Privacy Policy for The Academy World

Privacy Policy  

Effective Date: 13th November 2024

Introduction  

The Academy World Limited and associated companies and brand names ("The Academy," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, share, and protect your personal information when interacting with our website (www.theacademy.world), online courses, or services. By using our website or services, you consent to the practices described in this policy.

Definitions  

For the purposes of this Privacy Policy:

• Controller: The entity that determines the purposes and means of processing personal data

• Criminal Offence Data: Personal Data relating to criminal convictions and offences or related security measures, to be read in accordance with section 11(2) of the DPA 2018

• Data Protection Legislation:

• To the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom which relates to the protection of personal data

• To the extent the EU GDPR applies, the law of the European Union or any member state of the European Union to which the party is subject, which relates to the protection of personal data

• Data Subject: An identified or identifiable natural person who is the subject of personal data

• EU GDPR: The General Data Protection Regulation ((EU) 2016/679)

• Information Commissioner: The UK Information Commissioner's Office (ICO)

• Personal Data: Any information relating to an identified or identifiable natural person

• Personal Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data

• Processing: Any operation performed on personal data

• Special Category Data: Sensitive personal data including racial/ethnic origin, political opinions, religious beliefs, trade union membership, genetic/biometric data, health data, and data concerning sexual orientation

• Third Party: A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, or persons who are authorised to process personal data

• UK GDPR: Has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018

Information We Collect  

We may collect and process the following types of personal data:

Personal Information  

• Name

• Email address

• Postal address

• Phone number

• Any other information you provide when interacting with our website, courses, or services

Sensitive Personal Data  

In certain circumstances, we may collect and process special categories of personal data, including:

• Racial or ethnic origin

• Political opinions

• Religious or philosophical beliefs

• Trade union membership

• Health data (for example, if you disclose a disability requiring accommodations)

• Sexual orientation

• Genetic data

• Biometric data (where used for identification purposes)

• Data relating to criminal convictions or offences (if relevant to our services)

Information We Collect from Other Sources  

We may receive personal data about you from third parties, such as:

• Clients who provide us with your information to facilitate introductions to experts

• Service providers

• Public databases

• Marketing partners

Other Data  

• Financial Information: Payment details, billing address, and transaction history

• Technical Information: IP address, browser type, device information, and cookie data

• Usage Information: Information about how you use our website and services, including pages visited, courses enrolled in, and interactions with our content

• Marketing and Communications Data: Your preferences in receiving marketing communications from us and your responses to those communications

• Business Information: If you are a client or potential client, we may collect information about your business, such as company name, industry, and size

• Other Information: Any other information you choose to share with us, such as feedback, testimonials, or information provided in surveys or questionnaires

Important Note: We will only collect and process sensitive personal data where we have a lawful basis for doing so, such as your explicit consent, a legal obligation, or where it is necessary to protect your vital interests or the vital interests of another person.

How We Use Your Information  

We use your personal data for the following purposes:

Providing and Improving Our Services  

• Delivering our courses and services

• Processing your payments

• Personalising your learning experience

• Managing your account

• Providing customer support

• Improving our website and services

Communication  

• Sending important updates and notifications

• Delivering newsletters and promotional materials (with consent)

• Responding to your enquiries

• Providing technical support

Analytics and Research  

• Analysing website traffic and usage patterns

• Improving our website and services

• Conducting research to better understand our users' needs

• Developing new products and services

Facilitating Introductions  

• Sharing your personal data with external experts or consultants (with your consent)

• Managing professional relationships

• Coordinating service delivery

Lawful Basis for Processing Your Personal Data  

We process your personal data only when we have a lawful basis to do so. The lawful bases we rely on include:

Consent  

• Marketing communications

• Use of non-essential cookies

• Sharing data with experts upon request

• Processing special category data where required

Contractual Necessity  

• Providing our services

• Processing payments

• Managing your account

• Delivering course content

Legal Obligation  

• Complying with tax laws

• Following anti-money laundering regulations

• Responding to court orders

• Maintaining required business records

Vital Interests  

• Protecting your safety or the safety of others

• Managing emergency situations

• Preventing fraud or abuse

Legitimate Interests  

• Improving our services

• Ensuring network security

• Preventing fraud

• Managing business relationships

• Conducting market research

• Providing customer support

When relying on legitimate interests, we conduct a balancing test to ensure our interests do not override your fundamental rights and freedoms.

Data Retention  

We retain personal data for 6 years from the date of last interaction, in alignment with European laws and our legal obligations. This period ensures we can:

• Comply with legal and regulatory requirements

• Handle any disputes or claims

• Maintain accurate business records

• Protect our legitimate business interests

Specific retention periods may vary based on:

• The type of data involved

• The purpose of processing

• Legal and regulatory requirements

• Business needs

After the retention period expires, we securely delete or anonymise your data unless:

• We are required to keep it longer by law

• You have requested we retain it

• There is an ongoing dispute or claim

• There is another valid business reason for retention

Your Rights  

Under the UK General Data Protection Regulation (GDPR), you have the following rights:

Right to Be Informed  

• Receive clear information about how we use your data

• Be notified of any changes to our privacy practices

• Understand our data collection and processing activities

Right of Access  

• Obtain confirmation that we process your data

• Receive a copy of your personal data

• Understand how we use and protect your information

Right to Rectification  

• Correct inaccurate personal data

• Complete incomplete personal data

• Update your information as needed

Right to Erasure  

• Request deletion of your personal data

• Remove information no longer needed

• Withdraw consent for processing

Right to Restrict Processing  

• Limit how we use your data

• Temporarily stop processing while we verify data accuracy

• Preserve data for legal claims

Right to Data Portability  

• Receive your data in a structured format

• Transfer your data to another service provider

• Reuse your data for different services

Right to Object  

• Object to processing based on legitimate interests

• Stop direct marketing

• Prevent processing for research or statistics

Rights Related to Automated Decision-Making  

• Not be subject to automated decision-making

• Obtain human intervention in decisions

• Express your point of view

To exercise these rights, contact our Data Protection Officer at:

Email: support@theacademy.world

Response Time: Within one calendar month as required by law

Data Security  

We implement appropriate technical and organisational measures to protect your data, including:

Technical Measures  

• Encryption of sensitive data

• Secure servers and networks

• Firewalls and intrusion detection

• Regular security updates

• Access controls and authentication

• Backup systems

Organisational Measures  

• Regular security reviews

• Staff training and awareness

• Security policies and procedures

• Access management

• Incident response plans

• Audit trails

Security Reviews  

We regularly review and update our security measures to:

• Ensure effectiveness

• Address new threats

• Incorporate best practices

• Maintain compliance

• Protect against data breaches

Data Breaches  

Breach Notification Procedures  

In the event of a personal data breach that risks rights and freedoms of individuals, we will:

• Notify the Information Commissioner's Office (ICO) within 72 hours

• Inform affected individuals without undue delay

• Document all breaches and our response

• Take measures to mitigate any adverse effects

International Breach Handling  

For breaches involving data transferred outside the UK:

• We assess specific risks to individuals' rights and freedoms

• Notify relevant international data protection authorities

• Cooperate fully with authorities' investigations

• Communicate directly with affected individuals if high risk

• Implement additional safeguards as needed

Third-Party Breaches  

If we become aware of a data breach at one of our third-party service providers:

• We promptly inform affected individuals

• Take appropriate mitigation measures

• Ensure the provider addresses the breach

• Review and update security measures

• Document all actions taken

International Data Transfers  

Transfer Mechanisms  

When transferring personal data outside the UK or EEA, we ensure appropriate safeguards through:

• Standard Contractual Clauses (SCCs)

• Adequacy decisions

• Binding Corporate Rules where applicable

• Specific derogations in limited circumstances

Transfer Safeguards  

We implement additional measures including:

• Data transfer impact assessments

• Enhanced security protocols

• Regular monitoring and reviews

• Contractual safeguards

• Technical security measures

Third-Party Services  

We maintain relationships with various third-party service providers to operate our business effectively. Rather than listing specific providers that may change over time, we maintain an up-to-date list of our current service providers on our website at [URL].

Provider Categories  

Our third-party providers may include:

• IT Support and Maintenance

• Payment Processing Services

• Cloud Storage Providers

• Analytics Services

• Marketing Services

• Customer Relationship Management Systems

• Learning Management Systems

Provider Requirements  

All third-party providers must:

• Sign appropriate data processing agreements

• Implement adequate security measures

• Process data only as instructed

• Assist with data subject rights requests

• Report any data breaches promptly

• Maintain appropriate records

• Allow for audits and inspections

Contact Information  

Data Protection Officer

The Academy World
85 Great Portland Street
First Floor
London
W1W 7LT

Email: support@theacademy.world

Cookie Policy  

We use cookies and similar technologies on our website. For detailed information about the types of cookies we use, their purposes, and how to control them, please see our separate Cookie Policy at [URL].

Changes to This Privacy Policy  

We may update this Privacy Policy to reflect:

• Changes in our practices

• Legal or regulatory requirements

• Technology updates

• Organisational changes

• User feedback

We will notify you of any material changes:

• Via email

• Through our website

• Before changes take effect

Additional Information  

Children's Privacy  

Our services are not intended for individuals under 16. We do not knowingly collect data from children without parental consent.

Direct Marketing  

When processing data for direct marketing:

• We obtain appropriate consent

• Provide clear opt-out mechanisms

• Honour preferences promptly

• Maintain accurate marketing lists

Legal Basis for Processing  

We regularly review our legal bases for processing to ensure:

• Continued validity

• Appropriate documentation

• Compliance with regulations

• Protection of individual rights

Our Commitment  

We are committed to:

• Protecting your personal data

• Complying with all applicable laws

• Maintaining transparency

• Respecting your privacy rights

• Continuously improving our practices

Disclaimer While our platform leverages AI to personalise your learning journey, the heart of The Academy lies in the expertise and passion of our human instructors and mentors. Our courses are infused with their real-world insights and practical experience, ensuring you gain actionable knowledge that drives real results.