Privacy Policy

Last Updated: 23rd October 2023

We at Robin (“Robin”, “we”, “our”, “us”), respect your privacy and are strongly committed to keeping secure any information we obtain from you or about you. This Privacy Policy describes our practices with respect to Personal Information we collect from or about you when you use our website, applications, and services (collectively, “Services”).

Who we are and how to contact us

Robin is a part of The Key Support Service Ltd, a company registered in England at 8th Floor, HYLO 103, 105 Bunhill Row, London, EC1Y 8LZ with company number 08268303. We are part of the same group of companies as The Key, GovernorHub, Arbor, Scholarpack and Integris.

If you have any questions for us about our use of your data you can contact us at [email protected].

Personal information we collect

We collect personal information relating to you (“Personal Information”) as follows:

Personal Information You Provide: We collect Personal Information if you create an account to use our Services or communicate with us as follows:

  • Account Information: When you create an account with us, we will collect information associated with your account, including your name, contact information, account credentials, payment card information, and transaction history, (collectively, “Account Information”).
  • User Content: When you use our Services, we collect Personal Information that is included in the input, file uploads, systems integrations, data sources and other feedback that you provide to our Services (“Content”).
  • Communication Information: If you communicate with us, we collect your name, contact information, and the contents of any messages you send (“Communication Information”).
  • Social Media Information: We have pages on social media sites like Instagram, Facebook, Medium, Twitter, YouTube and LinkedIn. When you interact with our social media pages, we will collect Personal Information that you elect to provide to us, such as your contact details (collectively, “Social Information”). In addition, the companies that host our social media pages may provide us with aggregate information and analytics about our social media activity.

Personal Information We Receive Automatically From Your Use of the Services: When you visit, use, or interact with the Services, we receive the following information about your visit, use, or interactions (“Technical Information”):

  • Log Data: Information that your browser automatically sends when you use our Services. Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interact with our website.
  • Usage Data: We may automatically collect information about your use of the Services, such as the types of content that you view or engage with, the features you use and the actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection.
  • Device Information: Includes name of the device, operating system, device identifiers, and browser you are using. Information collected may depend on the type of device you use and its settings.
  • Cookies: We use cookies to operate and administer our Services, and improve your experience. A “cookie” is a piece of information sent to your browser by a website you visit. You can set your browser to accept all cookies, to reject all cookies, or to notify you whenever a cookie is offered so that you can decide each time whether to accept it. However, refusing a cookie may in some cases preclude you from using, or negatively affect the display or function of, a website or certain areas or features of a website. For more details on cookies, please visit All About Cookies.
  • Analytics: We may use a variety of online analytics products that use cookies to help us analyse how users use our Services and enhance your experience when you use the Services.

Personal Information We Receive From Third Parties: We also may collect data from the following third-party data sources, provided such collection and use is in accordance with data protection laws (“Third-Party Information”):

  • any publicly available websites or social media sources that may help us deliver the Services or understand our audience.
  • our third-party service providers (e.g. to tell us you have paid for a product or extended your renewal or that a support ticket has been closed).
  • our group companies (e.g. to tell us what products you are likely to find interesting).
  • other subscribers to our services (e.g. through a colleague inviting you to use the Services).

How we use personal information

We may use Personal Information for the following purposes:

  • To provide, administer, maintain and/or analyse the Services;
  • To improve our Services and conduct research;
  • To communicate with you;
  • To develop new programs and services;
  • To prevent fraud, criminal activity, or misuses of our Services, and to protect the security of our IT systems, architecture, and networks;
  • To carry out business transfers; and
  • To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.

As noted above, whilst we may use Content you provide to us to improve our Services, for example to improve the AI models and code that power systems, we will not use Content you provide to us to improve or train any third party’s systems (for example, we will not use your Content to improve OpenAI or Microsoft’s AI models)

Aggregated or De-Identified Information. We may aggregate or de-identify Personal Information so that it may no longer be used to identify you and use such information to analyse the effectiveness of our Services, to improve and add features to our Services, to conduct research and for other similar purposes. In addition, from time to time, we may analyse the general behaviour and characteristics of users of our Services and share aggregated information like general user statistics with third parties, publish such aggregated information or make such aggregated information generally available. We may collect aggregated information through the Services, through cookies, and through other means described in this Privacy Policy. We will maintain and use de-identified information in anonymous or de-identified form and we will not attempt to re-identify the information, unless required by law.

Disclosure of personal information

In certain circumstances we may provide your Personal Information to third parties without further notice to you, unless required by the law:

  • Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may provide Personal Information to vendors and service providers, including providers of hosting services, cloud services, and other information technology services providers, email communication software, and web analytics services, among others. Pursuant to our instructions, these parties will access, process, or store Personal Information only in the course of performing their duties to us. A list of these third-party vendors can be found in our subprocessors document.
  • Within our group: We may disclose Personal Information to other companies within our group, who may only use the Personal Information we share in a manner consistent with this Privacy Policy.
  • Business Transfers: If we are involved in strategic transactions, reorganisation, bankruptcy, receivership, or transition of service to another provider (collectively, a “Transaction”), your Personal Information and other information may be disclosed in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.
  • Legal Requirements: We may share your Personal Information, including information about your interaction with our Services, with government authorities, industry peers, or other third parties (i) if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, (ii) to protect and defend our rights or property, (iii) if we determine, in our sole discretion, that there is a violation of our terms, policies, or the law; (iv) to detect or prevent fraud or other illegal activity; (v) to protect the safety, security, and integrity of our products, employees, or users, or the public, or (vi) to protect against legal liability.

We don’t “sell” Personal Information or “share” Personal Information for behavioural advertising. We also don’t process sensitive Personal Information for the purposes of inferring characteristics about a consumer.

Your rights

You have a number of rights in relation to the information that we hold about you which are summarised below. You can exercise your rights by contacting us at [email protected]. You may also wish to contact your school, trust or other relevant organisation (“Organisation”) for information they hold as a data controller:

  • The right to be informed about our use of your data. This is met by this Policy.
  • The right to access information we hold about you and to obtain information about how we process it (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. Please note that we may ask you to specify what you wish to see in order to focus our search, and we may have to verify your identity/authority.
  • In some circumstances, the right to withdraw your consent to our processing of your information, which you can do at any time. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
  • In some circumstances, the right to receive certain information you have provided to us in an electronic format and/or request that we transmit it to a third party;
  • The right to request that we rectify your information if it’s inaccurate or incomplete though we may need to verify the accuracy of the new data you provide to us.
  • In some circumstances, the right to request that we erase your information where there is no good reason for us continuing to process it. We may continue to retain your information if we’re entitled or required to retain it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • The right to object to, and to request that we restrict, our processing of your information in some circumstances for example where we are relying on our legitimate interests or using it for direct marketing. Again, there may be situations where you object to, or ask us to restrict, our processing of your information but we’re entitled to continue processing it and/or to refuse your request.
  • Individuals have a right to complain to the UK Information Commissioner’s Office by visiting www.ico.org.uk, or to the data protection regulator in the country where they live or work.

The Service may contain links to other websites not operated or controlled by Robin, including social media services (“Third Party Sites”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.

Security and Retention

We implement commercially reasonable technical, administrative, and organisational measures to protect Personal Information both online and offline from loss, misuse, and unauthorised access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Service or email. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third-party websites. We’ll retain your Personal Information for only as long as we need in order to provide our Service to you, or for other legitimate business purposes such as resolving disputes, safety and security reasons, or complying with our legal obligations. How long we retain Personal Information will depend on a number of factors, such as the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure, our purpose for processing the information, and any legal requirements.

The data protection laws and principles we honour

Whenever you provide us with your personal information, we are legally obliged to use your information in line with all applicable laws concerning the protection of personal information, including the UK Data Protection Act 2018 and the EC General Data Protection Regulation 2016/679 (“GDPR”) as those laws may be replaced or amended from time to time (“Data Protection Laws”).

A fundamental feature of the Data Protection Laws is the establishment of privacy principles including the principles of transparency, purpose-limitation, data accuracy, retention/storage, data security and integrity, and data minimisation. We operate our business in accordance with these principles.

A key principle of the GDPR is that we must have a lawful basis to use your data. Our legal bases for processing your Personal Information include:

  • Performance of a contract with you when we provide and maintain our Services. When we process Account Information, Content, Third-Party Information and Technical Information solely to provide our Services to you, this information is necessary to be able to provide our Services. If you do not provide this information, we may not be able to provide our Services to you.
  • Our legitimate interests in protecting our Services from abuse, fraud, or security risks, or in developing, improving, or promoting our Services. This may include the processing of Account Information, Content, Social Information, Third-Party Information and Technical Information.
  • Your consent when we ask for your consent to process your Personal Information for a specific purpose that we communicate to you. You have the right to withdraw your consent at any time.
  • Compliance with our legal obligations when we use your Personal Information to comply with applicable law or when we protect our or our group’s, users’, or third parties’ rights, safety, and property.

Our roles as a data controller and a processor

In common with most businesses, we handle your data in two different ways – firstly as a data controller when we handle your data for our own business purposes and make decisions on how and why to do this. This includes when we use it for invoicing and to provide you with the service you have subscribed to.

We may also process your data as a data processor on behalf of your Organisation. For example, when you use our Services to work with your Organisation’s data or content, this content may contain information about third parties such as teaching professionals and students. When we handle this data, we are processing it on your behalf and it is your Organisation that is the data controller.

Changes to the privacy policy

We may update this Privacy Policy from time to time. When we do, we will post an updated version on this page, unless another type of notice is required by applicable law.