Privacy Policy

Introduction and Scope

xerionlaveta ("we," "us," or "our") operates as a comprehensive financial education platform, providing advanced training in financial analysis techniques to professionals across the United Kingdom and internationally. This Privacy Policy explains how we collect, use, process, store, and protect your personal data when you interact with our services, website, educational programs, and digital platforms.

This policy applies to all personal data we process about you, whether you're a current student, prospective learner, website visitor, or anyone who interacts with our services. We are committed to protecting your privacy rights under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.

Data Controller Information

xerionlaveta acts as the data controller for the personal data we process. We are registered with the Information Commissioner's Office (ICO) under registration number [ICO Registration Number]. Our registered address is Inside Sainsbury's, Quantock Rise, Park, Luton LU3 4AB, United Kingdom.

Personal Data We Collect

We collect various types of personal data to provide our educational services effectively and maintain legitimate business operations. The categories of personal data we collect include:

Special Categories of Personal Data

We may occasionally process special categories of personal data (sensitive personal data) such as health information if you request reasonable adjustments for our services, or diversity information if you voluntarily provide it for our equality monitoring purposes. We only process such data with your explicit consent or where legally required.

How We Collect Your Data

We collect personal data through several methods, each designed to enhance your educational experience while respecting your privacy preferences:

• Direct Collection: When you register for courses, create an account, complete contact forms, subscribe to newsletters, or communicate with our support team
• Automatic Collection: Through cookies, analytics tools, and tracking technologies when you use our website and digital platforms
• Third-Party Sources: From payment processors, social media platforms (if you choose to connect them), and educational partners with whom we collaborate
• Public Sources: Professional networking sites and public directories when you give us permission to connect with you professionally
• Educational Interactions: During live sessions, webinars, assessments, and other educational activities you participate in

Purposes of Data Processing

We process your personal data for several legitimate business and educational purposes. Each purpose is supported by appropriate legal bases under UK data protection law:

1. Service Delivery: To provide educational services, deliver course content, track your progress, and issue certifications upon completion
2. Account Management: To create and maintain your account, process registrations, and manage your subscription or enrollment status
3. Payment Processing: To process payments, manage billing, handle refunds, and maintain financial records for accounting purposes
4. Communication: To send important updates about your courses, respond to inquiries, and provide customer support
5. Educational Improvement: To analyze learning outcomes, improve course content, and develop new educational materials based on student feedback
6. Marketing and Outreach: To send promotional materials about new courses and educational opportunities (with your consent)
7. Legal Compliance: To comply with legal obligations, respond to lawful requests, and protect our legal rights
8. Security and Fraud Prevention: To protect our systems, prevent unauthorized access, and detect fraudulent activities

Legal Bases for Processing

Under UK GDPR, we rely on several legal bases for processing your personal data:

• Contract Performance: Processing necessary to fulfill our educational services contract with you
• Legitimate Interests: For improving our services, security purposes, and business development activities
• Consent: For marketing communications and optional services (you can withdraw consent at any time)
• Legal Obligation: When required by law, such as for tax reporting or regulatory compliance
• Vital Interests: In rare cases where processing is necessary to protect someone's life or health

Data Sharing and Third-Party Disclosure

We carefully control how your personal data is shared and only disclose it to trusted third parties when necessary for legitimate business purposes. We never sell your personal data to third parties for marketing purposes.

Categories of Recipients

• Educational Partners: Accredited institutions and professional bodies for certification purposes
• Technology Service Providers: Cloud hosting services, learning management systems, and educational technology platforms
• Payment Processors: Secure payment handling services and financial institutions for transaction processing
• Professional Service Providers: Legal advisors, accountants, and business consultants who assist with our operations
• Marketing and Analytics Providers: Email marketing platforms and analytics services (with appropriate data processing agreements)
• Regulatory Authorities: Government agencies, tax authorities, and regulatory bodies when legally required

International Data Transfers

Some of our service providers are located outside the United Kingdom. When we transfer personal data internationally, we ensure appropriate safeguards are in place, such as:

• European Commission adequacy decisions for countries with adequate data protection
• Standard Contractual Clauses (SCCs) approved by the ICO
• Certification schemes and codes of conduct recognized under UK GDPR
• Corporate binding rules for multinational service providers

Your Privacy Rights

Under UK data protection law, you have several important rights regarding your personal data. These rights are designed to give you control over how your information is used:

1. Right of Access: Request copies of your personal data and information about how we process it
2. Right to Rectification: Ask us to correct inaccurate or incomplete personal data
3. Right to Erasure: Request deletion of your personal data in certain circumstances
4. Right to Restrict Processing: Ask us to limit how we use your personal data
5. Right to Data Portability: Receive your personal data in a structured, machine-readable format
6. Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
7. Rights Related to Automated Decision-Making: Not to be subject to decisions based solely on automated processing
8. Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer using the contact information provided below. We will respond to your request within one month of receipt, though this may be extended by two additional months for complex requests.

When making a request, please provide sufficient information to allow us to verify your identity and locate your personal data. This helps us protect your privacy and prevent unauthorized access to your information.

Data Security and Protection Measures

We implement comprehensive technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security framework includes:

• Encryption: All data transmissions are encrypted using industry-standard SSL/TLS protocols
• Access Controls: Strict authentication and authorization procedures for all staff and systems
• Regular Security Assessments: Periodic penetration testing and vulnerability assessments
• Data Backup and Recovery: Secure backup procedures and tested disaster recovery plans
• Staff Training: Regular data protection and security awareness training for all employees
• Incident Response: Established procedures for detecting, investigating, and responding to security incidents

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

Data Retention and Deletion

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and protect our legitimate interests. Our retention periods vary depending on the type of data and our relationship with you:

When personal data is no longer required, we securely delete or anonymize it in accordance with our data destruction procedures. Some data may be retained in anonymized form for statistical or research purposes.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website performance, and provide personalized content. We categorize cookies into several types:

• Essential Cookies: Necessary for website functionality and cannot be disabled
• Performance Cookies: Help us understand how visitors interact with our website
• Functional Cookies: Enable enhanced functionality and personalization
• Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness

You can control cookie preferences through your browser settings or our cookie consent tool. Please note that disabling certain cookies may affect website functionality and your user experience.

Children's Privacy

Our services are designed for adult learners and professionals. We do not knowingly collect personal data from individuals under 16 years of age without appropriate parental consent. If you are under 16, please do not provide personal information through our website or services without your parent or guardian's permission.

If we become aware that we have collected personal data from a child under 16 without proper consent, we will take steps to delete that information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will notify you through appropriate means, such as email notification or prominent website notices.

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your personal data. The "Last Updated" date at the top of this policy indicates when the most recent changes were made.

Complaints and Regulatory Contact

If you have concerns about how we handle your personal data, please contact us first so we can address your concerns directly. If you remain unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).