1. Information We Collect

We collect various types of information to provide and improve our financial education services. This includes information you provide directly and data we gather automatically through your use of our platform.

2. How We Use Your Information

Your information helps us deliver personalized educational experiences and improve our platform. We process your data based on legitimate business interests and your consent where required.

• Providing access to learning programs and tracking your progress
• Sending course updates, educational content, and platform notifications
• Processing payments and maintaining accurate billing records
• Analyzing usage patterns to enhance our educational offerings
• Responding to your inquiries and providing customer support
• Ensuring platform security and preventing fraudulent activities

3. Legal Basis for Processing (UK GDPR)

Under UK data protection law, we must have a lawful basis for processing your personal data. Our legal bases include:

• Contract performance: Processing necessary to provide our educational services
• Legitimate interests: Improving our platform and preventing fraud
• Legal compliance: Meeting regulatory requirements and tax obligations
• Consent: For marketing communications where explicit consent is given

4. Data Sharing and Third Parties

We limit data sharing to essential service providers and never sell your personal information to third parties. Our carefully selected partners help us deliver our educational services effectively.

Service Providers We Work With:

• Payment processors for secure transaction handling
• Cloud hosting providers for data storage and platform operation
• Email service providers for course communications
• Analytics services to understand platform usage (anonymized data only)
• Customer support tools to respond to your inquiries

All third-party providers are contractually bound to protect your data and use it only for specified purposes. We conduct regular reviews to ensure compliance with our privacy standards.

5. Your Rights Under UK GDPR

As a UK resident, you have comprehensive rights regarding your personal data. We've made it straightforward to exercise these rights through our dedicated privacy portal or by contacting us directly.

• Right of Access: Request copies of your personal data we hold
• Right to Rectification: Correct inaccurate or incomplete information
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Remove consent for marketing communications

To exercise any of these rights, contact us using the details below. We'll respond within one month and provide clear information about any actions taken.

6. Data Security and Protection

We implement comprehensive security measures to protect your information from unauthorized access, alteration, or destruction. Our security framework includes both technical and organizational safeguards.

• End-to-end encryption for all data transmission and storage
• Regular security audits and vulnerability assessments
• Multi-factor authentication for staff accessing personal data
• Secure data centers with physical access controls
• Employee training on data protection and privacy practices
• Incident response procedures for potential data breaches

7. Data Retention and Deletion

We retain your personal data only as long as necessary for the purposes outlined in this policy. Our retention periods vary based on the type of information and legal requirements.

Retention Periods:

• Account information: Retained while your account is active plus 2 years
• Learning progress data: Kept for 5 years to maintain educational records
• Payment records: Stored for 7 years to meet tax and accounting requirements
• Marketing preferences: Maintained until you withdraw consent
• Support communications: Deleted after 3 years unless ongoing issues exist

When retention periods expire, we securely delete or anonymize your data. You can request earlier deletion by exercising your right to erasure, subject to legal obligations we must fulfill.

8. International Data Transfers

While we primarily process data within the UK, some of our service providers may be located in other countries. When international transfers occur, we ensure adequate protection through appropriate safeguards.

• Transfers only to countries with adequacy decisions from the UK government
• Standard Contractual Clauses for transfers to other jurisdictions
• Regular monitoring of international data protection standards
• Additional security measures for sensitive financial education data

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your learning experience and analyze platform performance. You can control cookie preferences through your browser settings or our cookie management tool.

Types of Cookies We Use:

• Essential cookies: Required for platform functionality and security
• Performance cookies: Help us understand how you use our platform
• Functional cookies: Remember your preferences and settings
• Marketing cookies: Deliver relevant educational content (with your consent)

10. Changes to This Policy

We may update this privacy policy periodically to reflect changes in our practices or legal requirements. When significant changes occur, we'll notify you through email or prominent notices on our platform at least 30 days before the changes take effect.

We encourage you to review this policy regularly to stay informed about how we protect your privacy. The "Last Updated" date at the top of this page indicates when the most recent changes were made.