LEGAL · UK GDPR COMPLIANT

Privacy Policy 2026

How uAcademy collects, uses and protects your personal data — written in plain English, structured for your rights under UK GDPR.

Last updated Written by Jay Lee, Founder

The short version

  • Who we are: uAcademy, an online training platform operated by Jay Lee from the UK.
  • What we collect: your name, email, order details, and basic technical data to run the site and deliver your courses.
  • Why we collect it: to take payments, give you access to your course, answer your questions and (with your permission) send marketing emails.
  • Who we share it with: Stripe, PayPal and Klarna for payments, our learning platform to host courses, and nobody else without a legal reason.
  • Your rights: you can see, correct, delete or export your data at any time. Email contact@uacademy.co.uk and we’ll handle it within one month.

On this page

  1. Who we are
  2. What we collect
  3. How we use your data
  4. Legal basis for processing
  5. Who we share it with
  6. How long we keep it
  7. Cookies
  8. Your rights
  9. Security
  10. Third-party links
  11. Changes to this policy
  12. How to contact us

uAcademy is committed to protecting your privacy. This policy explains what personal data we collect, why we collect it, what we do with it and the rights you have over it. It applies to everyone who visits uacademy.co.uk, creates an account, buys a course or gets in touch with us.

1. Who we are

uAcademy is an online training platform offering professional UK financial qualifications including CeMAP, CeRER and Property Development, alongside Life in the UK Test preparation. The site is owned and operated by Jay Lee.

For the purposes of UK GDPR, uAcademy is the data controller for any personal data collected through this website. That means we decide how and why your data is used, and we’re responsible for keeping it safe.

Contact the data controller: email contact@uacademy.co.uk with “Privacy” in the subject line and we’ll respond within 30 days.

2. What information we collect

We only collect the data we actually need. Here’s what gets collected, and when:

When you browse the site

  • Your IP address, browser type, device type and operating system
  • Pages you visit, how you got here, and how long you stay
  • Cookies (see section 7)

When you create an account or buy a course

  • Your full name and email address
  • Billing address and phone number
  • Order details — which course, when you bought it, how much you paid
  • Payment confirmation (we never see or store your card details — those go straight to Stripe, PayPal or Klarna)
  • Your course progress, quiz scores and completion data

When you contact us or subscribe

  • Your name, email and the content of your message
  • Email address if you sign up for our newsletter or free trial

3. How we use your data

Every piece of data we collect has a specific purpose. We don’t collect data “just in case”.

  • Delivering your course: to give you access to the lessons, track your progress and issue any completion confirmations
  • Processing payments: passing payment information to Stripe, PayPal or Klarna so they can charge your card
  • Customer support: answering your questions, fixing problems and handling refunds
  • Account management: letting you log in, reset your password and view your order history
  • Marketing (only with consent): sending you study tips, exam updates and discount offers by email — you can unsubscribe at any time with one click
  • Improving the site: analysing which pages are popular, which courses people prefer and where visitors get stuck
  • Legal obligations: keeping order records for HMRC, dealing with chargebacks and responding to lawful requests

We do not and will never sell your personal data to third parties.

Under UK GDPR, we can only process your personal data if we have a valid legal reason. Here’s the legal basis for each thing we do:

What we’re doingLegal basis
Processing your order and giving you course accessContract — we need your data to fulfil the course purchase
Responding to your questions or complaintsContract or legitimate interest
Keeping accounting and tax recordsLegal obligation — HMRC requires 6 years of records
Sending marketing emailsConsent — you opt in, you can opt out
Site analytics and improving the serviceLegitimate interest — and cookies used for this need consent
Preventing fraud and chargebacksLegitimate interest

5. Who we share your data with

We only share your data with the third parties we genuinely need to run the business. Each of them has their own privacy policy and is contractually obliged to keep your data safe.

Payment processors

Service providers

  • Our hosting provider — the servers that run this website
  • Our learning management system — where your course content and progress are stored
  • Email marketing platform — only if you’ve opted in to receive our emails
  • Google Analytics — anonymised traffic data to help us improve the site (only with your cookie consent)

Legal reasons

We may also disclose your data if we’re legally required to do so — for example in response to a court order, a request from law enforcement, or to defend our legal rights.

6. How long we keep your data

We don’t hold onto data forever. Different types of data are kept for different lengths of time:

Type of dataHow long
Order and payment records6 years (HMRC requirement)
Your course account and progressAs long as your account is active, then 12 months after last login
Marketing email listUntil you unsubscribe or 2 years of inactivity
Contact form messages2 years, then deleted
Website analytics data14 months (Google Analytics default)
CookiesSee section 7 — varies by cookie type

If you ask us to delete your data earlier, we will — as long as we’re not legally required to keep it.

7. Cookies

A cookie is a small text file that websites save on your device. They let us remember you between visits, keep items in your basket, and understand how people use the site.

The cookies we use

  • Essential cookies: needed for the site to work — logging in, basket contents, checkout. These can’t be turned off.
  • Analytics cookies: Google Analytics, which tells us anonymised things like “200 people read the CeMAP page this week”. Only set if you accept them.
  • Marketing cookies: used to show relevant ads on other platforms. Only set if you accept them.

You can manage cookies through your browser settings — most browsers let you block or delete them. Blocking essential cookies may stop parts of the site from working. Declining analytics and marketing cookies will not affect your ability to buy or use a course.

8. Your rights under UK GDPR

You have eight rights over the personal data we hold about you. These are set out in UK GDPR and we take them seriously.

Right to be informedKnow what data we hold and why — that’s what this policy is for.
Right of accessRequest a copy of all personal data we hold on you.
Right to rectificationAsk us to correct data that’s wrong or out of date.
Right to erasureAsk us to delete your data, subject to legal requirements.
Right to restrict processingTell us to pause using your data while we sort out a dispute.
Right to data portabilityGet your data in a portable format to take elsewhere.
Right to objectObject to us using your data — especially for marketing.
Right to withdraw consentWithdraw permission at any time where processing is based on consent.

How to exercise your rights

Email contact@uacademy.co.uk with “Data request” in the subject line and tell us what you need. We’ll respond within one calendar month, as required by law. There’s no charge for this.

Not happy with our response? You have the right to complain to the Information Commissioner’s Office (ICO), the UK’s data protection regulator. Visit ico.org.uk/make-a-complaint or call 0303 123 1113. We’d prefer a chance to fix things first — do drop us an email before going to the ICO.

9. How we keep your data safe

We take data security seriously and have put in place physical, electronic and procedural safeguards:

  • SSL encryption across the entire site — every page uses HTTPS
  • Card payments handled entirely by PCI-DSS compliant processors (Stripe, PayPal, Klarna) — we never store card numbers
  • Strong password hashing for user accounts
  • Regular software updates and security patches
  • Access controls so only authorised people can see customer data

That said, no system on the internet can be 100% secure. We do our best, but if you ever spot something that looks off, please let us know immediately.

Our site contains links to other websites — the LIBF, ICO, Stripe, and various study resources. Once you click one of those links, you’re on their site and their privacy policy applies, not ours. We’re not responsible for what other websites do with your data, so do check their policies before sharing anything sensitive.

11. Changes to this policy

We may update this policy from time to time — usually to reflect changes to the law, new services we offer, or better ways of explaining what we do. When we make significant changes, we’ll update the “Last Updated” date at the top of this page.

For major changes that affect how we use existing customer data, we’ll email active account holders directly.

12. How to contact us

Email us about anything privacy-related

contact@uacademy.co.uk — we’ll respond within 30 days, usually much faster. You can also reach us through our contact page.

For general questions, visit our FAQ page or learn more about us on the about page. Our terms and conditions sit alongside this policy.

Last updated · Written by Jay Lee, Founder of uAcademy

Start your new career today

Get 15% off your first CeMAP course — straight to your inbox.

Homepage and Footer Opt-In

uAcademy is an independent online training provider. CeMAP and CeRER qualifications are awarded by The London Institute of Banking & Finance (LIBF), not by uAcademy. This privacy policy applies to uacademy.co.uk only. © uAcademy. All rights reserved.

Last Updated on April 10th, 2026 by Jay Lee