InstructorOS LogoInstructorOS
Sign inTrial

Data Processing Agreement

Effective Date: 04 March 2026

This Data Processing Agreement forms part of the Terms and Conditions governing the use of the InstructorOS platform. This agreement applies where personal data is processed through the InstructorOS service.

1. Parties

Data Controller
The user of the InstructorOS platform who enters and manages personal data relating to their learners or students.

Data Processor
InstructorOS
A trading name of Willow & Bean Co. Ltd

Company Number
16128200

Registered Address
Suite 21 Storth House
156 Cowlersley Lane
Huddersfield
United Kingdom
HD4 5UX

Telephone
01484 706191

Email
[email protected]

2. Purpose of Processing

The Data Processor provides a software platform which allows the Data Controller to store and manage information relating to their driving instruction business.

Processing activities may include:

  • recording lesson history
  • tracking income and expenses
  • storing learner information
  • recording lesson notes and progress records
  • generating reports

The Data Processor processes personal data solely to provide the InstructorOS service.

3. Categories of Personal Data

Personal data processed through the platform may include:

  • learner names
  • contact numbers
  • email addresses
  • postal addresses
  • PRN numbers
  • lesson notes
  • progress records
  • lesson history

The Data Processor does not determine what personal data is entered into the platform.

The Data Controller is responsible for ensuring that the data entered is lawful and appropriate.

4. Categories of Data Subjects

Personal data processed under this agreement may relate to:

  • driving students
  • learner drivers
  • prospective driving students

5. Obligations of the Data Processor

The Data Processor agrees to:

  • process personal data only in accordance with instructions from the Data Controller
  • implement appropriate technical and organisational security measures
  • ensure confidentiality of personnel authorised to process personal data
  • not sell or misuse personal data
  • assist the Data Controller in complying with data protection obligations where reasonably possible

6. Security Measures

The Data Processor implements reasonable security measures including:

  • encrypted connections
  • secure data storage
  • access controls
  • system monitoring
  • infrastructure security

Security measures are regularly reviewed to ensure the protection of personal data.

7. Subprocessors

The Data Processor may use trusted third party service providers to operate the platform.

These may include:

  • hosting providers
  • payment processors
  • technical infrastructure providers

Where subprocessors are used, they are required to maintain appropriate security measures and comply with applicable data protection law.

8. International Data Transfers

Some subprocessors may process data outside the United Kingdom. Where international transfers occur, appropriate safeguards are used to ensure that personal data remains protected in accordance with UK GDPR.

9. Data Subject Rights

Where a data subject exercises their rights under data protection law, the Data Controller is responsible for responding to the request.

These rights may include:

  • access requests
  • data correction
  • data deletion
  • data portability
  • processing restrictions

Where reasonably possible, the Data Processor will assist the Data Controller in fulfilling such requests.

10. Data Breach Notification

In the event of a personal data breach affecting personal data processed under this agreement, the Data Processor will notify the Data Controller without undue delay after becoming aware of the breach. The notification will include reasonable details relating to the nature of the breach and any actions taken to mitigate its effects.

11. Data Retention and Deletion

Personal data stored within the InstructorOS platform remains under the control of the Data Controller.

Data will be retained until:

  • the Data Controller deletes the data
  • the user account is deleted
  • the Data Controller requests erasure

Upon account deletion, personal data will be removed from active systems within a reasonable timeframe.

Backup systems may temporarily retain data for system integrity and disaster recovery.

12. Assistance with Compliance

Where reasonably possible, the Data Processor will assist the Data Controller in meeting obligations under UK GDPR including:

  • data protection impact assessments
  • data subject access requests
  • security obligations

This assistance may be subject to reasonable limitations depending on technical feasibility.

13. Liability

  • Each party remains responsible for its own compliance with applicable data protection laws.
  • The Data Processor will not be liable for unlawful processing performed by the Data Controller or for data entered into the system by the Data Controller.

14. Term of Agreement

This agreement remains in effect for as long as the Data Processor processes personal data on behalf of the Data Controller through the InstructorOS platform. Termination of the service will terminate this agreement except where continued processing is required by law.

15. Governing Law

  • This agreement is governed by the laws of England and Wales.
  • Any disputes arising from this agreement will be subject to the jurisdiction of the courts of England and Wales.
InstructorOS
Finance tracking software for UK driving instructors (ADIs).
Contact
InstructorOS helps independent UK driving instructors replace a driving instructor spreadsheet with a clean dashboard for lesson income, business expenses, profit margin and estimated tax — including UK tax year (Apr–Mar) reporting and exports for year-end.
InstructorOS is a trading name of Willow & Bean Co. Ltd (Company No. 16128200).
Registered office: Suite 21, Storth House, 156 Cowlersley Lane, Huddersfield, United Kingdom, HD4 5UX.