Privacy Policy

Last updated: 04 March 2026

  1. Introduction

    arcX Training Ltd ("arcX", "we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains what information we collect when you use our website at https://arcx.io or our training platform, why we collect it, how we use it, and your rights in relation to it.

    If you have any questions about this policy or how we handle your personal data, please contact us at [email protected].

  2. Who We Are

    arcX Training Ltd is the Data Controller for personal data collected via this website and our training platform. This means we determine the purposes and means of processing your personal data and are responsible for ensuring it is handled lawfully.

    For all data protection enquiries, including subject access requests and deletion requests, please contact us at [email protected].

  3. What Information Do We Collect?

    When you use our website or training platform, we collect several types of personal data to provide you with our services and improve your learning experience.

    We collect the following types of personal data:

    • Account information: name, email address, and password when you register.
    • Profile information: any additional details you choose to provide, such as job title or organisation.
    • Payment information: processed securely by our payment provider (we do not store card details).
    • Usage data: course progress, completion records, and platform interactions.
    • Technical data: IP address, browser type, device information, and cookies.

    All data collection is limited to what is necessary to deliver our training services, maintain platform security, and comply with legal obligations. We never sell your personal data to third parties.

  4. How We Use Your Information and Our Legal Basis

    We only process your personal data where we have a lawful basis to do so under the UK GDPR and Data Protection Act 2018.

    Our lawful bases for processing include:

    • Creating and managing your account; delivering training services: legal basis is performance of a contract (Art. 6(1)(b) UK GDPR).
    • Sending marketing communications: legal basis is your consent (Art. 6(1)(a) UK GDPR), which you can withdraw at any time.
    • Analysing website usage to improve our services: legal basis is legitimate interests (Art. 6(1)(f) UK GDPR).
    • Issuing certificates and verifying credentials: legal basis is performance of a contract.

    Where we rely on legitimate interests, we have carefully balanced our business needs against your rights and freedoms. You have the right to object to processing based on legitimate interests at any time.

  5. Cookies

    We use cookies and similar technologies to operate our website and, where you have consented, to analyse usage.

    1. Strictly Necessary Cookies

      Required for the website to function properly. These cookies enable core functionality such as security, network management, and accessibility. These cannot be disabled as the platform would not work without them.

    2. Analytics Cookies

      Used to understand how visitors interact with the site. These are only set with your prior consent and help us improve the user experience based on real usage patterns.

    3. Managing Cookie Preferences

      When you first visit our website, you will be asked to accept or decline non-essential cookies via our cookie consent banner. You can change your preferences at any time by clicking the cookie settings link in the footer of any page.

  6. Platform Analytics

    We collect usage data to improve your learning experience and the performance of our platform. This includes how you navigate courses, feature usage, and general platform interaction. This data is processed under our legitimate interest in improving our services. We do not share this data with third parties or use it for advertising.

    All analytics data is collected using our bespoke internal analytics tool. We do not use third-party analytics providers. You can opt out of analytics tracking by declining analytics cookies via our cookie consent banner.

  7. Who Do We Share Your Data With?

    We may share your personal data with trusted third parties who help us deliver our services. These include payment processors (to handle secure transactions), email service providers (to send course updates and communications), and cloud hosting providers (to store platform data securely).

    We ensure all third parties are bound by appropriate data processing agreements that require them to protect your personal data and use it only for the purposes we specify. We never sell your personal data to third parties for marketing purposes.

    In certain circumstances, we may be required to disclose your personal data to comply with legal obligations, such as responding to court orders or regulatory requests.

  8. How Long Do We Keep Your Data?

    We retain your personal data for as long as your account is active or as needed to provide our services. This ensures you can access your course history, certificates, and progress records whenever you need them.

    If you close your account, we will delete or anonymise your personal data within 30 days, except where we are required by law to retain it (for example, financial records for tax purposes or legal compliance). You can request account closure and data deletion at any time by contacting [email protected].

  9. Your Rights Under UK GDPR

    As a data subject under the UK GDPR, you have comprehensive rights over your personal data. To exercise any of them, please contact us at [email protected]. We will respond within one month.

    1. Right of Access

      You can request a copy of the personal data we hold about you, including details of how we process it.

    2. Right to Rectification

      You can ask us to correct inaccurate or incomplete data to ensure your records are up to date.

    3. Right to Erasure

      You can ask us to delete your personal data in certain circumstances, such as when it is no longer necessary.

    4. Right to Restrict Processing

      You can ask us to limit how we use your data whilst we investigate a concern you have raised.

    5. Right to Data Portability

      You can request your data in a structured, machine-readable format to transfer to another service.

    6. Right to Object

      You can object to processing based on legitimate interests or direct marketing at any time.

    7. How to Submit a Data Request

      To exercise any of your data protection rights, send an email to [email protected] with details of your request. We will verify your identity and respond within one month. There is no charge for most requests, though we may charge a reasonable fee for excessive or repetitive requests.

  10. Changes to This Privacy Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features. When we make significant changes, we will notify you via email or through a prominent notice on our website.

    The latest version will always be available on this page, with the "last updated" date clearly displayed at the top. We encourage you to review this policy periodically to stay informed about how we protect your personal data.

    If you have questions about this policy or any updates, please contact us at [email protected].