The Knights of Safety™ Academy

Privacy Policy

The Knights of Safety Ltd.™ (TKoS) Academy is the data controller for all personal data collected on this website and through our online course services.

TKoS Academy provides online courses, digital resources, webinars and related services. This policy explains what personal data we collect, why we process it, the lawful bases we rely on, how we protect it, how long we keep it, your rights, and how to contact us.

Lawful bases for processing

We process personal data to deliver online courses and related services on these lawful bases:

• performance of a contract (for course enrolment, payments and certificates)
• our legitimate interests (platform security, fraud prevention, product improvement)
• consent (where you opt in to marketing, cookies or optional services)
• where applicable, to comply with legal obligations.
  (See ICO guidance on lawful bases.) 

Types of data we collect

• Identity and contact data: name, email, billing name and address, user name.
• Course data: enrolments, progress, quiz results, certificates.
• Support data: messages you send to support, accessibility needs you disclose.
• Technical data: IP address, device, browser, platform logs and cookies.
• Payment data: processed via our payment providers; we do not store full card data unless required by provider.
   If you supply data about another person you confirm you have their permission.

Special categories and sensitive data

We only process special category data (for example health or disability information) where you provide it voluntarily to support access needs, and only where we have an appropriate lawful basis and any required explicit consent.

How we use your data

We use personal data to:

• register and manage your account and course enrolments
• deliver courses, certificates and learning materials
• process payments and refunds via payment processors
• respond to support requests and provide learner assistance
• improve our services through analytics and quality assurance
• send course related communications and marketing only where you have consented

Sharing and processors

We share data with third party processors who act on our instruction: course hosting, payment processors, email platforms, analytics providers and cloud storage. We put written contracts in place requiring processors to protect your data and to only act on our instructions.

International transfers

Some processors may operate outside the UK/EEA. We only transfer personal data where appropriate safeguards are in place such as UK approved standard contractual clauses, the International Data Transfer Agreement or other lawful transfer tools.

Data security

We apply technical and organisational measures to protect personal data from unauthorised access, disclosure, loss and destruction. Measures include access controls, encryption of data in transit, regular backups and vendor security requirements.

Retention

We retain personal data only as long as necessary for the purposes set out in this policy, to meet contractual and legal obligations, and to resolve disputes. Typical retention periods include: account data for the duration of your relationship plus any statutory retention period for accounting, course progress while you remain a learner and for a period afterwards for certificate verification and quality assurance. Exact periods are determined by record type and legal requirements.

Data subject rights

Under the UK GDPR you have the right to:

• be informed about processing
• access your personal data
• correct inaccurate data
• request erasure in certain circumstances
• restrict processing
• object to processing based on legitimate interests or direct marketing
• data portability where applicable
  To exercise any right contact [email protected]. Guidance on these rights is provided by the ICO. 

Consent and marketing

Where processing is based on consent you may withdraw consent at any time. If you opt in to marketing you can unsubscribe via links in our emails or by contacting [email protected].

Automated decisions and profiling

We do not carry out automated decision making that has legal or similarly significant effects on learners unless we have notified you and obtained any required consent. Routine personalised learning suggestions driven by analytics do not typically amount to automated decision making with legal effect.

Data breaches

If we become aware of a personal data breach that is likely to result in a risk to individuals' rights and freedoms we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware, in line with UK GDPR and ICO guidance. If the breach is likely to result in a high risk to affected individuals we will also inform them without undue delay.

Data protection impact assessments

Where processing is likely to result in a high risk to the rights and freedoms of individuals we will carry out a data protection impact assessment and consult the supervisory authority as required.

Record keeping

We maintain a record of our processing activities and ensure Data Processing Agreements are in place with all processors.

Complaints

If you are unhappy with how we handle your data please contact [email protected]. You also have the right to lodge a complaint with the UK Information Commissioner’s Office.

Contact

Academy Support
Email: [email protected]