DRose Academy Privacy Policy

Who We Are

DRose Academy is committed to protecting your personal data and maintaining transparency in how information is collected, used and safeguarded. This Privacy Policy explains what data we collect, why we collect it, and your rights in relation to that data.

This policy applies to all interactions with DRose Business and DRose Academy, including use of our websites, training platforms, services and communications.

Who We Are

DRose Academy is part of D’Rose Development Consultancy Ltd. We act as the Data Controller responsible for your personal data.

Contact:
[email protected]

What Personal Data We Collect

We may collect and process the following types of personal data:

1. Communication Data

Information you provide when contacting us, including:

~ Emails

~ Messages

~ Enquiries

~ Feedback

2. Customer Data

Information related to purchasing or accessing services, including:

~ Name

~ Email address

~ Billing details (processed securely via third‑party providers)

~ Purchase and booking information

3. User Data

Information about your use of DRose Academy services, such as:

~ Course activity

~ Uploaded content (e.g. assignments, survey responses)

~ Engagement with learning materials

4. Technical Data

Automatically collected data including:

~ IP address

~ Browser type

~ Device information

~ Usage patterns and navigation

This may be collected through cookies and analytics tools (see our Cookie Policy).

5. Marketing Data

Information relating to your preferences, such as:

~ Communication preferences

~ Subscription status

~ Engagement with emails or updates

Sensitive Data

We do not intentionally collect special category (sensitive) data, such as:

~ Race or ethnicity

~ Religion

~ Health information

~ Political beliefs

However, in some learning or lived experience contexts, individuals may voluntarily share such information. Where this occurs, it is treated with enhanced confidentiality and respect.

How We Use Your Data

Third parties or publicly available sources

We may receive personal data about you from various third parties and public sources as set out below. When a Third Party Service is enabled, we are authorized to connect and access Other Information made available to us in accordance with our agreement with the Third Party Provider. We do not, however, receive or store passwords for any of these Third Party Services when connecting them to the Services.

Third party integrations may include

Zapier.com: Integrations, Automation

MailChimp.com: Mailing Service

Google.com: Analytics, reCAPTCHA

DigitalOfficePro.com: PowerPoint to HTML5 Technology

SlideServe.com , SlideOrbit.com: Slide Hosting Service

Facebook.com: Facebook Login, Meta Pixel

Segment.io: Customer Data Management

Sensitive Data

We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.

Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don't provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.

How we use your Personal Data

We process your personal data for the following purposes:

To deliver services

~ Provide access to courses and resources

~ Manage bookings and payments

~ Respond to enquiries

To improve our services

~ Understand how the website and content are used

~ Develop training, resources and learning materials

To communicate with you

~ Respond to queries

~ Send essential service updates

~ Provide relevant information where appropriate

For marketing (where permitted)

~ Send updates about DRose Academy courses, events or resources

~ Only where you have consented or where permitted under UK law

You can opt out of marketing communications at any time.

Lawful Basis for Processing

We process your data under the following legal bases:

Contractual necessity – to deliver services you have requested

Legitimate interests – to improve services, respond to queries and manage operations

Legal obligation – where required for compliance

Consent – for marketing and non‑essential cookies where applicable

Cookies and Tracking

We use cookies and similar technologies in accordance with our Cookie Policy.

These may be used to:

~ Enable website functionality

~ Understand usage and performance

~ Improve user experience

You can manage your cookie preferences at any time.

Sharing Your Data

We may share your data with:

Service providers

Who help deliver our services, including:

~ Course platform providers (e.g. GoHighLevel)

~ Payment processors (e.g. Stripe, PayPal)

~ Email and communication providers

~ Hosting and infrastructure providers

Professional and regulatory bodies

Where required for:

~ Legal compliance

~ Accounting

~ Safeguarding or regulatory reporting

We do not sell your personal data or share it with third parties for their own marketing purposes.

International Data Transfers

Some service providers may process data outside the UK.

Where this occurs, we ensure appropriate safeguards are in place, including:

~ UK‑approved Standard Contractual Clauses

~ Adequacy regulations

~ Contractual data protection obligations

Data Security

We implement appropriate technical and organisational measures to:

~ Prevent unauthorised access

~ Protect against data loss or misuse

~ Ensure confidentiality

Access to personal data is restricted to those who have a legitimate need.

Data Retention

We retain personal data only for as long as necessary to:

~ Provide services

~ Meet legal and regulatory obligations

~ Maintain appropriate records

Where possible, data is anonymised for longer‑term use in:

~ Research

~ Service improvement

Your Rights

Under UK GDPR, you have the right to:

~ Access your personal data

~ Correct inaccurate data

~ Request deletion of your data

~ Restrict or object to processing

~ Request data portability

~ Withdraw consent (where applicable)

To exercise any of these rights, contact: [email protected]

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Third‑Party Links

Our website may include links to third‑party websites or platforms.

We do not control these external sites and are not responsible for their privacy practices. We encourage you to review their policies separately.

Children’s Data

Our services are not intended for individuals under the age of 13. We do not knowingly collect data from children.

Data protection Authority

If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us by email on [email protected] first if you do have a complaint so that we can try to resolve it for you.

It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us via the support/contact us form OR update your profile in your account.