Privacy Policy

This Privacy Policy explains how personal data is collected, used, and protected when using this website and its learning platform. This platform is powered by WordPress and Tutor LMS, which are used to manage user accounts, course delivery, and learning activity.

1. Data Controller

Elluminet Press Ltd and Kuleos Labs Ltd act as joint data controllers for the purposes of this platform.
Contact: office@elluminetpress.com

2. Information We Collect

We collect and process the following categories of personal data:

Account Data

• Name
• Email address
• Username
• Password (stored in hashed form)

Profile Data

• Profile information provided by the user (e.g. image, biography)

Learning Data

• Course enrolments
• Lesson progress and completion status
• Quiz results and assessment attempts
• Certificates issued
• User-generated content such as notes

Transaction Data

• Payment status
• Transaction identifiers
• Billing email address

We do not store full payment card details.

Technical Data

• IP address
• Login timestamps
• Device and browser information

3. How Data Is Collected

Personal data is collected when users:

• Register an account
• Enrol in or complete courses
• Submit assessments or learning activities
• Make a purchase
• Interact with the platform

Technical data is collected automatically through standard web protocols and logging mechanisms.

4. Lawful Basis for Processing

Personal data is processed under the following lawful bases:

• Contract – to provide access to courses and platform functionality
• Legitimate Interests – to ensure platform security, integrity, and performance
• Legal Obligation – to comply with financial and regulatory requirements
• Consent – where required for optional features (e.g. non-essential cookies)

5. Use of Personal Data

Personal data is used to:

• Create and manage user accounts
• Deliver course content and learning functionality
• Track progress and performance
• Issue certificates and maintain academic records
• Process transactions and manage purchases
• Communicate essential service information
• Maintain system security and prevent unauthorised access

6. Payments

Payments are processed by external providers:

• Stripe
• PayPal

Payment details are transmitted directly to these providers. We do not store or have access to full payment card or financial details. We may receive limited transaction data such as payment status, identifiers, and billing information.

Processing is carried out in accordance with the providers’ privacy policies:

• https://stripe.com/privacy
• https://www.paypal.com/privacy

7. Data Storage and Hosting

Personal data is stored and processed within the platform infrastructure supporting this service.

This platform operates using a web-based content management and learning system. Personal data is stored securely within the application database and associated server infrastructure provided by the hosting environment.

Hosting Location

This website is hosted on infrastructure located in the United Kingdom. Personal data is processed within a jurisdiction governed by UK GDPR.

Data Storage Structure

• Account, course, and learning data are stored in the application database
• Uploaded files are stored on the server file system
• Backups may be created and securely retained by the hosting provider

Security Measures

Appropriate technical and organisational measures are implemented, including:

• Secure password hashing
• Encryption of data in transit (HTTPS)
• Access controls for administrative systems
• Server-level protections such as firewalls and monitoring

Payment data is not stored on our servers.

8. Third-Party Services and Platform Security

Third-party services and system components are used to operate, secure, and maintain the platform.

These include:

Payment Processing

• Stripe
• PayPal

Security and Monitoring

Systems are used to monitor activity, detect unauthorised access, and protect data. These may process:

• IP addresses
• Login activity
• Device and browser data

All third-party services process data in accordance with applicable data protection laws.

9. Data Sharing

Personal data is not sold.

Data may be shared with:

• Payment processors
• Service providers required for platform operation

All third parties are required to process data securely and lawfully.

10. Data Retention

Personal data is retained only for as long as necessary to:

• Provide access to the platform
• Maintain learning and academic records
• Comply with legal and financial obligations

Data may be retained where required by law, particularly in relation to financial records.

11. Cookies

Cookies are used to:

• Maintain authenticated sessions
• Enable core platform functionality
• Support secure transactions
• Improve performance and usability

Users can control cookies through browser settings. Where required, non-essential cookies are used only with user consent.

12. Third-Party Links

This website may contain links to external sites. We are not responsible for their privacy practices.

13. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion of your data
• Restrict or object to processing
• Request data portability

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

14. Changes to This Policy

This policy may be updated periodically. Updates will be published on this page.