Data Privacy

Entity: Skillupzone Ltd

Effective Date: March 2026

1. Introduction

Skillupzone Ltd is committed to protecting the privacy and security of the personal data we process. This policy outlines how we collect, use, and protect data belonging to individual students and Training Centres in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

We collect only the minimum data necessary to provide our educational services and protect our intellectual property:

• Identity Data: Full name, email address, and (where applicable) student ID assigned by a Training Centre.
• Transaction Data: Details of payments made (processed via secure third-party gateways; we do not store full card details).
• Technical & Usage Data: IP addresses, browser type, login timestamps, and patterns of material viewed.
• Security Data: Automated logs of "Print" commands, screenshot attempts, or multiple-device logins.

3. Legal Basis for Processing

Under UK GDPR, we process data based on the following:

• Contractual Necessity: To provide you with the 3-month access you or your Training Centre has paid for.
• Legal Obligation: To maintain tax records and comply with UK law.
• Legitimate Interests: To protect our proprietary study materials from theft, piracy, and unauthorised distribution.

4. How We Use Your Data

• Service Delivery: Creating and managing your 3-month "View-Only" account.
• Monitoring & Security: We use tracking to ensure the "View-Only" restriction is not bypassed.
• Reporting: For Training Centre clients, we may provide usage reports (e.g., student engagement levels) to the sponsoring institution.
• Legal Enforcement: Data may be used as evidence in legal action or shared with law enforcement if a criminal breach of copyright occurs.

5. Data Retention Period

Active Accounts: Data is kept for the duration of the 3-month access period.

• Post-Expiry: We retain basic identity and transaction records for 6 years to comply with UK HMRC tax requirements and to defend against potential legal claims.
• Security Logs: Logs relating to IP addresses and usage are retained for 12 months to identify patterns of systematic IP theft.

6. Data Sharing and Transfers

Training Centres: If your access is paid for by a Training Centre, they act as a "Joint Controller" or "Data Processor," and we may share your activity data with them.

• Third Parties: We do not sell data. We only share data with essential service providers (e.g., cloud hosting or payment processors).
• International Transfers: We prefer UK/EEA-based servers. If data is moved outside the UK, we ensure "Standard Contractual Clauses" are in place.

7. Your Rights (The "Individual Rights")

Under the UK GDPR, students have the following rights:

• Right of Access: You can request a copy of the data we hold about you (Subject Access Request).
• Right to Rectification: You can ask us to correct inaccurate info.
• Right to Erasure: You can ask us to delete your data (subject to our legal requirements to keep tax/security records).
• Right to Restrict Processing: You can ask us to stop processing your data if you believe it is inaccurate or handled unlawfully.

8. Security Measures

Given our "View-Only" model, we employ:

• Access Control: Only authorised staff can view student personal data.
• Anti-Piracy Tracking: Real-time monitoring of IP addresses to prevent account sharing.

9. Contact & Complaints

If you have questions about your data, please contact us.

If you are unsatisfied with our response, you have the right to complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk