Signed in as:
filler@godaddy.com
Signed in as:
filler@godaddy.com
KAC ACADEMY — Privacy Policy
Effective Date: 25 May 2025
KAC Academy Ltd ("KAC Academy", "we", "us" or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose and safeguard your personal information when you visit our website, purchase or attend our courses, download our digital products, interact with us on social media or otherwise engage with our services (collectively, the "Services").
---
1. Who We Are
• Data Controller: KAC HAIR MEDIA LTD 200 Market street, Hyde, SK14 1HB
• Company Number: 16308059 (registered in England & Wales)
• Contact: [MANAGER@kacacademy.co.uk] 0161 222 3400
---
2. Definitions
• "Personal Data" – information that identifies or can reasonably be linked to an identified or identifiable natural person ("data subject")
• "Processing" – any operation performed on Personal Data (collection, storage, use, transfer, deletion, etc.)
• "UK GDPR" – the United Kingdom General Data Protection Regulation, together with the Data Protection Act 2018
---
3. Personal Data We Collect
• Identity Data: full name, title, date of birth, photo – used for registration, certification and identity verification
• Contact Data: postal address, email, telephone, emergency contact – used for course administration and customer support
• Financial Data: payment card details (processed by our payment processor), billing address – used for fee collection and fraud prevention
• Course Data: attendance records, assessment results, learner feedback – used for course delivery, accreditation and quality assurance
• Technical and Usage Data: IP address, browser type, device identifiers, referring pages, interaction data, cookies – used for site analytics, security and user‑experience optimisation
• Marketing Preferences: consent to receive newsletters, event updates and promotions – used for direct marketing and tailored content
We do not intentionally collect special category data (for example health information) unless you voluntarily provide it (for example learning support needs) and give explicit consent.
---
4. How We Collect Your Data
• Direct: when you complete forms, enrol on a course, correspond by phone or email, create an account or provide feedback
• Automated: through cookies and similar technologies when you browse our website
• Third‑party sources: payment processors, social media platforms or referrers where permitted by law
---
5. Legal Bases for Processing
Under UK GDPR we rely on one or more of the following bases:
1. Contract (Article 6(1)(b)) – processing necessary to perform the contract for a course or service you request
2. Legal obligation (Article 6(1)(c)) – compliance with VAT, accounting, training regulation and health‑and‑safety laws
3. Legitimate interests (Article 6(1)(f)) – for example improving services, ensuring IT security, preventing fraud, balanced against your rights
4. Consent (Article 6(1)(a)) – for optional marketing emails, cookies that are not strictly necessary, or processing special category data
You may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
---
6. How We Use Your Personal Data
• To register you on courses, manage bookings and issue certificates
• To take payment and manage billing
• To communicate important course information such as schedule changes, assignments and assessments
• To respond to enquiries and provide learner support
• To personalise content and measure website performance
• To send marketing communications (with your consent or as otherwise permitted)
• To comply with legal, regulatory or accreditation requirements
---
7. Disclosure of Personal Data
We share Personal Data only with:
• Service providers – payment processors, hosting providers, email or SMS platforms, accreditation bodies and insurers which are bound by confidentiality and data‑processing agreements
• Professional advisers – lawyers, accountants and auditors where necessary for compliance and legitimate interests
• Regulators and law‑enforcement bodies – where required by law or to protect rights, property or safety
• Prospective buyers – in the event of a business sale or restructuring under confidentiality obligations
We never sell your Personal Data to third parties.
---
8. International Transfers
Where we transfer Personal Data outside the United Kingdom, we ensure an adequate level of protection by using one or more of the following safeguards:
• UK adequacy regulations (for example transfers to the EEA)
• Standard Contractual Clauses approved by the UK Information Commissioner’s Office
• Additional technical and organisational measures where required
---
9. Data Retention
We keep Personal Data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting or reporting requirements.
• Course records and certification data are typically retained for 7 years
• Financial records are retained for 6 years after the end of the relevant accounting period
• Marketing consent data is retained until you withdraw consent or for 3 years after last engagement, whichever is sooner
---
10. Cookies and Tracking Technologies
Our website uses cookies to:
• Enable core functionality such as session management and authentication
• Analyse site usage via analytics tools (aggregated data)
• Remember your preferences
You can control cookies through your browser settings and via our cookie banner. For full details see our separate Cookie Notice.
---
11. Data Security
We implement appropriate technical and organisational measures to protect Personal Data, including:
• Encryption in transit and at rest where appropriate
• Secure data‑centre hosting with firewalls and intrusion‑detection systems
• Access controls and staff training
• Regular backup and vulnerability scanning
Despite our efforts, no online service is completely secure; you use the Services at your own risk.
---
12. Your Rights
Under UK GDPR you have the right to:
1. Access – obtain a copy of your Personal Data
2. Rectification – correct inaccurate or incomplete data
3. Erasure – request deletion where processing is no longer necessary
4. Restriction – limit processing under certain conditions
5. Portability – receive Personal Data in a structured, machine‑readable format and transmit it to another controller
6. Object – object to processing based on legitimate interests or direct marketing
7. Withdraw consent – where processing is based on consent
To exercise any of these rights, email [privacy@kacacademy.co.uk](privacy@kacacademy.co.uk). We will respond within one calendar month.
If you believe we have not handled your data properly, you have the right to lodge a complaint with the Information Commissioner’s Office at ico.org.uk or by calling +44 (0)303 123 1113.
---
13. Children
Our Services are not directed to individuals under 16 years of age. We do not knowingly collect Personal Data from children. If you become aware that a child has provided us with Personal Data, please contact us and we will delete it.
---
14. Automated Decision‑Making
We do not use Personal Data for automated decision‑making that produces legal or similarly significant effects.
---
15. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with a revised "Effective Date". Where changes are material we will notify you by email or via the Services. Continued use of the Services after the Effective Date constitutes acceptance of the revised Policy.
---
16. Contact Us
Data Protection Officer
KAC HAIR MEDIA Ltd
200 Market Street
HYDE SK14 1HB
United Kingdom
0161 222 3400
---
© 2025 KAC Academy Ltd. All rights reserved.