Ecolinguist Academy Privacy Policy

Last updated: 6 February 2025

This privacy notice tells you what to expect us to do with your personal information.

We respect the privacy of users worldwide. This Privacy Policy complies with UK GDPR, EU GDPR, and other applicable data protection laws. If you are located outside these regions, your rights may vary based on local laws.

We do not sell personal data as defined under CCPA/CPRA. If you are a California resident, you have specific rights regarding your personal data. These rights align with many of the protections already provided under our GDPR-compliant policy below.

We may update or amend this Privacy Policy from time to time. When we do, we will post the revised version and update the “Last updated” date. Your continued use of our services after any changes become effective signifies your acceptance of those changes.

Privacy Notice

Contact details

Norbert Wierzbicki, a sole trader and the owner of the Ecolinguist Academy website, located in the United Kingdom with a business address at Office 680, 3 Fitzroy Place, 1/1, Sauchiehall Street, Finnieston, Glasgow Central, G3 7RH, UK. Please do not send letters to this address. The best way to contact is by email.

Email: norbert@ecolinguist.com

What information we collect, use, and why

We collect or use the following information to provide and improve products and services for clients and members:

  • Names and contact details
  • Addresses
  • Payment details (including card or bank information)
  • Transaction data (including details about payments and purchased products/services)
  • Usage data (including how you interact with our website, products and services)
  • Video recordings (e.g lesson recordings)
  • Audio recordings (e.g., calls)
  • Records of meetings and decisions
  • Account access information
  • Website user information

We collect or use the following personal information for the operation of client or member accounts:

  • Names and contact details
  • Addresses
  • Purchase or service history
  • Account information, including registration details
  • Information used for security purposes
  • Marketing preferences
  • Technical data (browser, operating systems)

We collect or use the following personal information for information updates or marketing purposes:

  • Names and contact details
  • Profile information
  • Marketing preferences
  • Purchase or account history
  • Website and app user journey information
  • IP addresses

We collect or use the following personal information to comply with legal requirements:

  • Name
  • Contact information
  • Client/member account information
  • Any other data required to comply with legal obligations

We collect or use the following personal information for dealing with queries, complaints or claims:

  • Names and contact details
  • Address
  • Payment details
  • Account information
  • Purchase or service history
  • Member or client accounts and records
  • Financial transaction information
  • Correspondence

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are set out below. You can find out more about your data protection rights and the exemptions that may apply on the ICO’s website:

  • Your right of access – You have the right to ask us for copies of your personal information.
    Read more here.
  • Your right to rectification – You can ask us to correct or delete data you think is inaccurate or incomplete.
    Read more here.
  • Your right to erasure – You can ask us to delete your personal information.
    Read more here.
  • Your right to restriction of processing – You have the right to ask us to limit how we use your personal information.
    Read more here.
  • Your right to object to processing – You have the right to object to how we handle your personal data.
    Read more here.
  • Your right to data portability – You have the right to ask us to transfer the data you gave us to another organisation or to you.
    Read more here.
  • Your right to withdraw consent – If we use consent as our lawful basis, you can withdraw it at any time.
    Read more here.

If you make a request, we must respond without undue delay and, in any event, within one month.

To make a data protection rights request, please contact us using the contact details above.

Our lawful bases for collecting and using your data

We may collect and use personal information under these lawful bases:

Our lawful bases for collecting or using personal information to provide and improve products and services for users are:

  • Consent: We have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract: We have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legitimate Interests: We’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
    • Ensuring our offerings meet user needs and expectations (e.g., by improving functionality and user experience).
    • Identifying and resolving any technical or usability issues promptly.
    • Refining our content, features, and overall service quality.
    • Developing new tools or resources based on user feedback and interaction trends.

    We have carefully considered individuals’ rights and freedoms and concluded that our interest in delivering a reliable, high-quality service—and in making ongoing enhancements—does not override individuals’ rights to privacy. We only collect information that is relevant and necessary for these purposes and always implement appropriate safeguards to protect personal data.

Our lawful bases for collecting or using personal information for the operation of user accounts are:

  • Consent: We have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract: We have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legitimate Interests: We’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
    • Verifying and authenticating users to protect their account security.
    • Managing subscriptions or services tied to each account (e.g., billing, renewals, or upgrades).
    • Providing customer support and promptly addressing any issues or inquiries.
    • Fulfilling our contractual obligations and ensuring the smooth delivery of our products or services.

    We have carefully balanced these business needs against individuals’ privacy rights and concluded that our interest in securely and reliably operating user accounts does not override individuals’ rights and freedoms. We only use the data necessary for these purposes and implement robust security measures to protect it.

Our lawful bases for collecting or using personal information for information updates or marketing purposes are:

  • Consent: We have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Legitimate Interests: We’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
    • Keeping our customers and contacts informed about relevant news, product launches, and service enhancements that may benefit them.
    • Communicating in a way that aligns with their reasonable expectations, given their prior interactions with us.
    • Providing a straightforward way to opt out at any time, respecting individuals’ preferences and privacy rights.

    We rely on the soft opt-in exemption under PECR for sending email marketing to existing customers about similar products or services, ensuring we always provide a clear opt-out option at every communication.

Our lawful bases for collecting or using personal information to comply with legal requirements:

  • Legal Obligation: We have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

  • Contract: We have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legitimate Interests: We’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
    • Investigating the issue and verifying the person contacting us.
    • Providing timely support and resolutions, preserving a positive customer experience.
    • Maintaining proper records of interactions and outcomes for accountability.
    • Protecting our business reputation and ensuring continuous improvement.

    We have carefully considered and balanced these interests against individuals’ rights and freedoms. Our assessment confirms that responding to queries, complaints, or claims


Where we get personal information from

Directly from you:

  • When you voluntarily provide it (e.g., filling out forms, making a purchase).
  • When you interact with our services (e.g., contacting support, submitting feedback).
  • Through cookies or similar technologies (subject to consent). See our Cookie Policy for details.

How long we keep information

Data Retention Schedule

Account Information

  • Examples: Name, email, login credentials (hashed), profile details
  • Retention: 2 years after your last activity
  • Reason: Allows returning users to keep progress or purchase history, and helps resolve late-arising queries.

Payment and Transaction Records

  • Examples: Order history, invoices, transaction IDs
  • Retention: 6 to 10 years (per HMRC, VAT, or other accounting/legal obligations)
  • Reason: Required for legal and financial compliance (tax, audits, etc.).

Customer Support & Complaints

  • Examples: Support emails, chat transcripts, complaint records
  • Retention: 1 year after resolution
  • Reason: Ensures we can track follow-ups, verify solutions, and maintain accountability.

Marketing & Newsletter Data

  • Examples: Email addresses, marketing preferences
  • Retention: Until you unsubscribe or 2 years of inactivity
  • Reason: We keep you updated on relevant products/services but respect opt-outs.

Session / Event Recordings

  • Examples: Zoom calls, webinar recordings, private live sessions
  • Retention: Typically kept for up to 12 months, unless otherwise specified at the time of recording. However, we reserve the right to delete recordings earlier if we determine that secure storage cannot be maintained or if they are no longer required for their original purpose.
  • Reason: Allows participants to revisit content, enables dispute resolution, and provides replays where applicable, while ensuring that personal data is not retained longer than necessary.

Further Details: Once a retention period ends, we delete or anonymize data unless legally required to keep it longer. You can request earlier deletion by emailing norbert@ecolinguist.com. We will honor such requests unless we have a lawful reason to retain the data (e.g., a legal obligation).

Who we share information with

Data processors

LearnWorlds

  • Service Provided: Learning Management System (LMS) hosting
  • What They Do: Store and manage user accounts, course enrollments, progress data, etc.
  • Data Handled: Names, emails, user progress, course analytics


Stripe

  • Service Provided: Payment processing
  • What They Do: Handles card transactions, storing necessary payment info without revealing full card details to us.
  • Data Handled: Payment card tokens, billing addresses, transaction details


Others we share personal information with:

  • Organizations legally requiring data (e.g., law enforcement, regulators)
  • Publicly on our website, social media or other marketing and information media (e.g customers reviews)
  • Suppliers and service providers (e.g., hosting, IT support)
  • Independent Instructors or Guest Presenters (e.g to enable them running a show or a course)

Sharing information outside the UK

Where necessary, we may transfer personal information outside of the UK, ensuring UK GDPR safeguards are in place. Contact us if you need more details.

Who We Share Data With Outside the UK

Independent Instructors & Guest Presenters

  • Some of our courses, live sessions, or workshops are delivered by independent instructors or guest presenters located outside the UK.
  • They are granted limited access to personal data (such as participant names and email addresses) strictly for the purpose of providing their services.
  • They are contractually required to protect this information and may only use it for the intended purpose.
  • Transfers to the EEA are covered by UK Adequacy Regulations, while transfers to other countries (such as the USA or Brazil) rely on Standard Contractual Clauses (SCCs) + UK Addendum.

Partners Running Memberships Within Our Academy

  • We collaborate with external partners who have membership programs on our platform.
  • When you join one of these partner memberships, some of your personal data (such as account details and enrollment history) may be shared with the respective partner to enable course access, support, and engagement.
  • They are required to adhere to GDPR/UK GDPR standards and may process data only as needed for membership management.

Important: 
❗️ While we require independent instructors and guest presenters to follow strict data protection policies when processing your personal data within our platform, some instructors may operate their own websites, mailing lists, or communication channels.

If you choose to share personal data directly with an instructor outside of our platform, they are responsible for that data, and their own privacy policy applies. We do not control or take responsibility for how they process data independently.


Who our Data Processors Share Data With Outside the UK

Where necessary, our data processors may share personal information outside of the UK. When doing so, they comply with the UK GDPR, making sure appropriate safeguards are in place.

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.


LearnWorlds

  • Transfer Mechanism Relied On: The country or sector has a UK data bridge (Adequacy Regulations)
  • Organisation Name: LearnWorlds
  • Category of Recipient: Online learning platform / hosting provider
  • Country Personal Information is Sent To: Cyprus

Stripe

  • Transfer Mechanism Relied On: Addendum to the EU Standard Contractual Clauses (SCCs)
  • Organisation Name: Stripe
  • Category of Recipient: Payment processor
  • Country Personal Information is Sent To: United States

Quaderno

  • Transfer Mechanism Relied On: The country or sector has a UK data bridge (Adequacy Regulations)
  • Organisation Name: Quaderno
  • Category of Recipient: Tax compliance / invoicing solution
  • Country Personal Information is Sent To: Spain (EEA)

Google Workspace

  • Transfer Mechanism Relied On: Addendum to the EU Standard Contractual Clauses (SCCs)
  • Organisation Name: Google LLC (Google Workspace)
  • Category of Recipient: Email hosting & collaboration tools
  • Country Personal Information is Sent To: United States

Calendly

  • Transfer Mechanism Relied On: Addendum to the EU Standard Contractual Clauses (SCCs)
  • Organisation Name: Calendly
  • Category of Recipient: Scheduling / appointment service
  • Country Personal Information is Sent To: United States

Zoom

  • Transfer Mechanism Relied On: Addendum to the EU Standard Contractual Clauses (SCCs)
  • Organisation Name: Zoom Video Communications, Inc.
  • Category of Recipient: Video conferencing provider
  • Country Personal Information is Sent To: United States

Mailchimp

  • Transfer Mechanism Relied On: Addendum to the EU Standard Contractual Clauses (SCCs)
  • Organisation Name: The Rocket Science Group LLC (Mailchimp)
  • Category of Recipient: Email marketing & newsletter service
  • Country Personal Information is Sent To: United States

Zapier

  • Transfer Mechanism Relied On: Addendum to the EU Standard Contractual Clauses (SCCs)
  • Organisation Name: Zapier, Inc.
  • Category of Recipient: Process automation & integrations
  • Country Personal Information is Sent To: United States

How to complain

If you have concerns about our use of your personal data, you can complain to us using the contact details above.

If you remain unhappy after raising a complaint, you can also complain to the ICO.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint

Created with