Privacy Policy

Last updated · 2026-05-30

This policy explains how Manchester Training Academy collects, uses and protects your personal data when you visit our website, buy courses, or learn with us. It applies alongside our Cookies Policy.

1. Who we are

Manchester Training Academy Ltd (MTA, “we”, “us”, “our”) is the data controller responsible for the personal data described in this policy. We are a company registered in England and Wales (company number [COMPANY NUMBER]) with our registered office at First Floor, Swan Buildings, 20 Swan Street, Manchester, M4 5JW, United Kingdom.

We are registered with the UK Information Commissioner's Office (ICO) under registration number ZC073594. If you have any question about how we use your personal data, email us at [email protected].

2. Who and what this covers

This policy applies to everyone whose data we handle: website visitors, individual learners, corporate and business clients and their nominated learners, tutors, and people who apply to teach with us.

It covers our website and all of our training services, whether courses are pre-recorded (self-paced) or delivered as scheduled live sessions.

3. The personal data we collect

Account and identity

Your name and email address.
Your password, which is handled by our authentication provider (Clerk). We never see or store your password.
A profile photo, if you choose to add one.

Profile and preferences

Phone number (optional).
Country, timezone, preferred currency and language.
Your communication preferences.
For tutors and teaching applicants: biography, qualifications, experience, date of birth and contact preferences.

Learning records

The courses you enrol on.
Lesson progress and watch time.
Notes you write and reviews or ratings you leave.
Certificates issued to you.

Orders and payments

Billing name and email address.
The courses you buy, amounts, currency and exchange-rate details, and any coupon you use.
The payment method type (for example card, Apple Pay, Google Pay or Klarna) and the transaction references returned by Stripe.

We never receive or store your full card number. Card details are entered directly with our payment processor, Stripe.

Communications

Messages you send through the contact form or by email.
Our replies and the resulting email threads.

Live session data

The fact that you joined a live session, and when.
Your display name in the room.
Records created if our anti-sharing controls eject a duplicate sign-in to the same session.

Technical and security data

A hashed fingerprint of your IP address. We do not store raw IP addresses.
Your browser user-agent string.
Security and audit logs of sensitive actions.

Information stored in cookies and similar technologies is described in our Cookies Policy.

4. How we collect it

Directly from you, when you sign up, buy a course or contact us.
Automatically, as you use the platform.
From our service providers, such as Clerk when you sign in and Stripe when you pay.
From an organisation that books a course on your behalf (for corporate or group bookings).

5. Why we use your data and our lawful basis

What we use it for	Lawful basis (UK GDPR)
Creating and running your account, delivering the courses you bought and issuing certificates	Performance of a contract
Taking payment and keeping financial records	Contract; legal obligation (tax and accounting)
Replying to enquiries and providing support	Legitimate interests; contract where it relates to a purchase
Keeping the platform secure, preventing fraud and account-sharing, and audit logging	Legitimate interests
Sending service messages such as enrolment confirmations, session reminders and certificate notices	Contract; legitimate interests
Meeting our legal, tax and accounting obligations	Legal obligation
Any optional marketing (we currently send none)	Consent

Where we rely on legitimate interests, we have weighed the impact on you and only use your data in ways you would reasonably expect.

6. Who we share it with

We do not sell your personal data. We do not use advertising networks, third-party analytics or tracking. We share data only with service providers who process it on our instructions:

Provider	Role	Personal data it processes
Clerk	Authentication and sign-in	Name, email, password, profile photo, session data
Stripe	Payment processing	Billing name and email, amount, payment method, country
Resend / our SMTP email host	Sending transactional email	Your email address and the content of service emails
Our inbound email host (IMAP)	Receiving your replies to support	Email address, subject and message content
Daily.co	Live video sessions	Your user id and display name, and join/leave events
Bunny	Hosting course videos, certificate files and the website	Course content and certificate files (your name appears on your certificate)

We may also disclose personal data where required by law, to establish, exercise or defend legal claims, or in connection with a business reorganisation. Each provider operates under its own privacy notice.

7. International transfers

Some of our providers process data outside the United Kingdom. Where they do, we rely on UK adequacy regulations or appropriate safeguards such as the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses. Contact us if you would like more detail.

8. How long we keep it

We keep personal data only as long as we need it:

Account and learning records: while your account is active.
Financial records and certificates: at least 6 years, to meet UK tax and accounting obligations.
Contact messages and support threads: for as long as needed to handle the matter and keep a reasonable record.
Security and audit logs: for a limited period appropriate to their purpose.

When you ask us to erase your data, we anonymise your records: identifying fields are overwritten and cannot be recovered, while legally required financial and training rows are retained with nothing that identifies you.

9. Your rights

Under UK GDPR you have the right to:

Access a copy of your personal data.
Have inaccurate data corrected.
Have your data erased.
Restrict how we use your data.
Receive your data in a portable format.
Object to processing based on legitimate interests.
Withdraw consent, where we rely on it.

The quickest way to exercise a right is the contact form — choose “Data protection request”. We respond within one month, normally free of charge. We may need to verify your identity first.

You also have the right to complain to the ICO (ico.org.uk), though we would appreciate the chance to put things right first.

10. How we protect your data

We use appropriate technical and organisational measures, including:

Encryption of data in transit (HTTPS).
Access controls and role-based permissions.
Hashing of IP addresses rather than storing them raw.
Audit logging of sensitive actions.
Controls that prevent account and credential sharing, such as ejecting duplicate sign-ins from live sessions.

No system is perfectly secure, but we take these steps to protect your data and will notify you and the ICO of a personal-data breach where the law requires it.

11. Children

Our services are intended for adults aged 18 and over and are not directed at children. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with data, contact us and we will delete it.

12. Automated decisions and profiling

We do not carry out automated decision-making that produces legal or similarly significant effects, and we do not profile you for advertising.

13. Changes to this policy

We may update this policy from time to time. The “last updated” date above shows the current version, and we will highlight significant changes on the site.

14. How to contact us

For any privacy question, email [email protected] or use our contact form. You can also write to us at: Manchester Training Academy Ltd, First Floor, Swan Buildings, 20 Swan Street, Manchester, M4 5JW, United Kingdom.