Privacy Policy

1) Who we are (the Controller)

  • Company legal name: Academy of Blood Chemistry Ltd              
  • Trading name:  as above
  • Registered address: Unit 2, 2 Woodberry Grove, London, N12 0DR
  • Company number 16403087 
  • Contact email: info@academyofbloodchemistry.com
  • Data protection contact/DPO (if appointed): Jonathan Cohen

We act as the data controller for the personal data described in this policy. This policy explains how we collect, use, share, and protect your information when you use our website www.academyofbloodchemistry.com (the Site) and our online Courses.

This policy is written to comply with the UK GDPR and the Data Protection Act 2018 (and, where relevant, the EU GDPR). If you are outside the UK/EU, local laws may also apply.

2) Scope

This policy covers personal data we process when you:

  • browse our Site;
  • create an account or purchase a Course;
  • access lessons, downloads, live sessions, or community features;
  • receive emails, newsletters, or support from us; or
  • interact with us on social media or via forms.

It does not cover third‑party websites or services we link to.

3) The data we collect

We may collect and process the following categories of data:

A. Identity & contact data – name, email, billing/delivery address, country, phone (optional), professional role.

B. Account data – username, password (hashed), profile photo (optional), course progress, certificates.

C. Transaction data – order details, amounts, currency, VAT/GST status, last 4 digits and expiry of card (from payment processor), refund history. We do not store full payment card numbers.

D. Course activity data – modules viewed, completion dates, quiz scores, downloads, live‑session attendance, messages you post in community areas.

E. Communications data – emails, support tickets, survey responses, testimonials (with your consent where required).

F. Technical & usage data – IP address, device identifiers, browser type, time zone, operating system, referring URLs, clickstream, page interactions. Collected via cookies and similar technologies (see #12 / Cookie Policy).

G. Marketing preferences – your choices about receiving updates and promotions, and related analytics (opens/clicks).

H. Special category data (health, etc.)not intended. The Course is educational; we do not ask you to share health information. If you voluntarily disclose health or other special category data (e.g., in community posts or support messages), we will process it only with your explicit consent or where another lawful basis applies, and we may ask you to delete such information.

4) How we collect data

  • Directly from you: when you create an account, purchase, complete forms, post in the community, attend live sessions, or contact support.
  • Automatically: via cookies, pixels and similar technologies when you browse the Site or access the Course.
  • From third parties: payment processors (e.g., Stripe/PayPal) for transaction confirmations; learning platform/LMS; email service providers; analytics providers; webinar/community platforms. We only receive data necessary for the purposes described in this policy.

5) Why we use your data (purposes & legal bases)

We process personal data only where a lawful basis applies. Below is a summary:

PurposeExamplesLegal basis
Account setup & authenticationCreate/manage your account, secure loginContract (to provide the Course) & Legitimate interests (security)
Course delivery & improvementProvide content, track progress, issue certificates, troubleshoot, improve contentContract; Legitimate interests (service improvement)
Payments & billingProcess payments, prevent fraud, handle invoices/receiptsContract; Legal obligation (tax, accounting); Legitimate interests (fraud prevention)
Customer supportAnswer queries, fix issues, record interactionsContract; Legitimate interests (service quality)
Communications about the CourseService announcements, changes to terms, operational messagesContract; Legal obligation
MarketingNewsletters, offers, testimonials (with consent)Consent (where required by law); Legitimate interests where consent not required (B2B soft opt‑in/PECR exemptions, if applicable)
Analytics & site performanceMeasure traffic and usage (aggregated where possible)Consent (for non‑essential cookies); Legitimate interests (for essential analytics if strictly necessary)
Community featuresHost forums/groups, moderate content, enforce rulesContract; Legitimate interests (safety)
Legal, compliance & securityRecord‑keeping, tax, responding to lawful requests, protecting rightsLegal obligation; Legitimate interests (network & information security)
Special category data (if voluntarily provided)You share health details in a message or forumExplicit consent; or legal claims basis where applicable

Where we rely on consent, you can withdraw it at any time (see #10). Where we rely on legitimate interests, we balance those interests against your rights.

6) Sharing your data

We share personal data only as necessary for the purposes above, with:

  • Service providers (processors): hosting/LMS platform, payment processors (e.g., Stripe/PayPal), email & marketing platforms (e.g., Mailchimp), analytics (e.g., Google Analytics), webinar/video (e.g., Zoom), community tools (e.g., Circle/Slack), customer support tools (e.g., Zendesk). We have data‑processing agreements in place.
  • Professional advisors: accountants, auditors, lawyers (under confidentiality).
  • Authorities: where required by law or to protect our rights or users’ safety.
  • Business transfers: if we restructure, merge, or sell assets, data may transfer under equivalent safeguards.

We do not sell your personal data.

7) International transfers

Some providers may be located outside the UK/EEA. Where we transfer data internationally, we use an appropriate safeguard, such as:

  • UK IDTA or EU Standard Contractual Clauses (SCCs); and
  • supplementary measures as needed (e.g., encryption).

Details are available on request.

8) Data retention

We keep personal data only as long as needed for the purposes described, including to meet legal/accounting requirements. Typical periods:

  • Account & course records: while your account is active and up to 6 years after your last purchase (for tax/audit).
  • Support tickets & communications: 2 years from resolution (unless needed longer for legal reasons).
  • Marketing data: until you unsubscribe or your consent is withdrawn, or after 24 months of inactivity.
  • Analytics data: per our Cookie Policy and provider settings (e.g., 14–26 months) or sooner if you withdraw consent.
  • Community content: retained while the community is active; you may delete your posts where the platform allows.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

We may anonymise data for research/statistics; anonymised data is not personal data.

9) Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit (HTTPS), access controls, password hashing, least‑privilege permissions, logging, and regular backups. No system is 100% secure; please keep your password confidential and notify us promptly of any suspected unauthorised access.

10) Your rights (UK/EU)

You have the following rights, subject to conditions and exceptions in law:

  • Access – request a copy of your personal data.
  • Rectification – correct inaccurate or incomplete data.
  • Erasure – ask us to delete your data (e.g., where it’s no longer needed or you withdraw consent).
  • Restriction – limit how we use your data.
  • Portability – receive certain data in a portable format or ask us to transfer it to another controller.
  • Object – object to processing based on legitimate interests or to direct marketing.
  • Withdraw consent – where processing is based on your consent.

To exercise your rights, contact courses@academyofbloodchemistry.com. We may need to verify your identity. You also have the right to complain to your local data‑protection authority. In the UK, this is the Information Commissioner’s Office (ICO).

11) Children’s data

Our Course is intended for adults and older students. If you are under the age of 21 you must have the consent and supervision of a parent/guardian who is the account holder. We do not knowingly collect personal data from children without appropriate consent.

12) Cookies & similar technologies

We use cookies, pixels, and local storage to run the Site and understand usage. Non‑essential cookies run only with your consent.

If you leave a comment on our site, you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

13) Third‑party links

Our Site may include links to third‑party sites or services. We are not responsible for their privacy practices. Please review their policies before providing personal data.

14) Automated decision‑making

We do not use your personal data for decisions based solely on automated processing that have legal or similarly significant effects. If this changes, we will inform you and explain your rights.

15) Changes to this policy

We may update this policy from time to time. We will post the new version on this page. If changes are material, we will notify you by email or prominent notice on the Site.

16) Contact us

Questions or requests about this policy? Contact courses@academyofbloodchemistry.com or write to Academy of Blood Chemistry Ltd, Unit 2, 2 Woodberry  Grove, London, N12 0DR.