This Policy explains when and why we collect personal information about people who visit our website and use our services, as well as how we use it, the conditions under which we may disclose it to others and how we keep it secure.

We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy. We display an opt-in/out message on our site when you first visit and we comply with GDPR.

Any questions regarding this Policy and our privacy practices should be sent by email to info@ocat.org.uk or by writing to OCAT, Ground Floor, Claremont Building, 24-27 White Lion Street, London N1 9PD, England.

Who are we?

We’re the Oxford College of Arts and Therapies Ltd, a leading provider of online training and education in the field of arts and therapies, based in England. Our registered company number is 08221850.

How do we collect information from you?

We obtain information about you when you use our website, for example, when you contact us about our services, subscribe to our newsletters, or purchase our services. The legal basis for us collecting, processing, retaining and deleting personal data is Legitimate Interests (the information is essential to us providing our services to customers and those voluntarily subscribing to information from us).

What type of information is collected from you?

The personal information we collect might include your name, address, email address, IP address, and information regarding what pages are accessed and when. It may also include information you have volunteered to us via our web enquiry form and via email to us. If you purchase a product from us, your card information is never held by us but collected by our third-party payment processors (currently a company called Stripe), who specialise in the secure online capture and processing of credit/debit card transactions, as explained below.

How is your information used?

We may use your information to:

  • process orders that you have submitted
  • to carry out our obligations arising from any contracts entered into by you and us
  • seek your views or comments on the services we provide
  • notify you of changes to our services
  • send you communications which you have requested and that may be of interest to you

We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information, such as sales data, to fulfil our statutory accounting obligations and this is currently a six year period in the UK. As our courses are available to customers on an on-going basis, we need to retain personal data, such as user name, email address, and course completion certificates indefinitely. However, we will contact all customers four years after their last purchase to ascertain if they would still like us to retain their data. If we do not hear back from a customer or if they tell us that they do not wish us to keep their data, we will delete it at that time.

Who has access to your information?

We will not sell or rent your information to third parties.

We will not share your information with third parties for marketing purposes.

Third Party Service Providers working on our behalf: We may pass your information to our third-party service providers, agents subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to process mailings and newsletters). However, when we use third-party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third-parties for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.

Third-Party Product Providers we work with at the moment are Stripe (for payment processing), and MailChimp and ConstantContact (for email and newsletter distribution).

We may transfer your personal information to a third-party as part of a sale of some or all of our business and assets to any third-party or as part of any business restructuring or reorganisation, or if we’re under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our customers. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.

Your choices

You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us then you can unsubscribe at any time, either by clicking the unsubscribe option given in every such communication from us or by replying to that email or writing a new email to us requesting you be unsubscribed.

We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent and asked for it. We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted. You can change your marketing preferences at any time by contacting us by email: info@ocat.org.uk.

We are registered with the Information Commissioners Office (UK) and you have the right to complain to them on matters relating to data protection.

How you can access and update your information

The accuracy of your information is important to us. If you change email address, or if any of the other information we hold is inaccurate or out of date, please email us at: info@ocat.org.ukor write to us at OCAT, Ground Floor, Claremont Building, 24-27 White Lion St, London N1 9PD, England.

You have the right to ask for a copy of the information we hold about you and we will supply this information to you in a timely manner.

Security precautions in place to protect the loss, misuse or alteration of your information

When you give us personal information, we take steps to ensure that it’s treated securely. Sensitive information such as credit or debit card details are supplied to Stripe from their order form embedded on our web site. As noted above, we never see or hold your card details. Our site and the communication of your data is protected by Secure Socket Layer (SSL) technology and encrypted using 128 bit encryption. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Google Chrome and Safari.

Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We enforce strong password use and have a number of world-class software products protecting our site from hacking and abuse and we make very regular backups to minimise the possibility of losing data.

Use of ‘cookies’

Like many other websites, our website uses cookies. ‘Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. For example, we use cookies to store your country preference. This helps us to improve our website and deliver a better more personalised service.

It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies on your computer, visit our full cookies policy. Turning cookies of may result in a loss of functionality when using our website.

Links to other websites

Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third party site.

Shortened Links in Social Media

This website and its owners through their social media platform accounts may share web links to relevant web pages. By default some social media platforms shorten lengthy URL’s [web addresses]. Users are advised to take caution and good judgement before clicking any shortened URL’s published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine URL’s are published, many social media platforms are prone to spam and hacking, and this website and its owners are not liable for any consequences caused by your visiting any shortened links.

18 or Under

We are concerned to protect the privacy of children aged 18 or under. If you are aged 18 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.

Transferring your information outside of Europe

As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.

If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.

Review of this Policy

We keep this Policy under regular review. This Policy was last updated on 11 December 2018.

Oxford College of Arts and Therapies Ltd, Ground Floor, Claremont Building, 24-27 White Lion Street, London N1 9PD, UK