Illuminate Learning Limited (“we”, “our”, “us”) respects your privacy. This policy explains how we collect, use and store your personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

What data we collect

• Names and email addresses – to invite delegates to courses and provide joining information.
• Payment details – if you purchase services directly, payments are processed securely through Stripe. We do not store card details ourselves.
  

How we use your data

• Managing course bookings and delegate communications.
• Processing payments via Stripe.

We do not use your data for profiling or automated decision-making.

Sharing your data

We do not sell or share your data with third parties. The only exception is:

• Stripe – for secure payment processing.
• Microsoft Teams/365 – when used to host training sessions and send invitations.

Legal basis for processing

We rely on:

• Contract – to deliver the services you have booked.
• Legal obligation – to comply with accounting and tax requirements.
• Consent – if you sign up to receive marketing communications (you can opt out at any time).

Data retention

• Delegate information: kept only for the duration of the course and necessary record-keeping.
• Payment records: retained for up to 6 years as required by UK tax law.

Your rights

• Access the personal data we hold about you.
• Request correction or deletion of your data.
• Object to or restrict our use of your data.
• Withdraw consent for marketing (if you previously opted in).

To exercise your rights, please contact us. You also have the right to complain to the Information Commissioner’s Office (ICO).

Updates to this policy

We may update this policy from time to time. The latest version will always be available on our website. 

Last update: 13th October, 2025