School of Charity Finance

    Products

    Effective Date: 2025-11-02

    This Privacy Policy explains how School of Charity Finance ("we", "us", or "our") collects, uses, and protects your personal data when you use the SOCF Hub learning platform. We are committed to protecting your privacy and complying with the UK Data

    Protection Act 2018 and UK GDPR.

    1. Data We Collect

    We collect information in the following ways:

    Information You Provide Directly

    - Account registration details (name, email address)

    - Payment information for course purchases

    - Profile information you choose to add

    - Communications you send to us

    - Course progress and completion data

    Information Collected Automatically

    - Browser type and version

    - Device information

    - IP address and approximate location

    - Pages visited and time spent on the platform

    - Course interaction data and learning analytics

    2. How We Use Your Data

    We process your personal data for the following purposes:

    - Service Delivery: To provide access to purchased courses and platform features

    - Payment Processing: To process transactions and maintain payment records

    - Account Management: To create and maintain your user account

    - Communication: To send course-related updates, receipts, and administrative messages

    - Platform Improvement: To analyze usage patterns and improve our learning platform

    - Legal Compliance: To meet our legal and regulatory obligations

    - Security: To detect and prevent fraud, abuse, and security incidents

    3. Legal Basis for Processing

    We process your personal data under the following legal bases:

    - Contract Performance: To deliver courses and services you have purchased

    - Legitimate Interests: To improve our platform, ensure security, and communicate with you about our services

    - Legal Obligation: To comply with financial, tax, and other legal requirements

    - Consent: Where you have provided explicit consent for specific processing activities

    4. Data Sharing

    We do not sell or rent your personal data to third parties.

    We may share your information with:

    Service Providers

    - AWS (Amazon Web Services): Cloud hosting with data servers located in the United Kingdom

    - Klaviyo: Email marketing and communication services

    - Skool: Community platform for course-related discussions and support

    Other Disclosures

    - Regulatory authorities and law enforcement when required by law

    - Professional advisors (lawyers, accountants) under confidentiality obligations

    - In connection with a business transfer, merger, or acquisition

    5. Third-Party Services

    Our platform uses the following third-party services:

    CourseLit (Self-Hosted)

    We operate our own instance of CourseLit learning management system. Course data and user information are stored on our self-hosted infrastructure, giving us direct control over your data.

    AWS (Amazon Web Services)

    Our infrastructure is hosted on AWS servers located in the United Kingdom. AWS complies with UK GDPR and maintains appropriate security certifications. For more information, see the AWS Privacy Notice at https://aws.amazon.com/privacy/.

    Klaviyo

    We use Klaviyo for email communications. Klaviyo processes email addresses and communication preferences. For more information, see the Klaviyo Privacy Policy at https://www.klaviyo.com/legal/privacy.

    Skool

    We use Skool as a community platform for course discussions and peer support. When you access Skool through our links, you are subject to Skool's own privacy policy. For more information, see the Skool Privacy Policy at https://www.skool.com/privacy-policy.

    Each third-party service provider has its own privacy policy and data protection practices. We recommend reviewing their policies to understand how they handle your data.

    6. International Data Transfers

    Our primary infrastructure (AWS) is located in the United Kingdom, ensuring your data remains within UK jurisdiction.

    Where we use service providers that operate internationally (such as Klaviyo and Skool), we ensure appropriate safeguards are in place:

    - Standard Contractual Clauses (SCCs) approved by UK authorities

    - Adequacy decisions confirming appropriate protection standards

    - Other legally compliant transfer mechanisms

    7. Data Retention

    We retain your personal data for as long as necessary to:

    - Provide you with access to purchased courses

    - Comply with legal obligations (e.g., financial records for 6 years)

    - Resolve disputes and enforce our agreements

    When you request account deletion, we will delete or anonymise your personal data, except where we have a legal obligation to retain certain information.

    8. Your Rights

    Under UK GDPR, you have the following rights:

    - Right of Access: Request a copy of the personal data we hold about you

    - Right to Rectification: Request correction of inaccurate or incomplete data

    - Right to Erasure: Request deletion of your personal data in certain circumstances

    - Right to Restrict Processing: Request that we limit how we use your data

    - Right to Data Portability: Receive your data in a structured, machine-readable format

    - Right to Object: Object to processing based on legitimate interests

    - Right to Withdraw Consent: Withdraw consent for processing that relies on your consent

    To exercise any of these rights, please contact us using the contact information below.

    9. Data Security

    We implement appropriate technical and organisational measures to protect your personal data, including:

    - Encryption of data in transit and at rest

    - Regular security assessments and updates

    - Access controls and authentication measures

    - Secure hosting infrastructure in UK data centres

    - Regular backups and disaster recovery procedures

    However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

    10. Cookies and Tracking

    Our platform uses cookies and similar technologies to:

    - Maintain your logged-in session

    - Remember your preferences

    - Analyse platform usage and performance

    You can control cookie settings through your browser preferences. Note that disabling certain cookies may affect platform functionality.

    11. Children's Privacy

    SOCF Hub is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

    12. Changes to This Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will:

    - Update the "Effective Date" at the top of this policy

    - Notify you via email or platform notification

    - Provide a reasonable period to review changes before they take effect

    Continued use of the platform after changes constitutes acceptance of the updated policy.

    13. Contact Us

    If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

    School of Charity Finance Contact Form: https://schoolofcharityfinance.co.uk/contact

    We will respond to your inquiry within 30 days as required by UK GDPR.

    14. Complaints

    If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the UK supervisory authority:

    Information Commissioner's Office (ICO) Website: https://ico.org.uk/make-a-complaint/

    Telephone: 0303 123 1113

    ---

    This privacy policy was last updated on 2025-11-02.

      School of Charity Finance

      Legal

      Terms of UsePrivacy Policy

      Contact

      Email