Privacy Policy

Website: sen-connect.co.uk | Last updated: 5 May 2026

1. Data Controller

The Data Controller for personal data collected through the website sen-connect.co.uk is a natural person residing in Poland, reachable at the e-mail address indicated on the Contact page of the website.

The processing of personal data is carried out in accordance with Regulation (EU) 2016/679 (GDPR), the UK General Data Protection Regulation (UK GDPR) as retained in UK law by the European Union (Withdrawal) Act 2018, the Data Protection Act 2018 (DPA 2018), and the applicable provisions of Directive 2002/58/EC (ePrivacy Directive) and its UK equivalent.

The Controller has not appointed a Data Protection Officer (DPO) under Art. 37 GDPR, as the conditions set out in paragraph 1, points (b) and (c) of that article are not met.

2. Categories of Personal Data Collected

The website may collect the following categories of personal data:

Navigation data: IP address, browser type, operating system, pages visited, access timestamps, referral URL.
Voluntarily submitted data: name, e-mail address, and any other information entered in contact forms or newsletter sign-up fields.
Cookie and tracking data: identifiers stored on the user’s device for technical purposes and, subject to consent, for analytics or advertising purposes.

The website does not knowingly collect special categories of data under Art. 9 GDPR / UK GDPR (health data, ethnic origin, sexual orientation, etc.).

3. Purposes of Processing and Legal Bases

Provision of the informational service (Art. 6(1)(b) GDPR/UK GDPR – performance of a contract or pre-contractual steps): delivering the website’s features and responding to user enquiries.
Technical and session cookies (Art. 6(1)(f) GDPR/UK GDPR – legitimate interests): ensuring the correct functioning of the website and secure browsing.
Aggregated statistical analysis (Art. 6(1)(f) GDPR/UK GDPR – legitimate interests): understanding how the website is used and improving its performance.
Non-technical cookies and advertising profiling (Art. 6(1)(a) GDPR/UK GDPR – consent): activated only after the user has given explicit consent via the cookie banner.
Compliance with legal obligations (Art. 6(1)(c) GDPR/UK GDPR): retention of data as required by applicable law.

4. Legitimate Interests Balancing Test

Where processing is based on legitimate interests (Art. 6(1)(f) GDPR/UK GDPR), the Controller has carried out the balancing assessment under Art. 6(4) GDPR. The interests pursued — proper functioning of the website and aggregated traffic analysis — do not override the fundamental rights and freedoms of data subjects, given the limited nature of the data processed, the absence of special categories, and the reasonable expectations of users visiting an informational website.

5. Cookies and Tracking Technologies

Technical cookies: essential to the operation of the website (e.g. session management, language preferences). These do not require user consent.

Non-technical cookies (third-party analytics, advertising, profiling): these are not activated before the user has given their consent via the dedicated banner, in compliance with the ePrivacy Directive/UK PECR (Privacy and Electronic Communications Regulations 2003) and ICO guidance.

Users may manage or withdraw their consent to cookies at any time via the banner settings or their browser options. Disabling technical cookies may impair certain website functions.

6. Retention Periods

Navigation data: retained for a maximum of 12 months, unless a legal obligation requires longer retention.
Contact requests / newsletter: until consent is withdrawn or as long as necessary to handle the request, and in any case no longer than 36 months from the last interaction.
Cookie data: in accordance with the lifespan of the specific cookie, as detailed in the full cookie policy.

7. Contact Forms and Lead Generation

Where the website provides contact forms or newsletter sign-up features, data submitted will be processed for two distinct purposes:

Purpose 1 – Responding to the enquiry (Art. 6(1)(b) GDPR/UK GDPR): processing and replying to the user’s communication.
Purpose 2 – Lead generation / transfer to partners (Art. 6(1)(a) GDPR/UK GDPR – consent): with the user’s explicit consent, data may be shared with selected commercial partners operating in the SEND education and recruitment sector, for the purpose of sending relevant offers or information.

Consent to Purpose 2 is optional and may be withdrawn at any time without affecting the lawfulness of processing carried out prior to withdrawal.

8. Disclosure to Third Parties and Transfers

The Controller engages third-party service providers acting as processors (Art. 28 GDPR/UK GDPR) or as independent controllers. These include:

Kwanko – affiliate and digital advertising network (Privacy Policy).
CJ Affiliate (Conversant) – affiliate network (Privacy Policy).
Escrow.com – secure domain sale service (Privacy Policy).
Hosting, CDN and analytics providers that process data solely on the Controller’s instructions.

Data is not sold to third parties. Any transfers outside the EEA or the UK are made on the basis of appropriate safeguards (standard contractual clauses under Art. 46 GDPR / UK GDPR, adequacy decisions, or the UK International Data Transfer Agreement).

9. Rights of Data Subjects

Under Arts. 15–22 GDPR / UK GDPR, users have the right to:

Access (Art. 15): obtain confirmation of processing and a copy of their personal data.
Rectification (Art. 16): correct inaccurate or incomplete data.
Erasure (Art. 17): request deletion of their data (“right to be forgotten”).
Restriction (Art. 18): restrict processing in certain circumstances.
Portability (Art. 20): receive their data in a structured, machine-readable format.
Objection (Art. 21): object to processing based on legitimate interests.
Withdrawal of consent (Art. 7(3)): withdraw consent at any time without affecting the lawfulness of prior processing.

Requests should be sent to the Controller’s e-mail address on the Contact page. The Controller will respond within 30 days; in complex or multiple cases, this period may be extended by a further 60 days (Art. 12(3) GDPR/UK GDPR), with a reasoned notification provided within the first month.

10. Security Measures

The Controller implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction or accidental disclosure, in accordance with Art. 32 GDPR/UK GDPR. These include: encrypted connections (HTTPS/TLS), restricted backend access, and regular security updates.

11. Children

The website is not directed at children under the age of 13. The Controller does not knowingly collect personal data from children below this age. If such data is identified as having been collected without parental or guardian consent, it will be deleted immediately.

12. Informational Nature of the Website

Important notice: sen-connect.co.uk is an informational website only, dedicated to raising awareness of Special Educational Needs and Disabilities (SEND) recruitment and consultancy services in the United Kingdom. This website does not constitute a regulated recruitment agency, does not hold any employment or education authority licence, and is not affiliated with any school, local authority, NHS trust or government body. Information about services, professionals, roles and availability is provided for illustrative purposes only and may not be current or complete. Users should independently verify the credentials and regulatory status of any recruitment or consultancy provider before engaging their services. The domain is for sale.

13. Changes to This Policy

The Controller reserves the right to modify this policy at any time, including in response to changes in applicable law. Updates will be published on this page with a revised date. In the event of material changes, the Controller may notify users via a prominent notice on the website. Users are encouraged to review this page periodically.

14. Supervisory Authorities

Users have the right to lodge a complaint with a competent supervisory authority under Art. 77 GDPR / UK GDPR:

UODO – Urzàd Ochrony Danych Osobowych (Poland – country of the Controller)
Stawki 2, 00-193 Warsaw | uodo.gov.pl
ICO – Information Commissioner’s Office (United Kingdom)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF | ico.org.uk

Users may choose to contact the authority in the country of their habitual residence or the place where the alleged infringement occurred.

15. International Data Transfers

Some third-party service providers may transfer data outside the European Economic Area (EEA) or the United Kingdom. In such cases, the Controller verifies that appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission (Art. 46(2)(c) GDPR), adequacy decisions, or the UK International Data Transfer Agreement (IDTA). Further information is available on request at the Controller’s e-mail address.

16. Automated Decision-Making

The website does not carry out processing based on solely automated decisions, nor individual profiling that produces legal effects or similarly significant effects on data subjects, within the meaning of Art. 22 GDPR / UK GDPR.

17. Minimum Age for Digital Consent in EU Member States and the UK

Under Art. 8 GDPR, the minimum age for valid consent to the processing of personal data in information society services varies by Member State. The United Kingdom has set the age at 13 under the UK GDPR and the Age Appropriate Design Code. The table below is for reference:

Country	Minimum age
United Kingdom	13 years
Germany	16 years
Netherlands	16 years
Austria	14 years
Bulgaria	14 years
Denmark	13 years
Estonia	13 years
Finland	13 years
France	15 years
Ireland	16 years
Italy	14 years
Latvia	13 years
Lithuania	14 years
Poland	16 years
Portugal	13 years
Romania	16 years
Slovakia	16 years
Slovenia	15 years
Spain	14 years
Sweden	13 years
Hungary	16 years

The website is intended for an adult audience. Where a minor below the applicable age threshold wishes to use the website’s services, parental or guardian consent is required.