mobile device that you are using (if relevant), the operating system version and the device identifier. If you are a teacher or other staff member, this will include the educational establishment you work for and details of your job title. On rare occasions, you may provide us with other personal data (including special category data) about a user of the Software, including gender, date of birth, ethnicity and any educational requirements (e.g. instructional language).
4.2.4. Transaction Data: includes details about products and services you have accessed and used. This will also include products and services purchased from us on behalf of your organisation where your name is the contact point on the order, including educational establishment name and location details.
5. How we collect your personal information
5.1. We will generally collect your information from the following sources:
5.1.1. Information you give us. This is information which you (or the person granted administrative rights on behalf of the educational establishment at which you work or attend) provide to us by: visiting our website, completing paper forms in connection with the registration of the Software, or otherwise using or participating in our Services. We may also collect some of this personal data from you if you contact us for any reason, for example, by email, telephone or other correspondence.
5.1.2. Information we observe. We will gather personal information about you through the monitoring of our systems including use of our products and services and website.
5.1.3. Information acquired through automated technologies or interactions. As you interact with our website, we will automatically collect personal data about you that distinguishes you from other users by using cookies. Please see our Cookie Policy on our website for more details.
5.1.4. Information we create. We will create information about you when we create an account for you/your organisation, and during the course of your subscription when we provide you with our Services. This will include records of our interactions with you including feedback you provide.
6. Why we collect personal information about you and how we use that information
6.1. We process your personal information for a variety of commercial purposes and will also process your personal information where necessary to comply with any statutory duties to which we are subject.
6.2. In the table below, where we outline the lawful basis (processing condition) which we rely on to use your personal information, a number of bases are mentioned for processing personal information. All data needs one of the “general” processing conditions. However, where we are processing “special category data” we also need one of the legal bases set out in the special category processing conditions.
6.3. The purposes for which we process your personal information and the lawful bases for such processing are as follows:
Why we use your personal information Type of data (please see above list of data types) Lawful basis for processing
Managing our contractual relationship with your organisation/employer. Contact Data, User Data, Transaction Data, Marketing Data Legitimate interests: the use of your personal information is necessary for the management and administration of your/your organisation’s contract with us and our responsibilities to you/ your organisation.
Why we use your personal information | Type of data (please see above list of data types) | Lawful basis for processing |
---|---|---|
Managing our contractual relationship with your organisation/employer. | Contact Data, User Data, Transaction Data, Marketing Data | Legitimate Interests: the use of your personal information is necessary for the management and administration of your/your organisation's contract with us and our responsibilities to you/ your organisation. |
Implementation, updates and training: to contact you to aid in the proper implementation of the Software and any updates to it, such as through delivering training, or inputting information into the Software on your behalf. | Contact Data, Transaction Data, User Data | Legitimate Interest: it is a legitimate interest of ours to contact you to assist you in implementing the Software correctly, and provide the appropriate training on how to use it properly. Supporting our customers' use of the Software in this way improves our customers' experience. In the course of providing these Services, we may need to process limited User Data, for example to upload information into the Software to help you implement the Software or set up accounts where you have been unable to do so yourself. Please see the section below this table for more information |
Customer correspondence and engagement including complaints and feedback. | Contact Data, Transaction Data | Legitimate Interest: it is a legitimate interest of ours to keep a variety of information about you which will allow us to respond to your correspondence, interact with you via various platforms and improve our services generally for existing and prospective customers. |
Meeting customers' needs and requirements – including management of our customers' use of our website, the Software and Services. | Legitimate Interests: it is our legitimate interest to gather data about you and/or your organisation which is useful for building a complete view of our customers' use of our website, the Software and our Services. This includes understanding our customers' behaviour, activities, preferences and needs. This helps to ensure the effective running of our business through the development, improvement and provision of software and services which meet our customer needs and expectations, helping us to provide a good service. | |
Data analytics to improve our website, our Services, customer relationships and customer and user experiences. | User Data | Consent: we rely on consent to analyse the data we hold about you to improve our website and Services and to enable us to deliver content to you which takes account of your likes and dislikes. We obtain your consent through the cookie consent notice on our website. You can opt out of such analytics through the cookie consent notice. |
Network security. | Contact Data, User Data | Legitimate Interests: we will monitor our networks and your use of them. It is a legitimate interest of ours to make sure that your use of our network and systems does not compromise our network and systems security. |
To establish, respond to or defend legal claims. | Contact Data, User Data, Transaction Data, Marketing Data | Legitimate Interests: it is in our legitimate interests to use your personal information where necessary to establish, respond to or defend legal claims. |
Anonymisation for the purpose of data analytics. | User Data | Legitimate Interests: Certain data generated through the use of the Software may be de-identified so that it is no longer classed as personal data. We and/or Lexia US may use this de-identified data for lawful purposes, including product and service improvement, product and service analysis, educational research and/or statistical assessment. We consider the use of data in this way to be in our legitimate interests as it helps us and Lexia US to improve our products and services. |
Marketing purposes. | Contact Data, User Data, Marketing Data, Transaction Data | Consent: We work with reputable third parties to help us market to prospective customers. If you have opted in to receive marketing via the third parties we work with, we will send you marketing information via your email address and via letter based on the marketing preferences which have been provided to us. This includes information about current products and offerings or direct contact from our field representatives. If you subsequently opt out of such communications, we will stop marketing to you in this way. Legitimate interests: it is in our legitimate interest to keep various information about you which will allow us to market our Services and products to you in order to make new sales, or contact you with information relevant to your industry. This helps us to develop our relationships and grow our business. Where we have already obtained or have sought consent but not received it, we will not rely on legitimate interests. |
To arrange, deliver, record and share webinars about the Software, Services and our industry. | Contact Data, Marketing Data | Legitimate interests: we deliver webinars (including training sessions) to support our existing customers and introduce/ promote our Software and Services to prospective customers. As part of this, we will process the personal data of course delegates who have signed up to attend the webinars. We may share recordings of webinars to delegates afterwards. It is in our legitimate interests to host and share webinars in this way as it helps us to support our customers and users and develop relationships with prospective customers, ultimately to grow our business. |
7. If you are a student using the Software or another user of the Software
7.1. If you are a student using the Software or another user of the Software, your personal data will largely be processed by Lexia US who is responsible for hosting the Software and any information uploaded into it. For more information about this, you should review the privacy policies of Lexia US which are available here: https://www.lexialearning.com/privacy.
7.2. We do not host the Software and accordingly do not typically have access to personal data which is uploaded into the Software (including for example, personal data concerning you as a student user). However, we do provide support services to your educational establishment concerning its use of the Software (including training on implementation of the Software) and may process some of your data in the context of those services. For example, we may process such data where a staff member has requested our assistance with the set up of user accounts, where they have been unable to arrange this themselves.
7.3. In this context, a staff member from your educational establishment will provide us, via a secure file transfer medium, a spreadsheet containing the relevant information (such as your name) and we will import that data into the Software on the educational establishment’s behalf.
7.4. We may also process your personal data when a new version of the Software is released and your educational establishment is required to ‘migrate’ your data to the new version of the Software. This migration is under instruction from Lexia US whereby we use data from the Software and, from time to time, data we are provided by Lexia US which has been exported from the Software.
7.5. Each educational establishment must ensure that before any access is provided to the Software, it has obtained, in respect of any student to whom it intends to provide access to the Software (including, without limitation, students under the age of 13), all necessary consents and permissions to use the Software and for us and Lexia US to collect and process any user data (including, without limitation, the collection of user data relating to students under the age of 13).
8. Ensuring your personal data is accurate
8.1. We will keep the personal data we store about you accurate and up to date by enabling the designated account administrator(s) from your educational establishment to update personal data through self-service features within the Software, and by providing our support to those individuals throughout the contracted services period. We will take every reasonable step to erase or rectify inaccurate data without delay. Please tell us, or contact the designated account administrator from your educational establishment to contact us, if your personal details change or if you become aware of any inaccuracies in the personal data we hold about you or anyone else. We will contact you or the designated account administrator from your educational establishment if we become aware of any event which is likely to result in a change to your personal data.
9. Retaining your personal data
9.1. We will keep your personal data for no longer than is necessary for the purpose(s) for which we process it. This means that data will be destroyed or erased from our systems when it is no longer required. We review all personal data which we process at the end of each school year. This includes personal data relating to users of the Software and that of teachers / staff at educational establishments. For further information on the retention of your personal information, please contact the Data Protection Representative.
10. What rights do you have in respect of your personal data?
10.1. You have the right to:
10.1.1. Request access to any personal data we hold about you:
10.1.1.1. You have a right to access a copy of your own personal information. We try to respond to all requests within one (1) calendar month. Occasionally, it may take us longer than a month if your request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated.
10.1.1.2. We will request information from you in order to help us confirm your identity and ensure you have a right to access the personal information you have requested to see. This is a security measure to ensure that we do not disclose personal information to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request.
10.1.1.3. You will normally not have to pay a fee to access your personal information. However, we may charge a reasonable fee if your request is clearly unfounded or excessive (particularly where requests are repetitive). Alternatively, if your request is clearly unfounded or excessive we may refuse to comply with your request.
10.1.2. Have any personal data which we hold about you which is inaccurate rectified:
10.1.2.1. Rectification enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
10.1.3. Have personal information erased, in certain circumstances:
10.1.3.1. This right enables you to have your data erased (the so-called “right to be forgotten”). The right relates only to personal information we hold at the time you make the request. There are also some important restrictions on this right.
10.1.3.2. The right to have personal information erased applies where:-
10.1.3.2.1. our use of your personal information is no longer necessary for the purpose for which we gathered it. Most of the personal information we hold about you in the course of your engagement with us is needed by us to manage you as customer, website user or course delegate. However, we will review the information we hold about you if you ask us to erase it, to check we need all of the information we hold;
10.1.3.2.2. we have relied on consent as the basis for processing and you withdraw your consent;
10.1.3.2.3. we are processing your personal information on the basis of legitimate interests unless we have an overriding interest to continue the processing;
10.1.3.2.4. we are processing your personal information unlawfully;
10.1.3.2.5. we have to do it to comply with a legal obligation.
10.1.3.3. The right to erasure does not apply in certain circumstances including where:
10.1.3.3.1. we have to process the personal information to comply with a legal obligation; or
10.1.3.3.2. where we use the personal information to carry a task in the public interest such as where we are investigating fraud or preventing or detecting other unlawful acts.
10.1.4. Have the processing of your personal information restricted, in certain circumstances.
10.1.4.1. This enables you to ask us to suspend the processing of your personal information in the following scenarios:
10.1.4.1.1. if you want us to establish the information’s accuracy;
10.1.4.1.2. where our use of the information is unlawful but you do not want us to erase it;
10.1.4.1.3. where you need us to hold the information, even if we no longer require it as you need it to establish, exercise or defend legal claims; or
10.1.4.1.4. you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
10.1.5. In certain circumstances, be provided with the personal information that you have supplied to us, in a portable format that can be transmitted to another controller without hindrance.
10.1.5.1. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
10.1.6. Object to certain types of processing, including legitimate interests based processing (including profiling):
10.1.6.1. where we are processing your personal data on the basis of legitimate interests and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your interests, fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your interests, rights and freedoms or that the processing is required for the establishment, exercise or defence of legal claims.
10.1.7. The right to withdraw consent:
10.1.7.1. If we are processing any of your personal information based on you having given us consent to do so, you have the right to withdraw that consent at any time. However, this will not affect the lawfulness of any processing we may have undertaken based on your consent before it is withdrawn.
10.2. If you wish to exercise any of the rights set out above, you must make the request in writing to our Data Protection Representative who can be contacted by post at LexiaUK, Level 8 Trinity Gate, 32 West Street, Gateshead, Tyne & Wear, NE8 1AD, or by email at: dataprotection@lexiauk.co.uk.
11. How we keep your data secure
11.1. We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
11.2. We have in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. We will only transfer personal data to a third party if that third party agrees to comply with those procedures and policies, or if they put in place adequate measures themselves.
11.3. Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorised purposes) of the personal data.
12. Providing information to third parties
12.1. Our employees who need to access your personal data will view it in order that we can provide the Software and / or the Services and comply with our legal and statutory duties. All of our employees who may have access to your personal data have been trained in data protection and understand the need to keep your information confidential.
12.2. In addition to our employees, we also use service providers who may process personal data on our behalf (for example software providers for our IT systems). Apart from our employees and service providers, we will not disclose your personal data to a third party without your consent unless we are satisfied that they are legally entitled to the data. Where we do disclose your personal data to a third party, we will have regard to the data protection principles.
12.3. We may disclose your personal information to third parties:
12.3.1. in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
12.3.2. if we or substantially all of our assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets; and
12.3.3. if we are under a duty to disclose or share your personal data in order to comply with legal obligations or to protect our rights, property, or safety of customers / users, suppliers or employees. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
12.4. Certain personal data that you provide when using the Software, and/or the Services, whether as a student, teacher or other user will be processed by Lexia US. We may send Lexia US personal data for purposes relating to the Software and Services, for example, in order to:
12.4.1. setup a trial account for the Software for an educational establishment;
12.4.2. to process and progress a sale of the Software and/or Services that we have made with an educational establishment;
12.4.3. to address technical or services-related support to our educational establishment customers, prospects and users.
12.5. If your personal data is provided to any third parties, you are entitled to request details of the recipients of your personal data or the categories of recipients of your personal data.
13. Transferring your personal data outside of the United Kingdom
13.1. We will not transfer your personal data outside the UK unless such transfer is compliant with UK GDPR. This means that we cannot transfer any of your personal data outside the UK unless:
13.1.1. The UK Government has decided that another country or international organisation ensures an adequate level of protection for your personal data; or
13.1.2. The transfer of your personal data is subject to appropriate safeguards, which may include:
13.1.2.1. binding corporate rules; or
13.1.2.2. the International Data Transfer Agreement or the UK Addendum.
13.1.3. One of the derogations in the UK GDPR applies (including if you explicitly consent to the proposed transfer).
13.2. We currently transfer personal data outside the UK to provide Lexia US with certain information in respect of the Software and/or the Services.
Personal data of our customers in the Republic of Ireland
13.3. Please note that if you are a customer from the Republic of Ireland from 1 January 2021, we do not have an EU representative in this country on the basis that our processing of your personal data is (i) only occasional, (ii) of low risk to your data protection rights and (iii) does not involve the large scale use of special category or criminal offence data.
13.4. We will continue to comply with our obligations under the UK GDPR in relation to your personal data and please continue to contact us if you have any queries or concerns in relation to our handling of your personal data.
13.5. We will keep this position under review.
14. Breaches of data protection principles
14.1. If you consider that the data protection principles have not been followed in respect of personal data about yourself or others please notify us as soon as possible after becoming aware.
14.2. We are obliged to notify the Information Commissioners Office without undue delay, and where feasible, no later than 72 hours of becoming aware of a personal data breach, unless we consider that the personal data breach is unlikely to result in a risk to the rights and freedoms of the affected data subjects.
15. Right to lodge a complaint
15.1. If you have any issues with our processing of your personal data and would like to make a complaint, you can contact the Information Commissioner’s Office on 0303 123 1113 or at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.