Privacy Policy

Accessible Arts CIC is committed to protecting your privacy and the personal data of all users, particularly children. We handle all personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

​

1. Who We Are (Data Controller)

Accessible Arts CIC is the Data Controller responsible for your personal data.

• Company Name: Accessible Arts CIC

• Contact for Privacy Enquiries: will@accessiblearts.org.uk

​

2. Information We Collect and Why

We collect information primarily from the parent/guardian (the contracting party) but also directly about the child participant.

​

3. Lawful Basis for Processing Children's Data (Aged 5-17)

The UK GDPR requires a specific legal reason for processing all personal data. Because the vast majority of our students are under the age of 16, we rely on the parent or guardian for consent for all non-contractual processing.

• Consent: For enrollment and general participation, we rely on the consent provided or authorized by the parent or guardian with parental responsibility.

• Contract: We process the parent/guardian’s details for the contractual purchase of our courses.

• Legitimate Interests: We use this basis to protect our business interests, such as website security, fraud prevention, and communicating service updates, having balanced our interests against the child’s rights.

​

4. How We Collect Data

• Direct Interactions: When you purchase a course, fill out an enrollment form, sign up for a newsletter, or contact us via email.

• Automated Technologies: Technical data (IP address, browser type) is collected through cookies when you interact with our website. Please see our separate Cookie Policy for details.

• Third Parties: We use Kajabi to host our online courses and Stripe/PayPal to process payments. These third parties act as Data Processors and are required to comply with GDPR.

​

5. Data Security and Retention

• Security: We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. This includes password protection, data encryption, and restricting access to data to only staff who require it to perform their duties.

• Retention: We only retain personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements (e.g., typically six years for financial records after the conclusion of the contractual relationship).

​

6. Children's Rights (And How We Protect Them)

Children have the same rights as adults under UK GDPR. We ensure these rights are protected, making information accessible in clear and plain language.

​

7. Marketing and Communications

We will only send marketing emails (e.g., information on new courses) to the parent/guardian who made the original purchase.

• We will never market directly to a child.

• We rely on explicit, positive opt-in consent from the parent/guardian for all non-essential marketing communications.

• You can opt-out of these communications at any time by clicking the unsubscribe link in the email or by contacting us.

​

8. Changes to this Policy

We will update this policy from time to time to reflect changes in our services or legal requirements. The most current version will always be posted on our website, and we will notify parents of any significant changes via email.

 

9. Making a Complaint

If you are unhappy with how we have used your data, you have the right to complain to the supervisory authority for data protection in the UK: the Information Commissioner’s Office (ICO).

• ICO Helpline: 0303 123 1113

• ICO Website: ico.org.uk