Effective: April 2024

Welcome to Elite Skills Academy’s (ESA) Privacy Notice.

ESA is an online learning provider. We provide training courses via our website and Learning Management System (LMS) at www.eliteskillsacademy.co along with a wide range of supporting resources and articles via our Hub at https://eliteskillsacademy.co/educ8-blogs/. 

At ESA, safeguarding your privacy and securing your personal data are paramount. We adhere strictly to all UK GDPR regulations, and for EU citizens, we also abide by EU GDPR standards.

ESA acts as a data controller for all data it handles. 

We do not handle any specific category data, nor do we knowingly gather information from children. 

This privacy notice serves as an additional resource and does not supersede other notices. 

PURPOSE OF THIS PRIVACY NOTICE

This privacy notice outlines the methods and purposes behind the processing (collection, usage, retention, and sharing) of personal data for all individuals engaged with ESA, including: 

• Customers, whether purchasing for themselves or others;
• Learners, encompassing those who self-purchase courses or recessive access through another entity, such as their employer or organisation;
• Individuals interacting with us through our websites;
• Suppliers and contractors;
• Visitors to our premises.

Furthermore, it delineates your rights regarding your personal data, including procedures for contacting us or relevant supervisory authorities in the event of a complaint. 

Should you have any concerns regarding this notice or queries about ESA’s data processing, please reach out to us at compliance@eliteskillsacademy.co

THE DATA WE COLLECT ABOUT YOU

We gather diverse information from individuals who engage with us. 

Ensuring the accuracy and currency of the personal data we maintain about you is crucial. Kindly inform us of any changes to your personal information during your association with us. 

For our learners we require your name and email address. If you opt for a physical certificate, we’ll need your postal address as well. Additionally, you have the option to provide your phone number. 

Learners are prompted to set up an account with ESA, which entails providing a username and creating a secure password. Alternatively, when you purchase a course from us, one your payment has been processed, we will create your account and send you your login credentials including an access code which you can use to access your online course.

For people who purchase a course from us (including those who purchase for others) we require processing your name, email address, telephone number, and information necessary for order processing, such as the courses and quantities needed, billing/invoice address, and payment details. 

For people who supply us with goods and services we need to gather and process your name, contact information, and banking details or preferred payment methods. 

For people who visit our offices: we may collect your name and contact information. Additionally, our office is equipped with CCTV for crime prevention purposes. Recordings are stored for a rolling period of 30 days. 

For those who sign up to our marketing information or who enter a competition we will require the collection and processing of your email address. Specific entry guidelines for competitions will be provided separately. If you emerge as a competition winner, we may request your postal address and proof of identity. 

Those who interact with us through our website(s) which employ restricted technologies and cookies, our aim is to provide an efficient, personalised, and customised user experience. 

For additional details regarding cookies, please refer to our dedicated Cookie Policy available at https://www.eliteskillsacademy.co/cookie-policy/. This policy comprehensively outlines the cookies we utilise and explains their significance, not only for ESA’s operations but also to guarantee an optimised experience for all our learners and visitors. Our aim is to ensure that the content you encounter is personally relevant and of interest to you.

Those who interact with us on social media ESA does not extract any data beyond the confines of the respective platforms, unless explicitly requested by you. For instance, if you raise learner queries via Facebook or express interest in receiving communications via LinkedIn, we may utilise your social media username or profile. We may retweet your content using your social media username or profile, but this action is confined to the respective social media platform.

For more information about our use of social media see section below.

WHEN IS YOUR PERSONAL DATA COLLECTED?

ESA gathers personal data at different points of interaction. This occurs when you:

• Purchase and/or engage in our training courses;
• Reach out to us for assistance;
• Establish an account on our website;
• Subscribe to our services or publications;
• Request marketing materials;
• Connect with us through social media platforms or seek subscriptions via these channels;
• Participate in competitions, promotions, or surveys;
• Engage in customer surveys or focus groups;
• Provide feedback;

When establishing agreements with our suppliers, contractors, and advisors (including pre-contractual measures at your request), data is obtained.

Additionally, data is gathered through automated monitoring of our websites and technical systems, such as computer networks, CCTV, access control, and communication systems.

We utilise instant messaging systems in cases where customers or learners request it, or when we share or repost information within social media platforms.

Under rare circumstances and solely as necessary, we may acquire personal data from third-party sources, including publicly available information, such as data from Companies House.

We gather limited data during the payment process:

• If payment is made via BACS or Cheque, we securely record your account name, payment reference, and amount within our accounting systems.
• In the event of a refund or payment to a supplier via BACS, we require your account name, sort code, account number, and payment amount.
• All credit/debit card transactions are securely handled by third-party providers to prevent ESA from accessing any sensitive payment information.

HOW WE USE YOUR PERSONAL DATA

We will solely utilise your personal data when there exists a lawful and legitimate justification to do so.

We utilise your personal data for the following purposes:

• Performance of Contract: This includes instances where it is necessary to fulfil contractual obligations, such as when you purchase or enrol in one of our training courses, or when we procure services or supplies essential for our business operations.
• Compliance with Legal or Regulatory Obligations: We may use your data to adhere to legal or regulatory requirements, such as retaining data for HMRC reporting.
• Consent: Your consent is sought, for instance, when you subscribe to our newsletters, updates, or marketing materials. As an online educational provider, ESA values customer feedback and engages with those who consent to participate in market research or customer focus groups, ensuring our course offerings remain current and aligned with user perspectives.
• Legitimate Interests: In specific circumstances, we may use your data to pursue our legitimate interests in a manner that reasonably aligns with business operations and does not unduly infringe upon your rights. This could involve utilising purchase history to personalise offers, sending course renewal reminders, or notifying individuals about new course launches.
• Voluntary Information: We may request additional voluntary information to enhance customer service, such as the size or sector of your organisation.
• Reviews: Should you choose to leave a review, we may use an independent third party and may contact you to address any concerns raised, aiming to enhance our services.
• Direct Marketing: We may send direct marketing emails to customers and learners who have purchased or taken a course with us, unless they opt out. This approach, known as a “soft opt-in,” ensures tailored marketing communications without blanket marketing campaigns.
• Data Analysis: In rare cases, we may combine customer data to identify trends and develop new products or courses tailored to specific needs.

These measures are undertaken responsibly and with utmost consideration for maintaining the trust and privacy of our customers and learners.

MARKETING AND PROMOTIONAL COMMUNICATIONS

As mentioned earlier, we engage in marketing activities directed towards subscribers, customers, and individuals who have opted in. You retain the right to opt out of receiving promotional communications at any time by:

• contacting us at compliance@eliteskillsacademy.co.uk;
• utilising the ‘unsubscribe’ link available in our emails;
• updating your marketing preferences by accessing your account.

Should you opt out of our email updates or request to cease receiving promotional offers, this decision will not impact any other interactions you have with ESA. For instance, you will continue to receive course renewal reminders as necessary or be able to purchase/enrol onto additional courses from our website. 

In certain circumstances, such as when you request additional courses or content in the future, or if there are alterations to legal requirements, regulations, or the structure of our business, we may request confirmation or updates to your marketing preferences. 

It’s important to note that we do not process data on behalf of any other party, nor do we sell data to third parties for direct marketing endeavours. 

WEBSITE AND THIRD-PARTY LINKS

Our website contains links to third-party websites, plug-ins, and applications. Should you access these other websites via the provided links, the operators of those sites may gather information from you, subject to their own privacy policies, which may vary from ours. Consequently, if you utilise these links to exit our site and visit third-party-operated websites, we cannot guarantee the safeguarding and confidentiality of any data you provide to them. We advise you to review their respective privacy policies before disclosing any personal information on those websites.

ESA websites utilise Google Analytics to gather standard internet log information and analyse visitor behaviour patterns. This enables us to understand factors such as the volume of visitors to different sections of the site. Please note that this information is processed in a manner that does not directly identify individuals. We do not attempt, nor do we permit Google to attempt, to identify the identities of visitors to our websites. 

SOCIAL MEDIA

Any information or comments you share on ESA’s social media platforms (such as Facebook, LinkedIn, Twitter, or other social media applications) are considered public and will be treated as such under this notice and ESA’s data usage policies. ESA lacks control over the use of information shared on these platforms. It’s important to exercise caution and discretion when posting or disclosing information in public forums, including personal data. Please note that content shared on ESA’s social media pages and interactive sections of Educ8, including advice and opinions, reflects the viewpoints of the individuals who posted them. These individuals bear sole responsibility for their posted content. ESA does not necessarily endorse, support, verify, or agree with any content shared on our social media pages and forums.

SOCIAL MEDIA WIDGETS

ESA websites incorporate social media widgets, including buttons and share widgets such as those for Facebook, LinkedIn, and Twitter (embedded within specific articles on Educ8). These widgets may be hosted by a third party or directly on ESA’s website. Your interactions with these widgets are subject to the privacy policy of the company providing them. They may collect your IP address, the specific ESA webpage you are accessing, and may utilise cookies to ensure proper functionality. ESA recommends that individuals using these widgets familiarise themselves with the privacy policies associated with each widget.

WHO WE SHARE YOUR DATA WITH

It might be necessary to disclose your information to our contractors and subcontractors to facilitate the provision of services to you or to assist in delivering our courses and other learning materials. These contractors and subcontractors are contractually obligated to adhere to the security requirements outlined in the Data Protection Act and/or the General Data Protection Regulation, or any other relevant laws and regulations following the conclusion of the transition period for the UK’s departure from the EU (as applicable).

Our contractors and subcontractors are prohibited from sharing your information with any other parties (unless explicitly agreed upon in writing with ESA) and may only utilise the information while performing tasks on behalf of ESA. This could involve acting as joint controllers of data, such as our accountants, or as data processors, such as those responsible for supplying data storage for our Learning Management System.

Although there are currently no plans for changes to ESA’s business or ownership structure, if our business were to be sold, we would transfer your personal data to a third party as outlined below:

• If we sell or purchase any business or assets, your personal data may be disclosed to the prospective seller or buyer of such business or assets, always in compliance with applicable data protection laws.
• If ESA or a significant portion of its assets are acquired by a third party, personal data held by ESA about its customers will be one of the transferred assets to the purchaser.

In each scenario, the legal basis for processing data is our legitimate interest in ensuring the continuity of our business by the purchaser. If you object to our use of personal data in this manner, the relevant seller or buyer may not be able to provide products or services to you.

Additionally, we may need to share your personal data in certain circumstances to comply with legal obligations.

SECURITY AND YOUR PERSONAL INFORMATION

We understand the paramount importance of data security to all our customers and every individual we interact with. Therefore, we handle your data with the utmost care and implement all necessary measures to safeguard it. Your provided information is securely stored, whether in digital or physical form. 

Throughout all aspects of our business, we maintain appropriate security protocols to prevent accidental loss, unauthorised access, misuse, alteration, or disclosure of your personal data. Additionally, access to your personal information is restricted to employees, agents, contractors, and other third parties who require it for legitimate business purposes. They are bound by confidentiality obligations and are only permitted to process your personal data according to our instructions. 

We ensure secure access to all transactional sections of our websites and apps by employing ‘https’ technology, and all payment transactions are encrypted using SSL technology. Payment processing is handled securely under contract by external providers such as WooCommece, PayPal, SagePay, or Stripe.

We utilise Stripe for payment processing, analytics, and other business services. Stripe collects and manages personal data, including device identification information of the devices connecting to its services. This information is used by Stripe to operate and enhance the services it offers to us, including fraud detection and prevention. You can find more information about Stripe and its data processing practices in their privacy policy available here.

The account information linked to ESA is safeguarded by passwords to ensure your privacy and security. You select the password for your ESA account, thereby determining its strength. We advise choosing a unique password and refraining from sharing it with others. If we create an access code for you to access your course, please note, this is unique and independent to you and may be comprised of a set of numbers and letters. This will be emailed to you in our welcome email when you purchase a course from us.

• Access to your personal data is shielded by password protection, and sensitive data is further secured through encryption technologies.
• All systems enforce strong password policies and require regular password changes.
• We consistently maintain firewalls, malware protection, and anti-virus software.
• We actively monitor and maintain systems to detect and respond to potential data breaches.
• Data accessed off-site or on mobile devices is stored on devices with secure password access, kept locked when not in use, and never left unattended.
• System vulnerabilities and potential attacks are continuously monitored, and random penetration testing is conducted to enhance security measures.
• Paper documentation, if any, is securely stored in access-controlled offices, and all paper documents are protected by access restrictions.
• Only relevant staff members have access to the information you provide.
• All staff members undergo comprehensive data protection training upon induction and receive annual refreshers to reinforce their understanding of data responsibilities. They are made aware that breaching our data protection policy could lead to disciplinary action, including dismissal. We ensure the utmost protection of your personal information.
• Our offices are equipped with security measures and CCTV surveillance to deter criminal activities and protect data security.
• We have established procedures to address any suspected personal data breaches and will notify you and relevant regulators of any breaches as required by law.

These security measures and procedures undergo regular audits and reviews.

INTERNATIONAL DATA TRANSFERS

ESAs Learning Management System (LMS) stores and backs up your data on servers located in the UK.

However, to ensure the most efficient delivery of our learning services, there are instances where we may need to share your personal data with third-party suppliers located outside the UK or the European Economic Area (EEA). For instance, if you are situated outside the UK and place an order with us, we will transfer the personal data collected from you to ESA in the UK. Additionally, there are situations where (1) services are utilised to support the seamless operation of our business, and (2) when you contact us via email, there is a possibility that a third-party processor may transfer the communication outside the UK or EEA, including to the USA.

PROTECTING YOUR DATA OUTSIDE THE EEA

In the event of your data being transferred outside the UK or EEA, we have established procedures to guarantee that your data receives equivalent protection to that provided if it were processed within the UK or EEA. For instance, our agreements with third parties specify the standards they must adhere to consistently.

Any transfer of your personal data will comply with relevant laws, and we will handle the information in accordance with the principles outlined in this Privacy Notice.

HOW LONG WILL YOU USE MY PERSONAL DATA FOR

We understand the paramount importance of data security to all our customers and every individual we engage with. Hence, we handle your data with the utmost care and implement all necessary measures to safeguard it. Whether in digital or physical form, the information you provide is securely stored.

Throughout our operations, we maintain appropriate security protocols to prevent accidental loss, unauthorised access, misuse, alteration, or disclosure of your personal data. Moreover, access to your personal information is restricted to employees, agents, contractors, and other third parties with a legitimate business need. They are obligated to process your data solely according to our instructions and are bound by confidentiality agreements. 

At present: 

• We keep learners’ data for the duration of their learning journey to ensure that training records or certificates are accessible to them at any point in the future, or if we need to furnish evidence of training in response to a legal request. 
• Financial data, including personal information, is retained for 7 years to comply with HMRC regulations. 

YOUR RIGHTS

For further details regarding each of these rights, including their applicable circumstances, please reach out to us directly or refer to the guidance provided by the UK Information Commissioner’s Office (ICO) on individuals’ rights under the UK General Data Protection Regulation. For EU citizens, ESA upholds similar standards by adhering to the EU GDPR. Additional information can be obtained from the respective local data protection authorities, such as CNIL in France (https://www.cnil.fr/en/home).

Should you wish to exercise any of these rights, kindly:

• Email, call, or write to us or our Data Protection Officer (details provided below in ‘How to contact us’).
• Provide sufficient information for us to identify you (e.g., your full name, address, email, and customer or reference number).
• Furnish proof of your identity and address (a copy of your driving licence or passport, along with a recent utility bill or credit card statement).
• Specify the right you wish to exercise and the information to which your request pertains.

Your right to withdraw consent

• If you have previously granted us consent to utilise your personal data, you retain the right to revoke that consent at any time. You can exercise this right by contacting us or our Data Protection Officer using the provided details below. 

Where we rely on our legitimate interest

• In situations where we process your personal data based on our legitimate interests, you have the option to request cessation of processing due to factors specific to your circumstances. We will cease processing your information unless we have compelling legitimate grounds that override your interests. 

HOW TO COMPLAIN

We strive to address any queries or concerns you may have regarding our use of your information promptly and effectively.

However, if you believe that your rights under the General Data Protection Regulation have been infringed, you have the right to file a complaint with a supervisory authority, particularly in the European Union (or European Economic Area) state where you work, reside, or where the alleged breach of data protection laws occurred. In the UK, the supervisory authority is the Information Commissioner, who can be contacted at https://ico.org.uk/concerns or by telephone at 0303 123 1113. If you are an EU Citizen, please refer to your respective Data Protection Authority: https://edpb.europa.eu/about-edpb/board/members_en

CHANGES TO THIS PRIVACY POLICY

This privacy notice was originally published and last revised on (April 2024). 

We may change this privacy notice from time to time – when we do we will inform you via our website. 

HOW TO CONTACT US

Should you have any inquiries regarding this privacy notice or the data we possess about you, please reach out to us or our Data Protection Officer via mail, email, or telephone.

Changes to our Privacy Policy

We may change this privacy policy at any time. If we do so, we will post updates on this site.