Harley Aesthetics Academy (Us, We, Our) gathers and utilises personal information in accordance with this privacy notice and in compliance with the General Data Protection Regulation (GDPR). This document explains how we collect, use, and protect your personal data, as well as your rights regarding that data.

Harley Aesthetics Academy

We are the controller of your personal data and process it in line with legal obligations to provide services and products to you. We are committed to only collecting the personal data we need and processing it transparently and in a manner that complies with relevant legal frameworks.

What Personal Data We Collect

We may collect the following types of personal data:

• Identity Data: Name, date of birth, gender
• Contact Data: Email address, telephone/mobile number, address
• Transactional Data: Course bookings, payment details (handled by third-party processors), transaction history
• Technical Data: IP address, browser type, device information, usage data (via analytics)
• Communication Data: Call recordings, emails, or messages you send to us
• Other Data: Employment history, professional qualifications, data related to your use of our website, and any other information you provide when interacting with us.

We do not store sensitive payment information, as all online transactions are processed by third-party payment providers.

How We Collect Your Personal Data

We collect your personal data in the following ways:

• When you register on our website or book a course
• When you contact us via phone, email, or in person
• When you interact with us via our website or social media channels
• When you provide services to us (such as applying for a job or being a model)
• Via cookies (for more information, please refer to our cookie policy)

Why We Collect Your Personal Data

We collect and process your personal data for the following purposes:

• Performance of a Contract: To process your course bookings, payments, and provide services related to your training
• Legal Obligations: To comply with applicable laws and regulations, such as tax laws and industry regulations
• Legitimate Interests: To improve our services, maintain the security of our website, and provide you with marketing communications if you have consented
• Consent: For sending promotional emails or marketing communications, with the option to opt out at any time

How We Use Your Data

We process your personal data based on the following legal grounds:

• Contractual Necessity: To fulfil our agreement with you regarding training services, payment processing, etc.
• Legal Obligation: To comply with relevant laws, including tax and regulatory requirements
• Legitimate Interests: For the improvement of our website, marketing, and security
• Consent: For sending newsletters or marketing offers, where you have provided consent

If you consent to receiving promotional material, you have the right to withdraw that consent at any time by unsubscribing via the link provided in each email or contacting us directly.

Your Data Rights

You have several rights under the GDPR regarding your personal data:

• Access: You can request to access the personal data we hold about you
• Rectification: If any data we hold about you is inaccurate, you can request that it be updated
• Erasure: You can request the deletion of your personal data, subject to certain legal conditions
• Restriction of Processing: Under certain circumstances, you can request that we limit the use of your personal data
• Objection to Processing: You have the right to object to the processing of your personal data in certain situations
• Data Portability: You can request that we transfer your personal data to another service provider in a structured, commonly used, and machine-readable format

If you would like to exercise any of these rights, please contact us at [Insert contact details].

How We Protect Your Data

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, or destruction. This includes encryption, secure storage systems, and regular data reviews.

Sharing Your Personal Data

We do not sell or share your personal data with third parties, except for the following reasons:

• Service Providers: To third-party companies who assist us in running our services, such as payment processors, email marketing services, and IT support
• Legal Requirements: If required by law, we may disclose your personal data to comply with legal obligations or regulatory requirements
• Business Transfers: In the event that our business is sold or transferred, your data may be part of the assets transferred

We do not store any payment card details. Payment processing is handled by third-party services such as Stripe, PayPal, and Klarna. We encourage you to review the privacy policies of these third-party providers to understand how they process your data.

Cookies

Our website uses cookies to enhance user experience, analyse site traffic, and improve the functionality of our services. For detailed information about how we use cookies, please refer to our Cookie Policy.

Retention of Data

We retain your personal data for as long as is necessary for the purposes for which it was collected, and in accordance with legal requirements. For example, we may retain transaction data for a period of 6 years to comply with tax law. After this period, your personal data will be securely deleted or anonymised, unless required for any ongoing legal obligations or business purposes.

Third-Party Payment Providers

We use third-party payment providers (such as PayPal, Stripe, and Klarna) to process payments. These providers handle your financial information directly, and we do not store payment details ourselves. By using our services, you agree to their privacy policies regarding the handling of your personal and financial information.

International Transfers

Your personal data may be transferred to, and processed in, countries outside the UK, including countries in the European Economic Area (EEA). We will ensure that appropriate safeguards are in place to protect your data when transferring it internationally.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal obligations. Any updates will be posted on this page with a revised date at the bottom. Please check this page regularly to stay informed about how we are protecting your data.