Privacy Policy
Effective date: 22 November 2025 • Jurisdiction: United Kingdom
Introduction
This Privacy Policy explains how Artline Academy processes your personal data in the UK and EEA.
Artline Academy Ltd (we, us) is the data controller for personal data processed in connection with our website, learning platform, and related services. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This policy covers: what data we collect, the purposes and lawful bases for processing, data retention, international transfers, data security, your privacy rights, and how to contact us or lodge a complaint.
Definitions
- Personal data: any information that identifies or relates to an identifiable individual.
- Processing: any operation performed on personal data (collection, storage, use, disclosure, deletion).
- Controller/Processor: as defined in UK GDPR Articles 4(7) and 4(8).
Data we collect
We collect account data (name, email), usage data (pages visited), and course-related preferences. We do not collect special category data.
Categories of data
- Identity and contact data: name, email address, country/region, optionally phone number.
- Account and profile data: login identifier, course enrollments, progress, preferences, support history.
- Transaction data: purchase history, invoice totals, last four digits of card and tokenised references when applicable (no full card numbers stored by us).
- Technical data: IP address, device identifiers, browser type, operating system, time zone, language, referrer URL.
- Usage data: pages viewed, features used, clicks, session duration, performance metrics.
- Marketing and communications data: your preferences for receiving updates and notifications.
- Cookie and similar technologies: necessary cookies for site operation and, if you consent, analytics cookies. See Cookies section.
Sources of data
- Direct interactions: when you create an account, enroll in a course, contact support, or fill forms.
- Automated technologies: via our website/app through cookies and similar technologies.
- Third parties: payment processors (for payment confirmations), authentication providers (when you sign in using those services).
We do not intentionally collect data from children under 13. If you believe a child has provided us data without parental consent, contact us and we will delete it.
How we use data
- Provide and improve courses
- Respond to enquiries
- Measure site performance
- Comply with legal obligations
Purposes and lawful bases
- Account creation and service delivery (contract performance Art. 6(1)(b)).
- Customer support, debugging, and service improvements (legitimate interests Art. 6(1)(f)).
- Billing, fraud prevention, and tax records (legal obligation Art. 6(1)(c)).
- Marketing communications with opt-in controls (consent Art. 6(1)(a); you can withdraw anytime).
- Analytics to understand product usage (consent Art. 6(1)(a) via cookie preferences).
Retention
We retain personal data only as long as necessary for the purposes described above:
- Account data: for your active account and up to 24 months after closure, unless legal obligations require longer.
- Transaction records: 6 years for tax and accounting requirements.
- Support tickets: 24 months from last interaction.
- Analytics cookies: according to your consent and cookie lifetimes described below.
International transfers
If we transfer personal data outside the UK, we use appropriate safeguards such as adequacy regulations, International Data Transfer Agreements (IDTA), or UK Addendum to SCCs, and implement technical and organisational measures.
Data sharing
We may share data with vetted processors to provide our services (e.g., cloud hosting, email delivery, payment processing). These processors act under written contracts and only process data per our instructions.
Security
We implement layered security including encryption in transit (TLS), access controls, least-privilege policies, monitoring, backups, and staff privacy training. While we work to protect your data, no method is 100% secure.
Automated decision-making
We do not make decisions producing legal or similarly significant effects solely based on automated processing. Limited profiling may be used to recommend courses; you can opt out via your preferences or by contacting us.
Your rights
Under UK GDPR you may request access, rectification, deletion, restriction, or portability of your personal data, and object to processing.
- Access: obtain a copy of your personal data we hold.
- Rectification: correct inaccurate or incomplete data.
- Erasure: request deletion where we no longer need data or you withdraw consent.
- Restriction: limit processing while a request is reviewed.
- Portability: receive your data in a structured, commonly used, machine-readable format.
- Object: to processing based on legitimate interests or to direct marketing.
- Withdraw consent: where processing is based on consent (e.g., analytics/marketing cookies).
To exercise rights, contact us using the details below. We may request proof of identity. We respond within one month, extendable by two months for complex requests. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).
Contact
Email: [email protected] • Phone: +44 20 7946 0123
Controller: Artline Academy Ltd, 71-75 Shelton Street, London, WC2H 9JQ, United Kingdom.
If you are not satisfied with our response, you can lodge a complaint with the UK ICO. We are committed to resolving issues promptly and transparently.
We may update this policy from time to time. We will post the latest version on this page and update the effective date.