Privacy Policy

Effective date: 22 September 2025

WHO WE ARE

This privacy policy explains how Jacalyn James Ltd (company number 12682976, registered at 24 St. Peters Road, Plymouth, England, PL5 3DE) collects, uses, stores, and protects your personal data.

Our trading names and websites include Jacalyn James, Jacalyn James Training, Skin School, jacalynjames.co.uk and skinschool.jacalynjames.co.uk.

We are the data controller for your personal data. If you have questions, contact us at [email protected]

Our Data Protection Lead is Den Williams.

WHAT THIS POLICY COVERS

This policy applies when you:

  • browse or use our websites
  • buy or enrol in courses or digital downloads
  • create an account or contact us for support
  • receive communications from us
  • work with us as a supplier, contractor, or partner

WHAT DATA WE COLLECT

Data you provide

  • Identity and contact details such as name, email, phone, and address
  • Account data such as login, password, and preferences
  • Purchase data such as order history, billing details, and payment method
  • Course enrolments, progress, assessments, and certificates
  • Enquiries, emails, or support requests
  • Marketing preferences such as email sign-ups

Data we collect automatically

  • IP address, browser, device type, operating system, and referral links
  • Website usage data such as page views and session duration
  • Cookie data. See our Cookie Policy

Data from third parties

  • Payment data from Stripe, Klarna, and ClearPay
  • Website and analytics data from Google Analytics
  • Marketing data from Facebook Ads and Google Ads

We do not collect health or special category data.

LAWFUL BASES FOR PROCESSING

We only process data where UK GDPR allows:

  • Contract – to create accounts, deliver courses, and process payments
  • Consent – for email marketing and non-essential cookies
  • Legitimate interests – to improve services, secure systems, prevent fraud, and market to existing customers
  • Legal obligations – for tax, accounting, and compliance

HOW WE USE DATA

  • Deliver and manage courses, accounts, and certificates
  • Process payments and provide customer support
  • Send updates about services and changes
  • Send marketing communications where you have consented or where lawful
  • Run analytics to improve performance
  • Secure our systems and prevent fraud

MARKETING

  • We send email marketing through MailLite if you opt in, or where you are an existing customer and it is lawful to do so.
  • You can opt out at any time by clicking “unsubscribe” or contacting us.
  • We use Facebook and Google Ads to run marketing campaigns.

COOKIES

We use cookies to make our websites work, analyse performance, and support marketing.

  • Essential cookies are required for site use
  • Non-essential cookies require your consent under PECR
  • You can manage or withdraw consent at any time

AUTOMATED DECISION-MAKING

We do not use automated decision-making or profiling that has legal or significant effects.

WHO WE SHARE DATA WITH

We do not sell your data. We share data with:

  • Service providers such as hosting platforms, Learndash (our course platform), MailLite (email), Stripe/Klarna/ClearPay (payments), and Google Analytics
  • Facebook Ads and Google Ads for marketing purposes
  • Professional advisers, accountants, and insurers where required
  • Authorities or regulators if legally obliged

We do not share customer data with The CPD Group.

INTERNATIONAL TRANSFERS

We currently do not transfer your data outside the UK or EEA.

HOW LONG WE KEEP DATA

We keep personal data only as long as necessary:

  • Account, order, and payment records: 6 years for tax purposes
  • Marketing data: up to 12 months from last engagement or until you opt out
  • Course records and certificates: for the life of the certificate plus a reasonable period for verification
  • Support queries: up to 12 months after resolution

SECURITY

We use technical and organisational safeguards including encryption, access controls, and regular monitoring. While no method is 100% secure, we take steps to reduce risk.

YOUR RIGHTS

Under UK GDPR, you have the right to:

  • Be informed about how we use your data
  • Access your data
  • Correct inaccurate data
  • Request deletion in certain cases
  • Restrict or object to processing
  • Receive your data in portable format (where applicable)
  • Withdraw consent where processing is based on consent
  • Complain to the Information Commissioner’s Office (ICO)

ICO contact:

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
www.ico.org.uk

CHILDREN

Our services are designed for adults and professionals. We do not knowingly collect children’s data.

CHANGES TO THIS POLICY

We will update this policy if our practices or the law changes. The latest version will always be posted here with the effective date.

CONTACT US

For questions or to exercise your rights, email: [email protected]