Privacy Policy

Modern Governor is an online training and support resource provided by HFL Education (HFL), under which it operates as an owned brand. Modern Governor is comprised of several component elements:

  • the main public-facing website at
  • the Modern Governor learning management system (LMS) at, operated by Learning Pool Ltd
  • the Modern Governor app at, which runs on the Glide online apps service.

This Privacy Policy demonstrates HFL’s firm commitment to data protection. This statement (together with the Terms and Conditions for training courses) sets out the ways that HFL (‘the Company, ‘we’, ‘us’ or ‘our’) gathers and disseminates information from Modern Governor and what you can do if you have questions about Personal Data.

For the purposes of data protection laws, the Company is the controller of personal data collected on the Modern Governor service, including the LMS, app and public-facing web site at

This document sets out the types of Personal Data (meaning information about an individual from which that individual can be personally identified) we handle, the purposes of handling those Personal Data and any recipients of it.

For the purposes of data protection laws, the Company is the data controller.

We are committed to ensuring that the privacy and security of your personal information is always protected. Any personal information that you provide to us on Modern Governor will be handled in accordance with this Privacy Policy.

Please read this Policy carefully. By using and any services offered via this website, as well as all related websites and online services provided by HFL Education, you are agreeing to be bound by this Policy in respect of the information collected about you via this website and through other means.

1.  Our details

We are Herts for Learning Limited trading as HFL Education

Address: 1st Floor West, Abel Smith House, Gunnels Wood Road, Stevenage, SG1 2ST
Information Commissioner’s Office Registration Number: ZA154308
Our Data Protection Officer is Lynette Dexter, Company Secretary

Email address for the Data Protection Officer:

2.  Why we collect Personal Data

We collect and hold personal information relating to our users/customers, and in relation to any individuals included in data sets that are being processed by the Company under contractual agreements.

We may share Personal Data with other agencies, but only as necessary under our legal duties or otherwise in accordance with our duties/obligations as a Company.

The Personal Data we are provided with or collect is provided to us on a voluntary basis when users:

  • request to receive information sent from the public-facing Modern Governor website.
  • register or purchase the online CPD service via a local authority re-seller agreement.
  • are added to the LMS.
  • access the Modern Governor app.

Set out below are the reasons we collect and process Personal Data:

  • To deliver the Modern Governor online CPD service to governors, trustees and others with a governance role in schools, academies, multi-academy trusts and local authorities
  • To manage the user accounts and establishment accounts of those who subscribe to the online CPD service.
  • To deliver the free Modern Governor app to anyone who chooses to access it.
  • To send further details of the online CPD service on request via the public-facing website
  • To monitor and assess the quality of our services.
  • For legitimate interest purposes, where data processing is not overridden by your data protection or fundamental rights and freedoms.

3.  Legal basis for processing Personal Data

We will only process your Personal Data information where we have consent, or we have another lawful reason for using it. These reasons include:

  • Contract – to carry out a contractual agreement we have   with you / your school, trust or local authority.
  • Consent – where you have given clear consent for HFL Education to process your personal data for a specific purpose.
  • Legitimate interests – to inform you of Modern Governor services or other HFL Education products and services that you may find useful in your role as a Governor/Trustee

4.  Categories of Personal Data we collect about you

As a user of Modern Governor service, we may collect the following Personal Data about you (please note this list does not include every type of Personal Data and may be updated from time to time):

  1. your name.
  2. your telephone / mobile number; (if provided as a method of responding to a query)
  3. your email address.
  4. the educational establishment name and address at which you have a governance role.
  5. the organisation to which that establishment might be linked to access governance services.

Information stored on the Modern Governor LMS will have been provided by either:

  • the service or organisation through whom an institution subscribes – this may be a local authority governor support service, the central team of a multi-academy trust.
  • individuals who, in other circumstances, submit their details where their information has not been previously provided by the above organisations.
  • individuals on behalf of others within an institution which subscribes.

Any Personal Data collected by us will be treated as confidential under the principles of the relevant data protection law.

5.  Who will have access to your Personal Data

Personal Data will be accessible by:

  • Members of the Modern Governor team within HFL Education
  • Establishment Account Administrators, who can access all user accounts for their establishment.
  • Learning Pool, the hosts of the Modern Governor learning management system (LMS)
  • HubSpot, a third party who store user information as a processor when a user has completed any of the following from the Modern Governor website:
    • Requested to download the App.
    • Requested a free trial.
    • Requested a catalogue of modules.
    • Completed a Contact form.
  • A designated person from a schools governing board accessing data relating to the school’s Modern Governor account.

We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We will not share personal information with third parties without consent unless we are required to do so by law or our policies. We will disclose Personal Data to third parties:

  • if we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation.
  • in order to enforce any agreements with you.
  • in order to perform contracts whereby we have been commissioned to offer online CPD on behalf of a third party (i.e. a school, setting or Local Authority)
  •  in order to perform contracts with third parties including:
    • Learning Pool (providers of the Modern Governor LMS)
    • Glide (providers of the Modern Governor app)
    • HubSpot (data processor)
  • to protect the rights, property or safety of the Company.

This may include sharing data with the Police and other organisations where necessary.

The above listed third-party suppliers will process data on our behalf. Therefore, we audit these third-party suppliers to ensure their compliance with relevant data protection laws and specify their obligations in appropriate contracts and service level agreements.

6.  How Personal Data will be processed

Personal Data may be processed in a variety of ways; this will include but is not limited to:

  • maintaining electronic records.
  • course administration (e-learning module completion, submission of evaluation, creation of personalised completion certificates by the LMS).
  • sending of emails relating to the status of the system, or relevant updates.
  • general account administration.
  • adding to spreadsheets, word documents or similar for the purposes of assessing Personal Data.

7.  Cookies

This website (and its associated services) uses cookies to improve your experience while visiting. Where applicable this website (and services) uses a cookie control system allowing you on your first visit to allow or disallow the use of cookies on your computer / device. This complies with current legislation requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user’s computer / device.

Cookies are small files saved to the user’s device that track, save and store information about the user’s interactions and usage of the website. This allows the website to provide the users with a tailored experience within this website.

You are advised that if you allow the use of cookies on your first visit to the website but later wish to deny the use and saving of cookies from this website on to your device, you should take necessary steps within your web browsers security settings to block all cookies from this website and its external serving vendors. To remove cookies, please refer to your browser’s help menu and search for ‘cookies’.

This website (and services) uses tracking software to monitor its visitors to better understand how they use it. This software is provided by Google Analytics which uses cookies to track visitor usage. The software will save a cookie to your computer’s hard drive-in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information. You can read Google’s privacy policy by searching for “Google Analytics Privacy Policy” at

This website uses cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address.

The use of Cookies on the Learning Pool LMS is summarised on the login page:

  • Two cookies are used by this site. The essential one is the session cookie, usually called TotaraSession. A user must allow this cookie into your browser to provide continuity and maintain their login from page to page. When a user logs out or closes the browser this cookie is destroyed (in the user’s browser and on the server).
  • The other cookie is purely for convenience, usually called something like TOTARAID. It just remembers the user’s username within the browser. This means when the user returns to this site the username field on the login page will already be filled out. It is safe to refuse this cookie – the user will just have to retype their username every time they log in.

8.  Links to other websites

You may encounter a link to an external website page whilst viewing e-learning content on the Modern Governor LMS, within the glossary content of the Modern Governor app, or the public-facing site at If the link is to a website that is operated by a third-party you should know that we have no control over that website, or its content, and as such cannot be responsible for the protection and privacy of your data or information you provide whilst visiting the site. You are advised to check the privacy policies of those other sites for their terms and conditions.


This site uses “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google. The reCAPTCHA analyses take place completely in the background. Website visitors are not advised that such an analysis is taking place. Data processing is based on legitimate interests. HFL Education has a legitimate interest in protecting its site from abusive automated crawling and spam. For more information about Google reCAPTCHA and Google’s privacy policy, please visit the following links: and

10. Children’s Policy

Our website – and the services it details and offers – is designed as general audience site not directed to children under the age of 16, and we do not knowingly collect Personal Information from children under the age of 16 without parental consent. If you are under 16 years of age, then please do not use or access the Service at any time or in any manner. If we learn that Personal Information has been collected on the Service from a child under 16 years of age without parental consent, then we will take appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 16 years of age has obtained an account on the Service, then you may alert us at and request that we delete that child’s Personal Information from our systems.

11. Where we store Personal Data and how we keep Personal Data secure

Your Personal Data is stored on systems based in the United Kingdom and all data backups are fully encrypted.

The Modern Governor LMS – provided by Learning Pool – has security measures in place to protect the loss, misuse and alteration of the information under our control. All instances of unauthorised attempted access to the Modern Governor LMS are logged and investigated. Where necessary, HFL Education will inform law enforcement agencies or other relevant organisations regarding misconduct. Learning Pool’s platform security statement – including its ISO 27001 certification – and list of sub processors are available.

12. Retention periods

We will only retain Personal Data for as long as is considered necessary to achieve the purposes for which it was originally collected.

Accounts on the Modern Governor LMS which have not been accessed in 12 months will be suspended by Learning Pool on behalf of HFL Education. In line with HFL Education’s data retention policy.

Any data collected via HubSpot will be deleted by HFL Education after 12 months in line with HFL Education’s Data Retention and Disposal Policy.

13. Your Data rights

The General Data Protection Regulation and associated data protection law gives you rights in relation to Personal Data held about you. These are:

  • Right to be informed: you have the right to be informed about the collection and use of your data. This policy contains information in relation to the collection of your Personal Data, however, if we collect additional data for other purposes, we will inform you about this.
  • Right of Access: if your Personal Data is held by us, you are entitled to access your Personal Data (unless an exception applies) by submitting a written request. We will aim to respond to that request within one month. If responding to your request will take longer than a month, or we consider that an exception applies, then we will let you know. You are entitled to access the Personal Data described in Section 4.
  • Right of Rectification: you have the right to require us to rectify any inaccurate Personal Data we hold about you. You also have the right to have incomplete Personal Data we hold about you completed. If you have any concerns about the accuracy of Personal Data that we hold then please contact us.
  • Right to Restriction: you have the right to restrict the manner in which we can process Personal Data where:
    • the accuracy of the Personal Data is being contested by you.
    • the processing of your Personal Data is unlawful, but you do not want the relevant Personal Data to be erased; or
    • we no longer need to process your Personal Data for the agreed purposes, but you want to preserve your Personal Data for the establishment, exercise or defence of legal claims.

Where any exercise by you of your right to restriction determines that our processing of particular Personal Data is to be restricted, we will then only process the relevant Personal Data in accordance with your consent and, in addition, for storage purposes and for the purpose of legal claims.

  • Right to Erasure: you have the right to require we erase your Personal Data which we are processing where one of the following grounds applies:
    • the processing is no longer necessary in relation to the purposes for which your Personal Data were collected or otherwise processed.
    • our processing of your Personal Data is based on your consent, you have subsequently withdrawn that consent and there is no other legal ground we can use to process your Personal Data.
    • the Personal Data have been unlawfully processed; and
    • the erasure is required for compliance with a law to which we are subject.
  • Right to Data Portability: you have the right to receive your Personal Data in a format that can be transferred. We will normally supply Personal Data in the form of e-mails or other mainstream software files. If you want to receive your Personal Data which you have provided to us in a structured, commonly used and machine-readable format, please contact us via the details in this Notice.
  • Right to Object: you have the right to object to the processing of your Personal Data where one of the following grounds apply:
    • the processing is based on legitimate interests or the performance of a task in the public interest.
    • the processing is for direct marketing; or
    • the processing is for the purposes of scientific/ historical research and statistics.

You can find out more about the way these rights work from the Information Commissioner’s Office (ICO) website.

14.  Controlling your personal information

If at any time you wish to close your Modern Governor LMS account and/or stop receiving information from us, you can:

  • send an email to identifying yourself and asking that we close your account.
  • use the unsubscribe links in an email from HubSpot-related lists you have not yet opted-out of
  • use the unsubscribe link within the Modern Governor LMS for Latest Updates.

15.  Subject access request (requesting your Personal Data)

You are entitled request details of Personal Data that we hold about you and you can access that Personal Data by making a Subject Access Request (SAR).

A SAR is a written or verbal request for personal information (known as personal data) held about you by an organisation. Data protection legislation gives individuals the right to know what information is held about them. However, this right is subject to certain exemptions as set out in the Data Protection Act 2018.

To submit a SAR to HFL Education we recommend that you email a written request to our Data Protection Officer at To help us respond quickly and effectively to your request, please include information regarding your relationship with us, along with a comprehensive list of what personal data you want to access and any details, relevant dates, or search criteria that will help us identify the information that you want.

16.  Making a complaint

If you are unhappy with the way we have dealt with any of your data protection concerns, you can make a complaint to the Information Commissioners Office (ICO), the supervisory authority for data protection issues in England and Wales. We would recommend that you complain to us in the first instance, but if you wish to contact the ICO you can do so using the details below. The ICO is a wholly independent regulator established in order to enforce data protection law.

ICO Concerns website:
ICO Helpline: 0303 123 1113

ICO Postal Address:

Information Commissioner’s Office Wycliffe House
Water Lane Wilmslow Cheshire SK9 5AF

17.  Changes to this Privacy Policy

Any changes we make to this notice in the future will be updated on the Modern Governor privacy policy displayed on Modern Governor sites (the LMS, the app login and the main public-facing site at and, where appropriate, notified to you by e-mail. Please check back to see any updates or changes.

This Privacy Policy was last updated on 16 August 2023.