Privacy Policy
How prynovelthix protects and manages your personal information in compliance with United Kingdom data protection laws
Introduction and Scope
prynovelthix ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and safeguard your information when you visit our website at prynovelthix.com, use our financial analysis platform, or engage with our educational services.
This policy applies to all users of our website and services, including prospective students, current learners, and visitors to our platform. We are based in the United Kingdom and operate under UK data protection legislation, including the Data Protection Act 2018 and UK GDPR.
Last Updated: January 2025. We review and update this policy regularly to ensure compliance with current legislation and best practices. Material changes will be communicated to users via email and website notifications.
Information We Collect
Personal Information You Provide
We collect information that you voluntarily provide to us through various interactions with our platform. This includes data submitted through contact forms, course registrations, and account creation processes.
- Contact details including full name, email address, phone number, and postal address
- Educational background and professional experience when applying for programs
- Financial information for payment processing (handled through secure third-party processors)
- Communication preferences and marketing consent
- Course progress data and assessment results
- Feedback and survey responses
Automatically Collected Information
Our website automatically collects certain technical information about your visit and device. This helps us understand how our platform is used and improve user experience.
- IP address and approximate geographic location
- Browser type, version, and operating system
- Pages visited, time spent on pages, and navigation patterns
- Referring website and search terms used
- Device characteristics including screen size and connection type
- Cookies and similar tracking technologies data
How We Use Your Information
We process your personal data for specific, legitimate purposes that align with your expectations and our educational mission. Each use case has a clear legal basis under UK data protection law.
| Purpose | Legal Basis | Data Types Used |
|---|---|---|
| Providing educational services and course delivery | Contract performance | Contact details, learning progress, assessment data |
| Processing payments and managing accounts | Contract performance | Billing information, transaction records |
| Customer support and communication | Contract performance / Legitimate interests | Contact details, communication history |
| Marketing and promotional communications | Consent | Contact preferences, engagement data |
| Website improvement and analytics | Legitimate interests | Usage data, technical information |
| Legal compliance and fraud prevention | Legal obligation / Legitimate interests | All relevant data as required |
We do not use automated decision-making processes that would significantly affect you without human oversight. Any algorithmic processing, such as course recommendations, includes manual review and allows for user input.
Data Sharing and Third Parties
We maintain strict controls over data sharing and only work with trusted partners who meet our security and privacy standards. We never sell your personal information to third parties for their marketing purposes.
Service Providers We Work With
- Payment Processors: Secure handling of financial transactions through PCI-DSS compliant providers
- Email Service Providers: Course communications and marketing emails (only with your consent)
- Cloud Storage Providers: Secure storage of course materials and user data within UK/EU data centers
- Analytics Services: Website performance monitoring with privacy-focused configurations
- Learning Management System: Course delivery platform with student data protection agreements
All third-party processors are bound by comprehensive data processing agreements that ensure your information receives the same level of protection as we provide directly. We conduct regular audits of these relationships to maintain compliance standards.
Legal Disclosures: We may disclose personal information if required by law, court order, or to protect the rights and safety of our users, staff, or the public. Such disclosures will be limited to the minimum necessary and documented appropriately.
Your Rights and Choices
Under UK data protection law, you have significant rights regarding your personal information. We respect these rights and have established clear procedures for exercising them.
Your Data Protection Rights Include
- Right of Access: Request copies of your personal data and information about how we process it
- Right to Rectification: Correct inaccurate or incomplete personal information
- Right to Erasure: Request deletion of your personal data under certain circumstances
- Right to Restrict Processing: Limit how we use your data while maintaining it on our systems
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Stop processing based on legitimate interests or for direct marketing
- Right to Withdraw Consent: Remove previously given consent for marketing or optional processing
How to Exercise Your Rights
To make a request regarding your personal data, contact us using the details provided at the end of this policy. We will respond within one month of receiving your request, though complex requests may require up to three months with appropriate notification.
We may need to verify your identity before processing certain requests to protect your information from unauthorized access. This verification process uses minimal additional data and follows established security protocols.
Data Security and Protection
Protecting your personal information is fundamental to our operations. We implement comprehensive technical and organisational measures designed to safeguard data against unauthorised access, alteration, disclosure, or destruction.
Technical Security Measures
- SSL/TLS encryption for all data transmission between your device and our servers
- Advanced encryption at rest for stored personal data using industry-standard algorithms
- Regular security vulnerability assessments and penetration testing
- Multi-factor authentication for staff access to personal data systems
- Automated backup systems with encryption and secure off-site storage
- Network security monitoring and intrusion detection systems
Organisational Security Measures
Our staff receive regular training on data protection principles and security best practices. Access to personal data is restricted based on job requirements and monitored through audit logs. We maintain incident response procedures and will notify relevant authorities and affected individuals of any data breaches as required by law.
Data Retention and Deletion
We retain personal information only for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, and protect our legitimate interests. Retention periods vary based on the type of data and our relationship with you.
| Data Category | Retention Period | Deletion Method |
|---|---|---|
| Student course records | 6 years after course completion | Secure deletion from all systems |
| Financial transaction data | 7 years (tax compliance requirement) | Secure deletion with audit trail |
| Marketing communication data | 3 years from last engagement | Automated deletion process |
| Website analytics data | 26 months from collection | Automated anonymisation |
| Support communications | 3 years after case closure | Secure archival then deletion |
When data reaches the end of its retention period, we securely delete or anonymise it according to established data destruction procedures. Some information may be retained longer if required by law or for the establishment, exercise, or defence of legal claims.
International Data Transfers
We primarily process and store personal data within the United Kingdom and European Economic Area. When transfers to third countries are necessary for our operations, we ensure appropriate safeguards are in place to protect your information.
Transfer Safeguards: Any international transfers use mechanisms such as adequacy decisions, Standard Contractual Clauses, or certification schemes approved by UK data protection authorities. We regularly review these arrangements to ensure continued adequacy of protection.
You have the right to request information about any international transfers of your data, including details of the safeguards in place. Contact us using the details below if you would like this information.
Cookies and Tracking Technologies
Our website uses cookies and similar technologies to enhance your browsing experience, analyse website performance, and deliver personalised content where consented to. We maintain a separate cookie policy with detailed information about each type of cookie we use.
Types of Cookies We Use
- Essential Cookies: Required for basic website functionality and cannot be disabled
- Performance Cookies: Help us understand how visitors interact with our website
- Functional Cookies: Remember your preferences and provide enhanced features
- Marketing Cookies: Used to deliver relevant advertisements (only with your consent)
You can control cookie preferences through your browser settings or our cookie consent manager. Disabling certain cookies may affect website functionality. We respect your choices and will not use tracking cookies without appropriate consent.
Children's Privacy
Our services are designed for adults and we do not knowingly collect personal information from individuals under 16 years of age. If you believe we have inadvertently collected information from a child, please contact us immediately so we can take appropriate action.
For users between 16 and 18 years old, we may require parental or guardian consent for certain processing activities, particularly those related to marketing communications or optional services.
Changes to This Privacy Policy
We review this privacy policy regularly and may update it to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes through email, website notifications, or other appropriate communication methods.
Continued use of our services after policy changes indicates acceptance of the updated terms. However, we will seek fresh consent for any new uses of personal data that were not covered by the previous version of this policy.
Contact Information
For questions about this privacy policy or to exercise your data protection rights:
prynovelthix Data Protection Office
12 The Byeways
Newcastle upon Tyne NE12 8HX
United Kingdom
Email: privacy@prynovelthix.com
Phone: +442380555793
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection matters, if you believe your data protection rights have been violated.