Home Features MIS Integration Prices Sign In Start Free Trial

Privacy Notice

How we collect, use and protect your data.

GDPR-aligned Data secured in line with GDPR policies
Nothing to install Works in your browser anywhere
Easy to use Simple setup · Clean user interface
Built for UK SENCOs UK-based EHCP terminology throughout

SEN Master – Privacy Notice

1. Who we are

SEN Master is provided by Benaco Edutech Ltd (company number 16645737), 39 Linden House, Chart Way, Horsham, RH12 1QB, United Kingdom ("we", "us", "our"). We are committed to protecting your personal data and respecting your privacy.

2. Scope of this notice

This Privacy Notice explains how we collect, use, disclose and protect personal data in connection with our websites, applications and related services (the "Service"). It applies to visitors, account holders and authorised users.

3. Our roles (controller vs. processor)

  • Controller: We act as a data controller for personal data we determine the purposes and means of processing for (e.g., website analytics, account administration, billing, communications, service improvement).
  • Processor: When a school (the Customer) uploads or enters personal data (including pupil information) into the Service, the school is typically the data controller, and we act as its data processor. In that case, our processing is governed by our contract with the school and, where applicable, a Data Processing Addendum (DPA) made available upon request.

4. Personal data we collect

  • Account and profile data: name, email address, role, school/organisation, authentication data, preferences.
  • Service usage and support data: log data, device/browser data, activity metadata, support tickets, and communications with us.
  • Billing data: invoicing contact details, purchase order references, billing history.
  • Website data: cookie identifiers, analytics events (where used), IP address, and similar technical data.
  • Pupil/student data (processor activity): content that schools input or upload to the Service about their students (e.g., names, classes, support strategies, SEN-related notes). For this category, the school is the controller, and we process on the school's documented instructions.

5. Purposes and lawful bases

  • Provide and secure the Service (create accounts, authenticate users, operate features, maintain availability, troubleshoot, keep the Service secure) – performance of a contract, legitimate interests, and legal obligations.
  • Customer support and communications (respond to queries, service notices, changes) – performance of a contract and legitimate interests.
  • Billing and account administration (invoicing, payment, renewals, fraud prevention) – performance of a contract, legitimate interests, and legal obligations.
  • Service improvement and analytics (product usage insights, quality assurance, diagnostics) – legitimate interests. Where cookies or similar technologies require consent, we will obtain it.
  • Compliance and enforcement (legal requests, preventing misuse, enforcing terms) – legal obligations and legitimate interests.
  • Processor activities for schools – We process student/pupil data strictly on the school's documented instructions and under the school's chosen lawful basis. Where special category data is involved, schools are responsible for establishing a valid lawful basis and condition for processing under UK GDPR.

6. Cookies and similar technologies

We may use cookies and similar technologies to enable core functionality (e.g., session management) and to understand how the Service is used. Where required, we will present a cookie banner to obtain consent for non‑essential cookies. You can manage your preferences via your browser or our cookie controls, where available.

7. Sharing of personal data

  • Service providers (processors/sub‑processors): We may share data with trusted service providers who assist with hosting, support, analytics, communications, or security. These providers are bound by contractual obligations and only process data on our instructions.
  • Legal and compliance: We may disclose data to comply with applicable laws, lawful requests, or to protect rights, security, and integrity.
  • Business transfers: In the context of a merger, acquisition, reorganisation or asset sale, data may be transferred to the relevant parties subject to appropriate safeguards.

8. International transfers

Where personal data is transferred outside the UK, we implement appropriate safeguards, such as the UK Addendum to the EU Standard Contractual Clauses or other approved transfer mechanisms, and assess the recipient country's data protection landscape where required.

9. Data retention

We retain personal data for as long as necessary to fulfil the purposes outlined in this notice or as required by law. For Customer Data processed as a processor, we retain data in line with the school's instructions and our contractual commitments. Upon termination or at the school's request, we will delete or return Customer Data according to our agreement, subject to any legal retention requirements.

10. Security

We implement technical and organisational measures designed to protect personal data against unauthorised access, accidental loss, alteration, or disclosure. These include access controls, encryption in transit where appropriate, monitoring, and staff confidentiality obligations. No system can be completely secure; we encourage users to protect their accounts with strong passwords and appropriate access policies.

11. Children's data

Schools may use the Service to manage student information. In those cases, the school is the controller, and we act as processor. We do not offer accounts directly to children for independent sign‑up. Any student data is processed only on documented instructions from the school and under a DPA where applicable.

12. Your rights (UK GDPR)

Subject to applicable law, you may have the right to request access to, rectification or erasure of your personal data; to restrict or object to processing; and to data portability. Where processing is based on consent, you may withdraw consent at any time (this does not affect the lawfulness of processing before withdrawal). You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).

  • Exercising your rights (controller data): For data where we are the controller (e.g., your account and billing information), contact us using the details below.
  • Exercising your rights (school data): For data where a school is the controller (e.g., pupil/student data), please contact the relevant school directly. We will support the school in responding to requests it receives.

13. Third‑party links and services

The Service may contain links to third‑party websites or services. Their privacy practices are governed by their own policies. We are not responsible for the content, security or privacy practices of third parties.

14. Changes to this Privacy Notice

We may update this notice from time to time to reflect changes in our practices or legal requirements. We will post the updated version with a revised effective date. If changes are material, we will provide additional notice where appropriate.

15. Contact us

If you have any questions about this Privacy Notice or our data practices, contact us:

  • Address: 39 Linden House, Chart Way, Horsham, RH12 1QB, United Kingdom
  • Email: support@senmaster.co.uk
  • Company number: 16645737

For school‑managed data, please contact your school directly in the first instance. We will cooperate with the school to address your request.