Privacy Notice

EdSafe

This Privacy Notice explains how EdSafe processes personal data, the principles that govern that processing, and the limits that are intentionally applied.

EdSafe provides advisory support to school leadership teams on data protection, AI use, and governance decisions. The nature of this work requires clarity, proportionality, and accountability. This notice reflects those principles.

Who we are

EdSafe is operated by Derek Ray Havelock as an independent advisory practice, supporting leadership decision-making in education.

Location:
Ho Chi Minh City, Vietnam

Website:
https://www.edsafe.net

EdSafe acts as a data controller in relation to the personal data described in this notice.

Regulatory context

EdSafe works with schools and education organisations across multiple regions, including Southeast Asia, parts of Central and South America, and the European Union.

Data protection requirements vary by jurisdiction. EdSafe applies consistent governance principles — including lawfulness, purpose limitation, proportionality, transparency, and accountability — while complying with applicable local data protection laws and regulatory expectations in practice.

Where local law provides additional or different rights or obligations, those requirements take precedence and are respected.

How personal data is processed

When you make contact

When you contact EdSafe via the website or by email, personal data is used solely to understand the context of your enquiry and the decision you are facing.

Information provided at this stage is not used for marketing, profiling, or any secondary purpose, and is not retained beyond what is reasonably necessary to determine whether further engagement is appropriate.

Typical data may include:

  • Name

  • Professional role

  • Organisation

  • Email address

  • Contextual information you choose to provide

The lawful basis for this processing is legitimate interest, limited strictly to responding to the enquiry.

When advisory support is provided

Where advisory or decision-support work is undertaken, personal data is processed only for the purposes of that specific engagement.

This may include contextual, professional, or organisational information necessary to support proportionate and defensible decision-making.

Retention is tied to the context, scope, and accountability requirements of the work. Data is not kept beyond the point at which it is no longer reasonably required to:

  • support the advice given,

  • demonstrate professional accountability, or

  • meet applicable legal or professional obligations.

Retention is measured in relevance, not fixed timeframes.

The lawful basis for this processing may include legitimate interest and, where applicable, contractual necessity.

Payment and financial data (addendum)

Where online payments, invoicing, or financial transactions are used, personal data may be processed for the purposes of administering those transactions.

This may include:

  • Name and billing contact details

  • Organisation details

  • Transaction references

  • Payment confirmation information

EdSafe does not store full payment card details. Payment processing is handled by third-party payment service providers who act as independent controllers or processors in accordance with their own privacy notices and regulatory obligations.

Financial data is processed solely to:

  • administer payments,

  • maintain accurate financial records, and

  • meet applicable accounting or legal requirements.

Retention of financial records is governed by applicable legal and professional obligations and is limited to what is reasonably required for those purposes.

Website use and tracking

EdSafe does not use cookies, analytics tools, tracking technologies, or behavioural monitoring on this website.

This is a deliberate choice, aligned with the nature of the service and the expectations of those seeking governance-led advice.

If site functionality changes in the future in a way that requires the use of cookies or similar technologies, this Privacy Notice will be updated before any such processing takes place.

What EdSafe does not do

EdSafe does not:

  • sell personal data,

  • share data for marketing or advertising purposes,

  • conduct profiling or automated decision-making,

  • use personal data beyond its stated purpose,

  • track website behaviour.

International processing

EdSafe operates internationally. Where personal data is processed across borders, appropriate safeguards are applied in line with applicable legal and regulatory requirements.

Your rights

Data protection rights exist to support transparency, accountability, and good governance, and are treated as a normal part of professional practice rather than as an adversarial process.

Depending on the applicable legal framework and the context of processing, individuals may have rights in relation to their personal data, including:

  • the right to access personal data,

  • the right to request correction,

  • the right to request erasure where appropriate,

  • the right to object to or restrict processing,

  • the right to data portability where applicable.

Requests can be made using the contact details on this website. EdSafe responds proportionately and in line with applicable legal and regulatory expectations.

Changes to this notice

This Privacy Notice is reviewed periodically to ensure it remains accurate and appropriate to how EdSafe operates.

Where changes are made, the updated version will be published on this website.