📄 Privacy Policy
GDPR & UK DPA compliant privacy notice for London Academy (https://londonacademychm.uk/), explaining how we collect, use, protect, and manage personal data in accordance with the UK GDPR and the Data Protection Act 2018.
Privacy Policy Overview
A premium and structured layout for all privacy sections, optimized for clarity, compliance, and presentation.
Introduction
This Privacy Policy explains how London Academy (https://londonacademychm.uk/) (“we”, “us”, “our”) collects, uses, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
By using our website or services, you acknowledge that you have read and understood this policy.
Data Controller
London Academy acts as the Data Controller for the personal data you provide.
Personal Data We Collect
We may collect and process the following categories of personal data:
a) Identity Data
Full name, date of birth, nationality, identification documents (if required).
b) Contact Data
Email address, phone number, address.
c) Training & Certification Data
Course enrollments, results, assessments, certificates issued.
d) Financial Data
Payment information (processed securely via third-party providers).
e) Technical Data
IP address, browser type, device information, cookies.
Legal Basis for Processing (GDPR Article 6)
We process your personal data under the following lawful bases:
- Contractual necessity – to provide training and certification services.
- Legal obligation – compliance with UK laws and regulations.
- Legitimate interests – improving services and preventing fraud.
- Consent – for marketing communications (where applicable).
How We Use Your Data
Your data is used to:
- Register and manage your participation in programs.
- Deliver training services.
- Issue, store, and verify certificates.
- Provide accreditation services.
- Process payments.
- Communicate with you.
- Comply with legal and regulatory obligations.
Certificate Verification System
We maintain a secure internal system where:
- Issued certificates are recorded.
- Limited personal data may be accessible for verification purposes.
This ensures authenticity and prevents fraud.
Sharing of Personal Data
We may share your data with:
- Approved trainers and accredited training centers.
- Accreditation and certification partners.
- Government bodies (e.g., for certificate attestation via UK authorities).
- Payment processors and IT service providers.
All third parties are required to respect the security and confidentiality of your data.
We do not sell or rent personal data.
International Data Transfers
Your data may be transferred outside the UK. Where this occurs, we ensure appropriate safeguards such as:
- Standard Contractual Clauses (SCCs).
- Adequacy decisions where applicable.
Data Retention
We retain personal data only as long as necessary for:
- Certification verification (may be long-term for authenticity purposes).
- Legal and regulatory compliance.
Data Security
We implement appropriate technical and organizational measures, including:
- Secure servers.
- Access control.
- Data encryption (where applicable).
Your Rights (Under GDPR)
You have the right to:
- Access your personal data.
- Request correction.
- Request erasure (“right to be forgotten”).
- Restrict processing.
- Object to processing.
- Data portability.
- Withdraw consent at any time.
To exercise your rights, contact us via email.
Complaints
You have the right to lodge a complaint with the UK supervisory authority:
Cookies
We use cookies in accordance with applicable laws. You may manage cookies through your browser settings.
Third-Party Links
We are not responsible for the privacy practices of external websites.
Changes to This Policy
We may update this Privacy Policy from time to time.