About Online Courses Contact

Privacy Policy

Effective Date: 01 January 2025

"Lynn J. Harris" is a trading name of Irene Education Ltd, a company registered in Scotland with company number SC838376 and registered office at 272 Bath Street, Glasgow, Scotland, G2 4JR. In these terms, "we," "our," and "us" refer to Irene Education Ltd, trading as Lynn J. Harris.

We at Lynn J. Harris value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you interact with us, including through our website, programs, and services. Please read this Privacy Policy carefully. By using our services, you agree to the terms of this policy.


1. Information We Collect

We may collect the following types of information:

a. Personal Information:

Information that identifies you as an individual, such as:

  • Name.
  • Email address.
  • Phone number.
  • Mailing address.
  • Payment information.

b. Non-Personal Information:

Information that does not directly identify you, such as:

  • IP address.
  • Browser type and version.
  • Operating system.
  • Browsing behaviour on our website.

c. Sensitive Information:

When necessary, and with your explicit consent, we may collect information related to your professional background or other sensitive personal information, such as health-related details or experiences shared during program participation. Such data is collected solely for tailored program delivery and with clear participant consent.


2. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and improve our services.
  • To process transactions.
  • To communicate with you regarding updates, promotions, or support.
  • To comply with legal obligations.
  • To personalise your experience.
  • To anonymise sensitive data for research, reporting, or program improvement purposes. Anonymised data cannot identify individual participants.
  • To facilitate our operations, including course delivery, licensing, participant registration, and compliance with legal and contractual obligations.
  • To facilitate the joint controller relationship between Irene Education Ltd and Licensees during program delivery. This ensures shared accountability for participant data protection and compliance with applicable laws.

Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases for processing your personal information:

  • Your consent
  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate interests, where they do not override your rights


3. Sharing Your Information

We do not sell your personal information. However, we may share your information with trusted third parties for the following reasons:

  • Service Providers: To assist in delivering our services, such as payment processors or email platforms.
  • Legal Obligations: To comply with laws or respond to lawful requests and legal processes.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets.
  • Joint Controller Relationship: For participant data shared with Licensees in a joint controller capacity for course delivery and certification purposes. Licensees are required to comply with data protection laws and ensure participant consent is obtained for data sharing.
  • Operational Needs: To fulfil requirements related to course facilitation, licensing, and participant support, while ensuring compliance with UK GDPR and other applicable regulations.
  • Cross-Border Transfers: If personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions. Licensees are responsible for ensuring participant consent is obtained before initiating cross-border transfers.

 


4. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce agreements.

  • Participant Data Retention: For data shared with Licensees, we enforce a maximum retention period of six (6) years unless a longer period is required by law. Upon termination of a Licensing Agreement, the Licensee must securely delete or return all participant data to us in compliance with applicable regulations.
  • Anonymised Data Retention: Anonymised data used for program improvement or research may be retained indefinitely as it does not identify individuals.

 


5. Your Rights

Under UK GDPR, you have the following rights regarding your personal information:

  • The right to be informed about how your data is collected and used.
  • The right to access your data.
  • The right to correct inaccuracies.
  • The right to request deletion of your data ("right to be forgotten").
  • The right to restrict or object to processing.
  • The right to data portability.
  • The right to object to automated decision-making and profiling.

How to Exercise Your Rights:

  • To exercise your rights, please contact usWe will respond to your request within one month. In complex cases, we may extend this period by up to two additional months, but we will notify you of any extension.
  • To protect your privacy, we may request verification of your identity before processing your request.

 


6. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. You can control cookies through your browser settings, but disabling cookies may limit certain functionalities of our website.


7. Data Breach Notification

In the event of a data breach, we will notify affected individuals and relevant authorities within 72 hours, as required by UK GDPR, unless the breach is unlikely to result in a risk to your rights and freedoms.

For Licensees:

  • Licensees must notify Irene Education Ltd of any data breach involving participant information within 24 hours of discovery.
  • Irene Education Ltd will assess whether further notification to participants or authorities is necessary and will coordinate the response.

 


8. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read their privacy policies.

If you require assistance accessing this Privacy Policy or related documents, please contact us for alternative formats.

 


9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be effective upon posting to our website with a new effective date. Please review this page periodically for updates.


10. Contact Us

If you have any questions about this Privacy Policy, please contact us.

 

Appendix: Data Processing Agreement (DPA)

This Data Processing Agreement ("DPA") outlines the roles, responsibilities, and obligations of Irene Education Ltd ("Licensor") and any Licensees ("Data Processors") under UK GDPR and other applicable data protection laws.

1. Purpose of Data Processing

The DPA governs the processing of personal data for the following purposes:

  • Delivering training programs and courses
  • Facilitating participant certifications
  • Complying with legal and contractual obligations

2. Roles and Responsibilities

  • Joint Controller Relationship: The Licensor (Irene Education Ltd) and Licensees acknowledge their roles as joint controllers of participant data.
  • Transparency: Both parties must ensure participants are informed of this arrangement at the time of onboarding.
  • Lawful Processing: All data must be processed in compliance with UK GDPR principles.

3. Data Subject Rights

  • Participants have rights to access, rectify, delete, and restrict processing of their data. Both parties must cooperate promptly to fulfill these requests.

4. Security Measures

  • Both parties must implement technical and organisational measures to safeguard data, such as encryption, access controls, and secure storage.

5. Data Breach Notification

  • The Licensee must notify Irene Education Ltd of any data breach within 24 hours of discovery.
  • The Licensor will determine whether notification to participants or authorities is required.

6. Data Retention

  • Participant data must be retained for no more than six (6) years or as required by law. Upon termination of the Licensing Agreement, the Licensee must transfer or securely delete all participant data.

7. Sub-Processors

  • The Licensee may not engage third-party processors without prior written approval from the Licensor.

8. International Data Transfers

  • Licensees must obtain explicit participant consent before transferring data outside the UK. Transfers must comply with UK GDPR, including the use of Standard Contractual Clauses or other lawful safeguards.
  • The Licensor retains the right to review and approve cross-border data transfer arrangements initiated by the Licensee.

9. Liability

  • The Licensee agrees to indemnify the Licensor for any damages or fines resulting from non-compliance with this DPA.


Thank you for trusting us with your personal information.