Privacy Policy

Introduction

Welcome to Mindless Academy. We are committed to protecting your privacy and ensuring transparency about how we handle your personal information.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and your rights regarding your personal information.

By using the Mindless Academy platform ("Platform"), you agree to the collection and use of your personal information as described in this Privacy Policy. This policy should be read alongside our Terms of Service.

1. Information We Collect

1.1 Information You Provide to Us

1.2 Special Category Data (Sensitive Personal Information)

We may collect special category personal data, which is always optional unless required for legal compliance (such as reasonable adjustments for disabilities):

• • Disability status and accessibility requirements
• • Health information (where you choose to disclose it)
• • Ethnic origin or racial background
• • Gender identity
• • Age or date of birth
• • Home postcode (first 4 characters)
• • Care responsibilities
• • Student status (home/international)
• • Employment status

You are never required to provide optional special category data to participate in programmes. We only collect this data to better understand our impact, improve inclusivity, and provide necessary accommodations.

1.3 Information We Collect Automatically

1.4 Information from Third Parties

2. How We Use Your Information

2.1 To Provide and Improve Our Services

Legal Basis: Performance of a contract with you

We use your information to:

• • Create and manage your account
• • Provide access to courses and programmes
• • Track your progress and assess your work
• • Issue certificates and credentials
• • Send transactional emails and notifications
• • Provide technical support
• • Improve platform functionality and user experience

2.2 To Coordinate with Educational Institutions

Legal Basis: Performance of a contract / Your consent

If you participate through a university partnership, we use your information to:

• • Verify your eligibility
• • Coordinate with university staff on programme delivery
• • Share progress reports and completion data with your institution
• • Manage cohorts and programme capacity
• • Support academic assessment and quality assurance

2.3 For Research and Impact Assessment

Legal Basis: Legitimate interests

We use your information to:

• • Analyse learning outcomes and programme effectiveness
• • Conduct research on employability and skills development
• • Generate insights on platform usage and engagement
• • Create anonymised or aggregated reports
• • Measure social impact and educational outcomes
• • Develop new programmes and features

Our legitimate interest is improving educational outcomes and demonstrating our social impact. We believe this use is proportionate and in line with your reasonable expectations as it directly supports the quality and effectiveness of our educational services.

2.4 For Partner Engagement

Legal Basis: Legitimate interests / Your consent

We may use your information to:

• • Share your work with employers participating in challenges or work experiences
• • Facilitate recruitment and talent identification opportunities
• • Provide programme reports to government agencies for policy development
• • Support partner organisations in delivering collaborative programmes
• • Enable professional development opportunities

2.5 For Communications and Marketing

Legal Basis: Legitimate interests (you can opt out at any time)

We use your contact information to:

• • Send updates about new programmes and opportunities
• • Share newsletters and announcements
• • Invite you to events and webinars
• • Request feedback or testimonials
• • Inform you of similar opportunities if your application was unsuccessful

You can unsubscribe from marketing emails at any time using the link in our emails or by contacting info@mindlessacademy.com.

2.6 For Reasonable Adjustments and Accessibility

Legal Basis: Legal obligation / Your explicit consent

We use special category data (disability and health information) to:

• • Provide reasonable adjustments and accommodations
• • Ensure accessible programme delivery
• • Comply with UK equality and accessibility legislation

2.7 For Legal Compliance and Protection

Legal Basis: Legal obligation / Legitimate interests

We use your information to:

• • Comply with legal and regulatory requirements
• • Enforce our Terms of Service
• • Prevent fraud, abuse, and security threats
• • Protect our rights and property
• • Respond to legal requests and court orders

3. Who We Share Your Information With

We do not sell your personal data to anyone.

We share your information only in the following circumstances:

3.1 Universities and Educational Institutions

If you participate through a university partnership, we share the following with your institution:

• • Your name, student ID, and contact details
• • Programme enrollment and participation records
• • Progress updates and completion status
• • Assessment results and performance data
• • Your content submissions (assignments, projects, reflections)
• • Survey responses and feedback
• • Demographic information (if provided by you)

This information is typically shared via secure, password-protected documents approximately 2 weeks after programme completion and becomes part of your educational record.

Anonymity option: In some cases, you may request that certain data be shared anonymously. Contact info@mindlessacademy.com to discuss options.

3.2 Employers and Partner Organisations

If you participate in employer-sponsored programmes or challenges, we may share:

• • Your name and contact information (with your consent)
• • Relevant content you create (projects, challenge submissions)
• • Participation and performance information
• • Profile details relevant to the opportunity

Employers may use this information for recruitment, feedback, professional development, or talent identification.

3.3 Government and Research Bodies

We may share anonymised, aggregated, or (where necessary) individual data with:

• • UK government departments and agencies
• • Research institutions and policy organisations
• • Regulatory and oversight bodies

This sharing supports policy development, impact evaluation, education research, and compliance with legal obligations.

3.4 Service Providers

We work with trusted third-party service providers who process data on our behalf to deliver our services:

• • Platform Hosting: Infrastructure and server providers
• • Cloud Storage: Document storage and file management systems
• • Analytics: Website and platform analytics tools
• • Email Services: Transactional and marketing email delivery
• • Payment Processing: Payment gateway providers (if applicable)

All service providers are contractually bound to protect your data in accordance with UK GDPR and may only use your data to provide services to us.

3.5 Business Transfers

If Mindless Academy is involved in a merger, acquisition, or asset sale, your personal information may be transferred to the acquiring entity. We will notify you of any such change and provide options regarding your data.

3.6 Legal Requirements

We may disclose your information when required by law or to:

• • Comply with legal processes (court orders, subpoenas)
• • Respond to government or regulatory requests
• • Protect our rights, property, or safety
• • Prevent illegal activity or security threats
• • Enforce our Terms of Service

4. International Data Transfers

The UK is no longer part of the European Economic Area (EEA) but maintains equivalent data protection standards under UK GDPR.

Some of our service providers are located outside the UK and EEA, which means your data may be transferred internationally. Countries may include Canada, the United States, and the European Union.

How We Protect International Transfers:

We ensure all international transfers are protected by appropriate safeguards:

• • Standard Contractual Clauses (SCCs) approved by the EU Commission and UK Government
• • Adequacy decisions where countries provide adequate data protection
• • Data Privacy Framework participation (for US-based providers)
• • Binding Corporate Rules of multinational organisations
• • Contractual commitments requiring equivalent protection standards

Your Rights: You can request details about specific countries, safeguards, and obtain copies of transfer mechanisms by contacting info@mindlessacademy.com.

5. How Long We Keep Your Data

We retain personal data only as long as necessary for the purposes described in this policy.

5.1 Active Users

While your account is active, we retain your data to provide services and support your learning.

5.2 Inactive Accounts

After your account becomes inactive (no login or activity), we retain data for:

• Up to 6 years after inactivity or programme completion

We retain this data for:

• • Business records and reporting to partners
• • University reporting and educational records
• • Impact assessment and research
• • Legal obligations and potential claims
• • Contractual obligations to partners

5.3 Marketing Data

If you opt out of marketing, we keep your email on a suppression list to ensure we don't contact you again.

5.4 Legal Requirements

We may retain certain data beyond standard periods where required by law or for legal proceedings.

5.5 Anonymised Data

We may retain anonymised or aggregated data indefinitely for research and statistical purposes. This data cannot identify you.

5.6 Account Deletion

You can request deletion of your account and data at any time by emailing info@mindlessacademy.com. We will process deletion requests within 30 days.

Please note:

• • Some data may be retained where we have legal obligations
• • Content licensed to us may continue to be used in anonymised form
• • Deletion may affect access to certificates or credentials
• • Your university may retain data separately as part of your educational record

6. Data Security

We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it.

Our Security Measures:

• • Encryption: Data is encrypted in transit (SSL/TLS) and at rest
• • Access Controls: Strict access restrictions on a need-to-know basis
• • Authentication: Secure login with password protection
• • Monitoring: Regular security monitoring and vulnerability assessments
• • Infrastructure: Use of reputable, security-certified cloud providers
• • Training: Regular data protection training for all staff
• • Incident Response: Procedures for detecting and responding to breaches

Data Breach Notification:

If we experience a data breach that poses a risk to your rights and freedoms, we will notify you and the UK Information Commissioner's Office (ICO) without undue delay as required by law.

Your Responsibility:

You are responsible for keeping your account credentials confidential. Please notify us immediately at info@mindlessacademy.com if you suspect unauthorised access.

Identity Verification:

We may request proof of identity before disclosing personal information to protect your data from unauthorised access.

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

7.1 Right of Access

You can request a copy of the personal data we hold about you and information about how we process it.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

7.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances:

• • The data is no longer necessary for the original purposes
• • You withdraw consent (where processing was based on consent)
• • You object to processing and there are no overriding legitimate grounds
• • The processing is unlawful
• • We have a legal obligation to delete

Note: This right is not absolute. We may need to retain certain data for legal, contractual, or legitimate business reasons.

7.4 Right to Restrict Processing

You can request restriction of processing when:

• • You contest the accuracy of the data (while we verify)
• • Processing is unlawful but you prefer restriction over deletion
• • We no longer need the data but you need it for legal claims
• • You have objected to processing (while we verify legitimate grounds)

7.5 Right to Data Portability

You can receive your personal data in a structured, machine-readable format and transmit it to another provider where:

• • Processing is based on consent or contract
• • Processing is carried out by automated means

7.6 Right to Object

You can object to:

• • Processing based on legitimate interests
• • Direct marketing (including profiling)
• • Processing for research or statistics

If you object to legitimate interest processing, we will stop unless we demonstrate compelling grounds that override your interests.

7.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time. This doesn't affect the lawfulness of processing before withdrawal.

7.8 Automated Decision-Making

You have rights regarding automated decision-making and profiling. We do not currently use automated decision-making that produces legal or similarly significant effects.

7.9 Right to Complain

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

• • Website: www.ico.org.uk
• • Helpline: 0303 123 1113
• • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We encourage you to contact us first at info@mindlessacademy.com so we can address your concerns directly.

8. How to Exercise Your Rights

To exercise any of your rights, please contact us:

Our Response Time:

• • We will respond within one month of receiving your request
• • In complex cases, we may extend by up to two months and will inform you
• • We will not charge a fee unless the request is manifestly unfounded, excessive, or repetitive
• • We may request proof of identity to verify your request

9. Cookies and Tracking Technologies

9.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our Platform. They help us provide a better user experience and improve our services.

9.2 Types of Cookies We Use

9.3 Managing Cookies

You can control cookies through your browser settings:

• • Accept all cookies - Full functionality and personalised experience
• • Reject non-essential cookies - Basic functionality only
• • Manage preferences - Choose which cookie types to allow

Most browsers allow you to:

• • View what cookies are stored
• • Delete cookies
• • Block cookies from specific sites
• • Block all cookies

Important: Disabling certain cookies may limit your ability to use some Platform features.

For more information about cookies and how to manage them, visit: www.aboutcookies.org

Consent: By using the Platform, you consent to our use of cookies as described in this policy. You can withdraw consent at any time by adjusting your browser settings.

10. Children's Privacy

The Platform is intended for users aged 18 and over. We do not knowingly collect personal information from individuals under 18.

If we become aware that we have inadvertently collected data from someone under 18, we will take immediate steps to delete that information.

If you believe we have collected information from someone under 18, please contact us at info@mindlessacademy.com.

11. Third-Party Links

The Platform may contain links to third-party websites, services, or resources not operated by Mindless Academy.

We are not responsible for:

• • Privacy practices of third-party websites
• • Content or security of external sites
• • Data you provide to third parties

Your interactions with third-party services are governed by their own terms and privacy policies. We encourage you to review the privacy policies of any third-party services before providing personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations.

When we make changes:

• • We will update the "Last Updated" date at the top
• • Material changes will be notified by email (where we have your email) or through a prominent notice on the Platform at least 14 days before changes take effect
• • Continued use of the Platform after changes take effect constitutes acceptance

We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices:

14. Acknowledgment

BY USING THE PLATFORM, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY.