Privacy Policy

Privacy Policy

Effective date: 2025/01/01

Naarai Academy (“we,” “our,” or “us”) respects your privacy and is committed to protecting your personal data and your child’s personal data. This policy explains how we collect, use, and safeguard information when you interact with our website, courses, and services.

 

1. Who We Are

We are Naarai Academy, an online learning platform offering courses and activities for children and young people.

Contact details:
Email: he***@****ai.academy
Phone: +442080581890
Registered Address: Unit 5, Block B, Knowledge Gateway, Nesfield Rd, Colchester CO4 3ZL, United Kingdom

We are the “data controller” of your personal information and your child’s personal information for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Parental Consent

Because our services involve children under the age of 18, we require explicit consent from a parent or legal guardian before collecting or processing any child’s personal data.

By submitting an application or enrolling a child, you confirm that:

  • You are the child’s parent or legal guardian.

  • You give your explicit consent for Naarai Academy to collect, store, and process your child’s personal information for the purposes described in this policy.

  • You understand you can withdraw consent at any time by contacting us (see Section 11).

Without this consent, we will not be able to process an application or enrolment.

3. Information We Collect

a) Information you provide to us

  • Parent/guardian details (name, email, phone number, address)

  • Child’s first name, age, preferred pronouns, course preferences, time slot preferences

  • Payment details (processed securely via Stripe — we do not store full card numbers)

  • Communications you send to us (emails, contact forms, messages)

b) Information we collect automatically

  • IP address, browser type, device type, pages visited (via cookies and analytics tools)

4. How We Use Your Information

We process your personal data and your child’s personal data for the following purposes:

  • Course administration — managing applications, enrolments, scheduling, and communication.

  • Payments — processing deposits and course fees through Stripe.

  • Safety and safeguarding — meeting child protection obligations and verifying eligibility.

  • Marketing (with consent) — sending updates, offers, and newsletters to parents/guardians only.

  • Legal compliance — meeting UK tax, safeguarding, and educational regulations.

5. Lawful Bases for Processing (UK GDPR Article 6 & Article 8)

We process personal data under the following lawful bases:

  • Contract — to deliver the educational services you request.

  • Consent — for processing children’s personal data and for marketing communications.

  • Legal obligation — to comply with safeguarding, tax, and other UK laws.

  • Legitimate interests — to improve services and ensure safety.

Processing of children’s personal data under Article 8 of the UK GDPR is lawful only with verifiable parental consent, which we obtain at the point of application.

6. How We Store and Protect Your Data

We take data security seriously and use a combination of organisational and technical measures:

  • Data is stored securely on internal servers located in the UK/EU with restricted access.

  • Personal data is encrypted where appropriate, and all systems are password-protected with multi-factor authentication.

  • Access to child data is limited to staff who require it for legitimate educational purposes.

  • We conduct periodic security reviews to ensure continued compliance with UK GDPR.

7. How We Share Your Data

We do not sell your personal data. We may share information with:

  • Payment processors (Stripe) — for secure transaction handling.

  • Email service providers — for sending necessary communications to parents/guardians.

  • Legal authorities — if required by safeguarding laws, court orders, or government regulations.

All third-party processors are vetted for UK GDPR compliance and bound by data processing agreements.

8. International Transfers

If we transfer personal data outside the UK (e.g., Stripe’s US servers), we ensure adequate safeguards are in place, such as UK-approved standard contractual clauses or equivalent protections.

9. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Course enrolment records — up to 6 years after completion (for legal/tax reasons).

  • Marketing data — until you withdraw consent.

  • Payment records — retained as required by UK tax law.

  • Safeguarding records — as required by law.

10. Your Rights Under UK GDPR

You have the right to:

  • Access the personal data we hold about you and your child.

  • Correct inaccurate or incomplete data.

  • Request deletion of your personal data.

  • Restrict or object to processing.

  • Request a copy of your data in a portable format.

  • Withdraw consent at any time.

To exercise these rights, contact us at he***@****ai.academy. We may require proof of identity to protect the privacy of the child.

11. Cookies

We use cookies to enhance site functionality and analyse usage. You can disable cookies via your browser settings, but some features may not function properly without them.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date.

Contact Us:
If you have questions about this Privacy Policy, please email he***@****ai.academy.