Last updated: 11 May 2026
Privacy Policy
What personal data we collect, how we use it, and your rights under UK GDPR.
1. Who we are
Law Academia UK Ltd (“we”, “us”, “our”) is the data controller for personal data we collect about
you. We are registered in England and Wales (Company No. [pending]). Our registered office is at
33 Cannon Street, London EC4M 5SB.
This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and
your rights under UK GDPR.
2. What data we collect
We collect:
Identity data: first name, last name, date of birth, and (for verification) a government-issued ID
photo at enrolment.
Contact data: email address, phone number, postal address.
Financial data: billing address and payment processor reference. We do not store full card
details — payments are processed via Stripe.
Programme data: your enrolment, progress, mock scores, workshop attendance, faculty
correspondence.
Technical data: IP address, browser type, device identifiers, time zone, login times.
Marketing data: your preferences for receiving marketing from us.
3. How we use it
We process your data for the following purposes, on the lawful bases stated:
To deliver our services — contract performance.
To process payments — contract performance.
To send essential cohort communications — contract performance.
To send marketing emails — consent (opt-out at any time).
To detect fraud and protect intellectual property — legitimate interests.
To comply with legal obligations — legal obligation.
4. Who we share it with
We share your data with:
Stripe (payment processing) — based in Ireland and the United States, with appropriate
transfer safeguards.
Our email service provider for transactional and marketing emails.
Our video conferencing provider for live workshops.
Faculty members who teach your cohort, for the purposes of delivering education and
feedback.
HMRC and other authorities where required by law.
We do not sell your personal data to third parties under any circumstances.
5. How long we keep it
We retain your data for the duration of your enrolment plus seven years after your last interaction
with us, to meet our legal obligations (tax records, complaints, regulatory enquiries). Marketing
data is held until you opt out.
6. Your rights
Under UK GDPR you have the right to:
Access your personal data.
Request correction of inaccurate data.
Request erasure of your data (where applicable).
Object to processing on legitimate-interests grounds..
Request restriction of processing.
Request portability of your data.
Withdraw consent at any time (where consent is the lawful basis).
Lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.
To exercise any of these rights, email privacy@lawacademia.co.uk. We respond within 30 days.
7. International transfers
Some of our service providers process data outside the UK. Where this occurs, we use standard
contractual clauses (or equivalent UK-approved safeguards) to ensure your data receives
equivalent protection to UK GDPR.
8. Security
We use industry-standard encryption (TLS in transit, AES-256 at rest), access controls, and regular
security audits. No system is perfectly secure — if we become aware of a breach affecting your
data, we will notify you and the ICO in line with our legal obligations.
9. Changes
We may update this Privacy Policy from time to time. Material changes will be communicated to
enrolled students by email.