We place great importance on data protection and the safeguarding of your data. It is important that we are transparent about how we look after your data and privacy, and this Privacy Notice explains how we collect, use, disclose, transfer, and store your data. It also informs of your data protection rights and how to contact us. In this Privacy Notice we use the terms “we”, “us”, and “our” (and other similar terms) to refer to Active Education Academy, who act as data controller responsible for your Personal Data.
We may change this Privacy Notice from time to time, so please check back regularly to keep informed of any updates. This version of the Privacy Notice (version 1.0) was last updated 15/03/2023.
Who we are
Active Education Academy are specialist providers of online flexible learning education in the health and fitness industry. We provide a wide range of international qualifications which are OFQUAL regulated and CIMSPA endorsed. Active Education Academy is a limited company and our correspondence address is Active Education Academy, Suite D, 61 Bridge Street, HR5 3DJ, United Kingdom.
How to contact us
If you have any privacy queries or would like to contact us about your data, please email: Info@activeeducationacademy.co.uk
Categories of Personal Information
In this Privacy Notice, we use the term ‘Personal Data’, this is information where an individual can be directly or indirectly identified. There is another type of data called ‘Special Category Data’, this relates to information deemed sensitive and requires more protection (e.g. biometric or health data) – we do not expect to process Special Category Data.
Our services are not directed to individuals under 16. We do not knowingly collect personal information from children who are under 16 years of age. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information.
Our Commitment to you
Active Education Academy is committed to protecting and respecting your privacy. When making decisions about your data, we will have considered the 6 principles for processing data, as set out in the Data Protection Legislation. This legislation includes the Data Protection Act 2018 (DPA 2018), United Kingdom General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the aforementioned legislation. Where data is processed by a controller or processor established in the European Union or comprises the data of people in the European Union, it also includes the EU General Data Protection Regulation (EU GDPR). This includes any replacement legislation coming into effect from time to time.
The Information Commissioner’s Office (ICO) is the UK supervisory authority for data protection issues. More information regarding processing principles, as well as information on our additional data protection obligations, can be found on the ICO website (www.ico.org.uk).
Information we may hold on you
The data we collect depends on the nature of the services provided to you, this can include:
- Basic details such as name, address, date of birth and contact details.
- Information required to facilitate payment for our service (e.g. financial information).
- Information you have provided and disclosed to us during contact we have had with you throughout your interaction with our service.
- Vocational and professional information such as your educational history, job title and qualifications.
- Details of the services you have accessed.
- Information provided when using our website such as our website enquiry form or communication platforms.
- Details of visits to our website (including your IP address, login information, and other analytical information).
- Any other Personal Data we collect during the course of providing our services or in the course of operating our business.
Your data may be collected:
- By telephone.
- By correspondence including post, text, email or otherwise.
- When submitting an enquiry on our website.
- When communicating via other communication platforms.
We may also collect your data from third parties, such as:
- Awarding body for the professional qualification.
- Other bodies, entities or companies who have obtained your permission to share information about you (who have identified a lawful basis for doing so).
Where we utilise communication platforms, such as WhatsApp and Facebook. If you submit your personal information to any of these third-party sites, your personal information is governed by their privacy policies. To understand how these third-party sites / platforms manage your data, please refer to the separate Privacy Notice for the respective third-party / platform.
We will only use your Personal Data for the purpose, or purposes, for which we have obtained it. If we reasonably consider that we need to use it for another reason, we will only do so if that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will inform you and explain the legal basis which allows us to do so.
In general, we use your data to provide our services to you, this can include the following specific purposes:
- Responding to correspondence.
- Sending you service-related information.
- Providing support to you as part of providing or accessing our service.
- Record keeping and administration purposes.
- For registration as a student.
- Obtaining certification from the awarding body.
- Quality assurance and compliance processes.
- Obtaining feedback on our services.
- To facilitate billing and payment.
- To process and respond to any concerns or complaints, or for troubleshooting.
- To comply with any other legal, professional, or regulatory obligations imposed on us.
- To audit our services and the use of our websites.
- For the marketing of our services (only with your consent).
We rely on the following legal reasons for processing your Personal Data:
- Contractual necessity: We will process your Personal Data when it is necessary to perform a contract you have entered, or in order to take steps at your request prior to entry into a contract.
- Legal obligation: We will process your Personal Data when it is necessary to comply with a legal or regulatory obligation.
- Consent: Where we require consent to process your Personal Data, we will specifically request this from you (verbally or in writing) and provide information on the purpose of that processing. If you have given consent, you can change your mind at any time and withdraw it by contacting us.
- Legitimate interests: We will process your Personal Data when we, or a third party, have a legitimate interest in processing it (e.g. ensuring our business processes and policies are adhered to, or improving our business by monitoring and recording information relating to our services). We only process for this reason if the legitimate interest is not overridden by your own interests or fundamental rights or freedoms. Please contact us if you would like more information on our, or a third party’s, legitimate interests, and the balancing test we use to ensure processing is lawful.
We may process your data without your knowledge or consent where this is required by law.
We do not undertake any automated decision making (decisions made solely by automated means without any human involvement) or profiling (using Personal Data to evaluate certain things about an individual or groups).
We will share your data with selected third parties:
- Disclosure is required for us to provide our services to you.
- To fulfil our contractual obligations to you.
- When you specifically request it.
- If we are under a legal or regulatory duty to disclose your information.
- As a result of any changes in business ownership or organisation.
We may share your personal information, where required and to the extent permitted (and on which we have a lawful basis), with:
- The Awarding body responsible for registering, accrediting and issuing certification.
- External accreditation bodies.
- Law enforcement agencies and regulators.
- Parties contracted to provide accounting, finance, consulting, and auditing services.
- Public bodies (where applicable).
- External service suppliers who provide business support services (including IT, data storage, sales, communication platforms, Customer Relationship Management ‘CRM’ tool, website development and hosting companies).
- Stripe who provides payment gateway services (https://stripe.com/gb/privacy)
- Analytics and search engine providers who assist in improving our website.
- Any other third party you may ask us to share your data with.
We will be transferring and processing your data outside of the UK and EEA. Territories outside of the UK and EEA include Dubai and USA. By accessing our services or otherwise providing Personal Data to us, you understand that processing, transfer, and storage of your Personal Data will occur within these territories. Such transfers are subject to appropriate data protection agreements such as a contract based upon the Model Contractual Clauses for data processing activities.
If we do have occasions to transfer your data outside of the UK, EEA, USA and Dubai, to countries not deemed by the ICO (and/or European Commission as relevant) to provide an adequate level of personal information protection, the transfer will be based on safeguards that allow us to conduct the transfer in accordance with the data protection legislation, such as the specific contracts approved by the ICO (or European Commission as relevant) providing adequate protection of personal information.
We have in place physical, electronic, and operational procedures intended to safeguard and secure the information we collect. These measures are updated as necessary.
How long we retain your data for will vary from matter to matter but will be determined in accordance will the following criteria:
- The length of time necessary to complete our contract with you.
- The length of time to provide our services to you.
- Any period necessary to comply with our legal obligations.
- Any time limits for establishing or defending legal claims or responding to complaints.
- Any periods for retention recommended by regulators or professional bodies.
When we no longer have a legitimate need to process your information, we will delete, anonymise, or isolate your information, whichever is appropriate.
- Right to Access: You have the right to obtain confirmation from us as to whether we are processing your Personal Data and, if we are, to request a copy of the Personal Data we hold about you. This is known as a ‘subject access request’. If you wish to make a subject access request, please request this by emailing: email@example.com
- Right to Rectification: You have the right to ask that we update any information we hold about you that may be incorrect. It is important that the information we hold about you is accurate and up to date – if any of your personal information changes please let us know.
- Right to restriction of processing: You have the right to request that we restrict the way in which we process your data, or that we erase all personal information that we hold about you.
- Right to Object: You have the right to object to the use of your information in certain circumstances.
- Right to Erasure: You have the right to request that we partially or fully delete your personal information.
- Right to Data Portability: You have the right to transfer your information to a third party, in a structured, commonly used machine-readable and useable format. This right only applies to Personal Data processed by way of consent or in pursuant to our contract with you. If you wish us to transfer your Personal Data in accordance with this right, please let us know.
- Right to Complain: You have the right to complain to us, or the appropriate supervisory authority (see ‘Concerns’ section below), if you have any grievance against the way we collect, use, or share your information.
We will try our best to comply with any request to restrict, object or erase your data, however processing of some data may still be required for legitimate business purposes or to comply with legal obligations. Please note that if you want us to restrict processing, stop processing, or delete your data this may prevent us from providing our services to you.
You will not have to pay a fee to access your Personal Data or to exercise any of your other rights. We may however charge a reasonable fee should your request be clearly unfounded, repetitive, or excessive. To prevent unauthorised access to information we may ask for proof of identity. We will do our best to respond to your request within one month, however if that is not possible due to the number or complexity of requests, we will notify you and keep you updated.
For further information on your rights, please visit https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/individuals-rights/
If you wish to raise a query or concern about how we have handled your Personal Data, you can contact us using the details above.
You also have the right to raise a concern at any time to the Information Commissioner’s Office (“ICO”) who is the UK supervisory authority for data protection issues. We hope that you would consider raising any concern you have with us first to enable us to do our very best to solve any problems you may have. For more information on submitting a concern to the ICO, or the data protection regime in general, please visit the ICO’s website (www.ico.org.uk).