Privacy Policy

This Privacy Policy explains how YouLearnt collects, uses, shares, stores, and protects personal data when you use our website, platform, and related services.

It also explains your rights under UK data protection law and how to contact us if you have questions or concerns. Please read this Privacy Policy together with our Data Protection Policy, Security page, and any notices shown to you at the point where we collect your information.

 

1. Who we are

YouLearnt is the organisation responsible for the personal data described in this Privacy Policy.

If you have questions about this Privacy Policy or how we handle your personal data, you can contact us via contact us page.

 

2. Information we collect

We may collect and process the following types of personal data:

  • Identity data, such as your name, username, and account details.
  • Contact data, such as your email address, phone number, and mailing address.
  • Profile data, such as your preferences, settings, and account activity.
  • Learning and usage data, such as courses viewed, progress, interactions, and platform activity.
  • Communication data, such as messages, enquiries, support requests, and feedback.
  • Technical data, such as IP address, device type, browser type, operating system, and log data.
  • Payment and transaction data, where you make or receive payments through our services.
  • Marketing and communication preferences.
  • Any other information you choose to share with us.

Where relevant, we may also collect special category data or data relating to children only where permitted by law and where appropriate safeguards are in place.

 

3. How we collect information

We collect personal data:

  • Directly from you when you create an account, use our services, contact us, complete forms, or communicate with us.
  • Automatically when you use our website or platform.
  • From third parties where needed for service delivery, verification, payment processing, analytics, support, or security.
  • From public sources or other lawful sources where appropriate.

If we do not collect data directly from you, we will where required tell you the source of that data.

 

4. Why we use your data

We use personal data for the following purposes:

  • To create and manage your account.
  • To provide our services and platform features.
  • To deliver learning content and support.
  • To process payments and manage transactions.
  • To communicate with you about service updates, account matters, and support requests.
  • To improve our website, services, and user experience.
  • To analyse usage and performance.
  • To prevent fraud, misuse, and security incidents.
  • To comply with legal, regulatory, tax, and accounting obligations.
  • To establish, exercise, or defend legal claims.

 

5. Lawful bases

We only process personal data where we have a lawful basis to do so.

Depending on the activity, we may rely on:

  • Consent.
  • Performance of a contract.
  • Compliance with a legal obligation.
  • Legitimate interests.
  • Protection of vital interests.
  • Performance of a task carried out in the public interest, where applicable.

Where we rely on legitimate interests, we will balance our interests against your rights and freedoms. Where we rely on consent, you can withdraw that consent at any time.

 

6. Sharing your information

We may share personal data with:

  • Service providers and processors who support our business operations.
  • Payment providers.
  • Hosting, infrastructure, analytics, communications, and support providers.
  • Professional advisers such as lawyers, auditors, and insurers.
  • Regulators, courts, law enforcement, or other authorities where required by law.
  • Other third parties where necessary to protect our rights, users, services, or legal interests.

Where third parties process personal data on our behalf, they must only act on our instructions and must protect the data in line with applicable law and our contractual requirements.

 

7. International transfers

Some of the third parties we use may be based outside the United Kingdom.

Where personal data is transferred internationally, we use appropriate safeguards required by law. These may include UK adequacy regulations, International Data Transfer Agreements, Standard Contractual Clauses where applicable, transfer risk assessments, or other lawful transfer mechanisms.

 

8. Data retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, contractual, regulatory, accounting, or operational requirements.

The length of time we keep different categories of data depends on the purpose of processing, the type of data, and any legal obligations that apply. When personal data is no longer needed, we securely delete, anonymise, or destroy it.

 

9. Security

We use appropriate technical and organisational measures to protect personal data.

Depending on the system or service, these may include:

  • Access controls.
  • Authentication measures.
  • Encryption where appropriate.
  • Logging and monitoring.
  • Vulnerability management.
  • Secure development practices.
  • Backup and recovery measures.
  • Incident response processes.
  • Staff privacy and security training.

 

10. Your rights

Depending on the circumstances and applicable law, you may have the right to:

  • Be informed about how we use your personal data.
  • Access your personal data.
  • Correct inaccurate or incomplete data.
  • Delete your personal data.
  • Restrict how we use your data.
  • Object to certain processing.
  • Data portability.
  • Withdraw consent where consent is the basis for processing.
  • Object to certain automated decision-making or profiling where applicable.

To exercise any of these rights, please contact us using the details on our website. We may need to verify your identity before responding.

 

11. Cookies and similar technologies

We may use cookies and similar technologies to make our website function properly, improve performance, analyse usage, and support certain features.

Where required, we will ask for your consent before placing non-essential cookies. For more information, please see our cookie notice or any cookie banner displayed on our website.

 

12. Children

If our services are used by children, we take extra care to ensure that personal data is processed lawfully, fairly, and in an age-appropriate manner.

Where required, we may apply additional safeguards, including parental or guardian involvement.

 

13. Complaints

If you are unhappy with how we use your personal data, please contact us so we can try to resolve your concern.

 

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or how we process personal data.

When we do, we will publish the updated version on our website.