Features
Candidate onboarding Booking management Timesheet automation Operational insights
Pricing Blog
Company
About Us Careers
Log in

Privacy Policy

EduTeam Privacy Policy

Last updated: 21 February 2026

WAYWO Ltd (“we”, “us”, “our”) operates the EduTeam SaaS platform for recruitment agencies and this website, www.eduteam.uk.
We are committed to handling personal data in accordance with the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

This policy sets out how we process any personal data we collect from you or that you provide to us through our website. We confirm that we will keep your information secure and that we will comply fully with all applicable UK Data Protection legislation and regulations. Please read the following carefully to understand what happens to personal data that you choose to provide to us, or that we collect from you when you visit this site.

By visiting this website you are accepting and consenting to the practices described in this policy.

1. Who we are

Controller vs Processor

  • For website visitors, EduTeam acts as Data Controller for the personal data you provide via contact forms or newsletter sign-ups.
  • For the SaaS platform, the tenant (recruitment agency) is the Data Controller, and EduTeam acts as Data Processor, processing data strictly on the tenant’s instructions.

Our company details:
Waywo Ltd
3 The Beeches, York, UK

2. Personal Data We Collect

2.1 Website Visitors

When you contact us or make an enquiry, we may collect:

  • Name
  • Email address
  • Telephone number
  • Organisation name
  • Message content

We also collect technical information automatically:

  • IP address (anonymised)
  • Browser type & version
  • Operating system
  • Pages visited and duration

2.2 SaaS Platform Users

Through the platform, we process data on behalf of our tenants, which may include:

  • Candidate information (name, email, phone, employment history)
  • Client contact details
  • Timesheet or payroll data
  • Communication records

Tenants control the purpose and means of processing. We do not decide how this personal data is used beyond system operation and maintenance.

3. How We Use Personal Data

Website Data:

  • Respond to enquiries and support requests
  • Administer and improve the website
  • Send service or operational updates (non-marketing)
  • Comply with legal obligations

SaaS Platform Data:

  • Only as instructed by the tenant
  • Provide services such as candidate management, timesheets, payroll exports, and email notifications
  • Limited system metadata processing for operational and security purposes

4. Lawful Basis for Processing

  • Website:

    • Performance of a contract (responding to enquiries)
    • Legitimate interests (website security, maintenance)
    • Consent (marketing emails, newsletters)

  • SaaS Platform:

    • The tenant documents the lawful basis as Data Controller
    • EduTeam processes data solely on the tenant’s instructions

5. Cookies and Similar Technologies

We use cookies to distinguish users, improve site performance, and analyse usage.
You can manage cookie preferences via your browser settings.

Typical cookies may include:

  • Functional cookies (necessary for site operation)
  • Analytical cookies (usage monitoring, traffic analysis)
  • Session cookies (login sessions for SaaS platform)

6. Sharing and Disclosure

Website:

  • Third-party service providers (e.g., hosting, email delivery)
  • Legal obligations (court orders, regulatory requests)
  • Only with your consent

SaaS Platform:

  • Sub-processors listed below
  • Only as instructed by tenants
  • Tenants remain responsible for sharing data with their end users

Sub-Processors include:

  • Microsoft Azure – UK-hosted cloud platform
  • Microsoft Azure – Transactional email delivery

7. International Data Transfers

  • Data is hosted in the UK.
  • If transferred outside the UK, appropriate safeguards (e.g., UK International Data Transfer Addendum) are applied.
  • Sub-processors outside the UK are assessed for GDPR compliance.

8. Data Retention

  • Website: Stored only as long as necessary to respond to enquiries or comply with legal obligations
  • SaaS Platform: Retained per tenant’s instructions; securely deleted after contract termination or tenant-requested retention period
  • Backup copies deleted per normal backup rotation

9. Data Security

Any information you provide to us will be stored on a secure server located in the United Kingdom.

We use a trusted third party hosting provider (Microsoft Azure) to facilitate the running and management of this website. Microsoft meet high data protection and security standards. Any data that may be collected through this website that Microsoft process, is kept secure and only processed in the manner we instruct them to. Microsoft cannot access, provide, rectify or delete any data that they store on our behalf without permission.

We do not rent, sell or share personal information about you with other people or non-affiliated companies. We will use all reasonable efforts to ensure that your personal data is not disclosed to regional/national institutions and authorities, unless required by law or other regulations.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.

Once we have received your information, we will use strict procedures and security features to prevent unauthorised access:

  • Role-based access control
  • Authentication controls
  • Encryption in transit (TLS)
  • Secure hosting infrastructure
  • Backup and disaster recovery
  • Logging and monitoring

10. Your Rights

Under UK GDPR, you have rights to:

  • Access your personal data
  • Correct inaccuracies
  • Request restriction of processing
  • Request erasure (“right to be forgotten”)
  • Object to processing
  • Data portability
  • Withdraw consent (where relevant)

To exercise these rights:

11. Personal Data Breaches

  • We notify data controllers (tenants) without undue delay
  • Include breach details, affected data, consequences, and mitigation measures
  • Website visitors notified if required by law

12. Children

Our services are not directed at children under 18.
Do not submit personal data without parental or guardian consent.

Our site may, from time to time, contain links to and from the third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

14. Changes to this Policy

  • Updates will be posted on this page with a new “Last Updated” date
  • Important changes may be communicated via email

15. Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to eduteam@waywo.co.uk