PRIVACY POLICY

Last updated: June 25, 2025

15Degrees-North Ltd, trading as Onion Training Academy (“we”, “us”, “our”), is committed to protecting your personal data under the UK GDPR and Data Protection Act 2018. This policy explains how we collect, use and safeguard your information when you visit https://onion.training, enrol in our Level 3 Software Testing Course, or receive our marketing communications.

1. Data Controller

We are the data controller for your personal data.

Contact:

15Degrees-North Ltd

124 City Road, London, EC1V 2NX

Registered Company No: 9065113

Email: Use our contact form

Please notify us of any changes to your personal data via the contact form to keep our records accurate.

2. Data We Collect

– Communication Data: Information from contact forms, emails, social media, or other communications (e.g., name, email).

– Customer Data: Name, billing address, email, phone, payment details for course purchases (incl. VAT).

– User Data: Website usage data (e.g., pages visited, posts) for service delivery.

– Technical Data: IP address, browser details, page views from analytics tools (e.g., Google Analytics).

– Marketing Data: Preferences for receiving marketing (e.g., newsletters, B2B campaigns).

– Educational Data: Names, quiz results for course participants, including students aged 13โ€“16 with parental/school consent.

We do not collect sensitive data (e.g., race, health, criminal records).

3. How We Use Your Data

– Deliver and manage courses (e.g., access, progress tracking).

– Process payments and invoices (incl. VAT).

– Respond to communications and maintain records.

– Send B2B marketing emails (see Section 6).

– Analyse website usage to improve services and deliver relevant content.

– Ensure website security and compliance with legal obligations.

4. Legal Basis

– Consent: For course enrolment, newsletters, or student data (13โ€“16 years).

– Contract: To deliver courses and process payments.

– Legitimate Interest: For B2B marketing, website analytics and service administration.

– Legal Obligation: To comply with tax or safeguarding requirements.

5. How We Collect Data

– Directly: Via website forms, emails, or course sign-ups.

– Automatically: Through cookies and analytics (see our cookie policy).

– Third Parties: From analytics providers (e.g., Google), payment processors (e.g., WorldPay), or GDPR-compliant data providers for contacts.

6. Email Marketing and Campaign Data Processing

We collect contact data (e.g., names, emails) of UK school staff from public directories or GDPR-compliant lists to promote our Level 3 Software Testing Course. We use tools like FunnelKit to send emails and track engagement (e.g., opens, replies). Our legal basis is legitimate interest (UK GDPR Article 6(1)(f)) for B2B communications. You can opt out via unsubscribe links in emails. Data is retained until opt-out or campaign end and shared only with trusted email providers under data protection agreements.

7. Safeguarding and Educational Data

For students aged 13โ€“16 enrolled via schools, we process data (e.g., names, quiz results) with parental consent or school authorisation, acting as joint controllers with schools. We implement strict security measures and limit access to trained staff. Safeguarding concerns are reported to schools or authorities per UK guidelines. Contact us for details.

8. Data Sharing

We share data with:

– Service Providers: WorldPay (payments), FunnelKit (email marketing), Google Analytics.

– Professional Advisers: Lawyers, accountants for legal/tax compliance.

– Authorities: If required by law.

Third parties process data only for specified purposes under our instructions. We do not sell data.

9. International Transfers

Some providers (e.g., Google, WorldPay) are outside the UK/EEA. We ensure data protection via:

– UK International Data Transfer Agreement (IDTA).

– Countries with UK adequacy decisions (e.g., EU, Canada).

– Standard Contractual Clauses where no adequacy exists.

For specific transfers, we may seek your consent, which you can withdraw.

10. Data Security

We use SSL encryption, access controls and secure servers to protect data. Only authorised staff access your data. We have procedures for data breach response, notifying you and the ICO if required.

11. Data Retention

– Customer Data: 7 years for tax compliance (HMRC).

– Marketing Data: Until opt-out or campaign end.

– Technical Data: 26 months (Google Analytics).

– Educational Data: Until course completion or school request for deletion.

Anonymised data may be retained for research.

12. Your Rights

Under UK GDPR, you can:

– Access, correct, or delete your data.

– Restrict or object to processing.

– Request data portability.

– Withdraw consent.

Contact us. We respond within 30 days, free unless requests are excessive. We may verify your identity. If unsatisfied, contact the ICO (www.ico.org.uk).

13. Third-Party Links

Our site links to third parties (e.g., Trustpilot for 5-star reviews). We are not responsible for their privacy practices. Review their policies when leaving our site.

14. Changes to This Policy

We may update this policy. Check our privacy policy for the latest version. Significant changes will be notified via email or website notice.