Privacy Policy

Our Commitment to Data Protection

At CodeCraft Academy, we take your privacy seriously and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and safeguard your data when you interact with our website and educational services.

We process your personal data in accordance with the UK General Data Protection Regulation and the Data Protection Act 2018. Our practices are designed to ensure transparency, fairness, and lawfulness in all data processing activities.

This policy applies to all users of our website, including prospective students, current students, alumni, and visitors browsing our educational content. By using our services, you acknowledge that you have read and understood this Privacy Policy.

Data Collection Information

What Personal Data We Collect

We collect various types of information to provide and improve our educational services:

Contact Information: Name, email address, phone number, and postal address when you submit inquiries or enroll in courses.
Account Information: Username, password, and course preferences when you create an account on our learning platform.
Payment Information: Billing details and transaction history for course purchases, processed securely through our payment providers.
Educational Data: Progress records, assignment submissions, grades, and feedback related to your learning journey.
Technical Information: IP address, browser type, device information, and usage patterns collected through cookies and analytics.
Communication Records: Correspondence with our support team, instructors, or administrative staff.

How We Collect Data

We collect personal information through several channels:

Direct Collection: When you fill out contact forms, register for courses, create an account, or communicate with us directly.
Automated Collection: Through cookies, web beacons, and similar technologies that track your interactions with our website.
Third-Party Sources: From payment processors, social media platforms (if you choose to connect your accounts), and analytics services.
Course Participation: Through your activities on our learning platform, including submissions, discussions, and assessments.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contractual Necessity: To fulfill our obligations when you enroll in courses or use our services.
Consent: When you explicitly agree to data processing for specific purposes like marketing communications.
Legitimate Interests: To improve our services, prevent fraud, and ensure network security.
Legal Obligations: To comply with applicable laws, regulations, and legal processes.

Data Retention Periods

We retain your personal data for different periods depending on the purpose:

Active Account Data: Maintained throughout your relationship with us and for a reasonable period afterward.
Educational Records: Retained for seven years after course completion to provide transcripts and verify credentials.
Marketing Data: Kept until you withdraw consent or we determine it is no longer relevant.
Financial Records: Maintained for at least six years in compliance with UK tax and accounting requirements.

How We Use Your Data

Primary Uses

Your personal data helps us deliver and enhance our educational services:

Service Delivery: To provide access to courses, learning materials, and instructor support.
Account Management: To create and maintain your student account, track progress, and manage enrollments.
Communication: To respond to inquiries, send course updates, and provide administrative notifications.
Payment Processing: To handle transactions, issue receipts, and manage billing inquiries.
Certification: To issue certificates of completion and maintain records for credential verification.

Data Sharing with Third Parties

We may share your information with carefully selected third parties:

Service Providers: Companies that help us operate our website, process payments, send emails, or provide analytics services.
Educational Partners: Guest instructors or partner institutions involved in course delivery (with your consent).
Legal Authorities: When required by law, court order, or to protect our legal rights.
Business Transfers: In the event of a merger, acquisition, or sale of assets, subject to confidentiality obligations.

We never sell your personal data to third parties for their marketing purposes.

Marketing Communications

With your consent, we may send you information about:

New courses and educational programmes
Updates to existing courses or learning materials
Industry insights and web development trends
Special offers and promotions for educational services

You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or contacting us directly.

Analytics and Website Improvement

We use analytics tools to understand how visitors use our website, which helps us improve user experience, optimize content, and develop new features. This includes analyzing page views, navigation patterns, and time spent on different sections of our site.

Data Protection Measures

Security Measures in Place

We implement comprehensive security measures to protect your personal data:

Technical Safeguards: Industry-standard encryption for data transmission and storage, regular security updates, and secure server infrastructure.
Access Controls: Strict limitations on who can access personal data, with authentication requirements and role-based permissions.
Staff Training: Regular privacy and security training for all employees who handle personal information.
Vendor Management: Careful vetting of third-party service providers with data processing agreements in place.

Data Encryption and Storage

All sensitive data is encrypted both in transit and at rest using current industry standards. Our servers are located in secure facilities with physical access controls, environmental monitoring, and backup systems to prevent data loss.

Access Controls and Monitoring

We maintain detailed logs of data access and regularly monitor systems for suspicious activity. Access to personal data is granted only to authorized personnel who need it to perform their job functions.

Breach Notification Procedures

In the unlikely event of a data breach affecting your personal information, we will notify you and relevant authorities within 72 hours as required by law. Our incident response plan includes immediate containment measures, investigation procedures, and steps to prevent future occurrences.

Your Rights and Data Management

Under UK data protection law, you have several important rights regarding your personal data:

Right to Access Personal Data

You can request a copy of the personal data we hold about you. We will provide this within one month of your request.

Right to Rectification and Erasure

You can ask us to correct inaccurate data or delete your personal information when it is no longer necessary for the purposes collected.

Right to Data Portability

You can request your data in a structured, machine-readable format to transfer to another service provider.

Right to Object to Processing

You can object to processing of your personal data for direct marketing or when based on legitimate interests.

Right to Restrict Processing

You can request that we limit how we use your data while we address your concerns about accuracy or lawfulness.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of previous processing.

How to Exercise These Rights

To exercise any of these rights, please contact us using the details at the top of this page. We will respond to your request within one month and may ask you to verify your identity before processing your request. If we cannot fulfill your request, we will explain why.

Your Rights and Opt-Out Instructions

You are not required to provide any personal information when using this website. If you prefer not to share your data, you may:

Avoid filling out contact forms, account registrations, or any data-submitting features
Disable cookies through your browser settings (see our Cookie Policy for more details)
Contact us directly to request the deletion of any previously shared personal data

We respect your privacy choices. If you would like us to delete your data, please reach out to us at the contact details provided at the top of this page. We will process your request promptly.

Please note that certain data may need to be retained for legal or contractual obligations, such as financial records or course completion certificates you have requested.

International Data Transfers

While we primarily store and process data within the United Kingdom, some of our service providers may process data in other countries. When data is transferred internationally, we ensure appropriate safeguards are in place, such as:

Standard contractual clauses approved by regulatory authorities
Adequacy decisions recognizing equivalent data protection standards
Binding corporate rules for transfers within corporate groups
Appropriate technical and organizational measures to protect your data

Children's Privacy

Our services are intended for individuals aged sixteen and over. We do not knowingly collect personal information from children under sixteen. If we become aware that we have collected data from someone under this age, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. When we make significant changes, we will notify you by email or through a prominent notice on our website. We encourage you to review this policy regularly to stay informed about how we protect your data. Last updated: November 2025.

Contact Information