Privacy Policy
Effective Date: 3 May 2025
Last Updated: 22 October 2025
Company Name: Artistic Touch Studio Ltd
Trading As: Artistic Touch – Nail Training Academy
Company Number: SC832165
Registered in: Scotland, United Kingdom
Based in: Dundee, Scotland, UK
Website: https://artistictouchnailacademy.com
Important Information
This Privacy Policy explains how Artistic Touch Studio Ltd (“we,” “us,” “our”) collects, uses, stores, and protects your personal information when you:
- Visit our website at https://artistictouchnailacademy.com
- Purchase or access our online courses and masterclasses
- Book in-person training sessions
- Create an account with us
- Contact us through our contact form
- Engage with us through email, social media, or other channels
- Use our services in any way
Please read this Privacy Policy carefully. By using our services, you agree to the collection and use of information in accordance with this policy.
This Privacy Policy operates in conjunction with our Terms and Conditions and Refund Policy. Together, these documents govern your relationship with Artistic Touch – Nail Training Academy.
Table of Contents
- Summary of Key Points
- What Information Do We Collect?
- How Do We Process Your Information?
- What Legal Bases Do We Rely On?
- When and With Whom Do We Share Your Information?
- Do We Use Cookies and Tracking Technologies?
- How Do We Handle Social Logins?
- Is Your Information Transferred Internationally?
- Data Retention and Record Keeping
- How Do We Keep Your Information Safe?
- Do We Collect Information From Minors?
- What Are Your Privacy Rights?
- Controls for Do-Not-Track Features
- Do United States Residents Have Specific Privacy Rights?
- Do Other Regions Have Specific Privacy Rights?
- Third-Party Plugins and Links
- Fraud Prevention, Security, and Misuse
- Account Termination and Data Deletion
- Legal Cooperation
- Do We Make Updates to This Policy?
- How Can You Contact Us About This Policy?
- How Can You Review, Update, or Delete Your Data?
1. Summary of Key Points
What personal information do we process?
When you visit, use, or navigate our services, we may process personal information depending on how you interact with us and the services, the choices you make, and the features you use.
Do we process any sensitive personal information?
We do not process sensitive personal information except where necessary for course delivery (e.g., health and safety information for certain practical courses).
Do we receive any information from third parties?
We may receive information from payment processors, social media platforms (if you use social login), and public databases.
How do we process your information?
We process your information to provide, improve, and administer our services, communicate with you, for security and fraud prevention, and to comply with law.
In what situations and with which parties do we share personal information?
We may share information with payment processors, course platforms, email service providers, analytics tools, and as required by law.
How do we keep your information safe?
We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission or storage is 100% secure.
What are your rights?
Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, delete, or object to processing.
How do you exercise your rights?
The easiest way to exercise your rights is to contact us through our contact form at https://artistictouchnailacademy.com/contact-us/
2. What Information Do We Collect?
Personal Information You Provide to Us
We collect personal information that you voluntarily provide to us when you:
- Register for an account
- Purchase a course or service
- Subscribe to our newsletter or marketing communications
- Fill out forms on our website
- Contact us through our contact form
- Apply for employment or submit qualification evidence
- Participate in surveys, contests, or promotions
- Engage with us on social media
- Request customer support
The personal information we collect may include:
Account and Profile Information:
- Full name
- Email address
- Username and password
- Profile photo (optional)
- Country of residence
- Telephone number (optional)
- Business name (if applicable)
- Social media handles (optional)
- Professional background (optional)
Payment Information:
- Billing address
- Payment card details (processed securely by third-party payment processors – we do NOT store full card details)
Course and Training Information:
- Course enrollment records
- Course progress and completion data
- Assessment results
- Certificates and qualifications earned
- Attendance records for in-person training
- Submitted coursework and assignments
Qualification Verification Information (for advanced courses):
- Copies of previous qualification certificates (ABT, VTCT, CIBTAC, etc.)
- Proof of professional insurance
- Portfolio evidence of professional work
- Documentation of relevant industry experience
Communication Records:
- Messages sent through our contact form
- Email correspondence with us
- Support ticket history
- Consultation notes
- Feedback and testimonials (with consent)
Marketing and Preferences:
- Marketing communication preferences
- Cookie consent preferences
- Newsletter subscription status
- Survey responses
All personal information provided must be true, complete, and accurate. You must notify us of any changes to such personal information.
Information Automatically Collected
When you visit our website, certain information is automatically collected about your device and browsing behavior. This information may include:
Log and Usage Data:
- IP address
- Browser type and version
- Operating system
- Pages visited and time spent on pages
- Referring website
- Date and time stamps of visits
- Clickstream data
- Search queries within our site
Device Data:
- Device type (computer, tablet, smartphone)
- Device ID
- Screen resolution
- Hardware model
- Internet service provider
- Mobile carrier (for mobile devices)
- Browser language settings
Location Data:
- Approximate location based on IP address
- Precise location (only if you grant permission)
- Country and city information
Course Platform Data:
- Video playback progress
- Quiz and assessment attempts
- Downloaded resources
- Time spent in courses
- Login frequency
- Feature usage patterns
This information is primarily needed to maintain the security and operation of our services, for troubleshooting, and for our internal analytics and reporting purposes.
Information Collected From Third Parties
We may receive information about you from:
Payment Processors:
- Transaction confirmation
- Payment method details (tokenized)
- Billing information
- Fraud risk assessment data
We use the following payment processors:
- Stripe: https://stripe.com/privacy
- PayPal: https://www.paypal.com/webapps/mpp/ua/privacy-full
- Apple Pay: https://www.apple.com/legal/privacy/
- Google Pay: https://policies.google.com/privacy
Social Media Platforms (if you use social login):
- Name
- Email address
- Profile picture
- Basic profile information
Platforms we may integrate with:
- Apple Sign-In
Analytics and Advertising Partners:
- Google Analytics (usage patterns, demographics)
- Facebook Pixel (conversion tracking)
- TikTok Pixel (ad performance)
3. How Do We Process Your Information?
We process your personal information for the following purposes:
Essential Service Delivery
To facilitate account creation and authentication
- Create and manage your user account
- Enable secure login
- Verify your identity
- Maintain account security
To deliver courses and training services
- Provide access to online course content
- Process in-person training bookings
- Track course progress and completion
- Issue certificates upon course completion
- Provide student support and feedback
To process payments and manage billing
- Process course purchases securely
- Generate invoices and receipts
- Handle refund requests
- Manage payment disputes
- Maintain financial records for tax compliance
Communication
To send administrative information
- Order confirmations and receipts
- Course access credentials
- Important updates about services
- Changes to terms, policies, or prices
- Account security alerts
- Technical support responses
To provide customer support
- Respond to inquiries and questions
- Troubleshoot technical issues
- Resolve complaints
- Process refund requests
- Provide guidance on course selection
To send marketing and promotional communications (with your consent)
- New course announcements
- Special offers and discounts
- Educational content and tips
- Newsletter and blog updates
- Event invitations
- Student success stories
You can opt out of marketing emails at any time using the unsubscribe link in any marketing email.
Business Operations and Improvement
To analyze usage and improve services
- Understand how students use our courses
- Identify popular content and features
- Improve course quality and structure
- Optimize website performance
- Develop new courses and features
To conduct research and development
- Analyze learning outcomes
- Test new teaching methods
- Develop improved assessment tools
- Research industry trends
To ensure quality and compliance
- Monitor course completion rates
- Collect and review student feedback
- Ensure ABT accreditation compliance
- Maintain professional standards
- Conduct quality assurance audits
Security and Legal Compliance
To protect our services and users
- Detect and prevent fraud
- Monitor for suspicious account activity
- Prevent course content piracy
- Enforce our Terms and Conditions
- Investigate violations and abuse
To comply with legal obligations
- Respond to legal requests and court orders
- Meet tax and financial reporting requirements
- Maintain records as required by law
- Cooperate with law enforcement
- Defend legal claims
To exercise and defend our legal rights
- Enforce contracts and agreements
- Protect intellectual property
- Respond to legal proceedings
- Investigate and prevent illegal activities
With Your Consent
We may process your information for additional purposes with your explicit consent, such as:
- Using your testimonial or success story in marketing
- Featuring your work in course examples
- Sharing your information with third-party partners
- Participating in research studies
You can withdraw your consent at any time by contacting us.
4. What Legal Bases Do We Rely On?
If you are in the UK or EU, we process your personal information under the following legal bases as defined by the UK GDPR and EU GDPR:
Consent
We may process your information when you have given us explicit permission for a specific purpose. You can withdraw your consent at any time.
Examples:
- Marketing communications
- Using your testimonial
- Optional cookies and tracking
Contract Performance
We process your personal information when necessary to fulfill our contractual obligations to you or to take steps at your request before entering into a contract.
Examples:
- Processing course purchases
- Providing course access
- Issuing certificates
- Customer support
Legitimate Interests
We may process your information when reasonably necessary to achieve our legitimate business interests, provided those interests do not outweigh your rights and freedoms.
Examples:
- Improving our courses and services
- Analyzing usage patterns
- Fraud prevention and security
- Marketing to existing customers
- Defending legal claims
- Business administration
Legal Obligations
We process your information where necessary to comply with legal requirements.
Examples:
- Tax and financial record keeping (6-7 years)
- Responding to legal requests
- Meeting accreditation requirements
- Consumer protection compliance
Vital Interests
We may process your information when necessary to protect someone’s life or prevent serious harm.
Examples:
- Medical emergencies during in-person training
- Safeguarding concerns
- Serious safety risks
If you are in Canada, we may process your information under the following circumstances as permitted by applicable law:
- With your consent
- For contract performance
- For legal obligations
- To protect vital interests
- Where collection is clearly in the individual’s interest and consent cannot be obtained timely
- For investigations and fraud detection
- For business transactions under certain conditions
- Where required by law or court order
5. When and With Whom Do We Share Your Information?
We may share your personal information in the following situations:
Service Providers and Business Partners
We share your information with third-party service providers who perform services on our behalf:
Course and Learning Platform Providers:
- Video hosting services
- Learning management systems (LMS)
- Assessment and quiz platforms
Payment Processors:
- Stripe
- PayPal
- Apple Pay
- Google Pay
Email and Communication Services:
- Email marketing platforms (for newsletters)
- Transactional email services
- SMS notification services (if applicable)
Analytics and Performance Monitoring:
- Google Analytics (website and course analytics)
- Hotjar or similar (user behavior analysis)
- Performance monitoring tools
Website and Infrastructure:
- Web hosting providers
- Content delivery networks (CDN)
- Cloud storage providers
- Security services
Marketing and Advertising:
- Google Ads
- Facebook Ads
- TikTok Ads
- Affiliate marketing partners
All third-party service providers are required to keep your personal information secure and use it only for the purposes we specify.
Business Transfers
We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or part of our business to another company. In such cases, you will be notified via email and/or prominent notice on our website of any change in ownership or use of your personal information.
Affiliates
We may share your information with our affiliates (companies we control or are under common control with us), who will honor this Privacy Policy.
Legal Requirements and Protection
We may disclose your information where legally required or permitted:
- To comply with applicable laws, regulations, or legal processes
- To respond to lawful requests from public authorities (e.g., law enforcement, courts)
- To enforce our Terms and Conditions and other agreements
- To protect our rights, property, or safety and that of our users
- To investigate fraud, security issues, or technical problems
- To prevent harm or illegal activities
With Your Consent
We may share your information for other purposes with your explicit consent, such as:
- Featuring your success story or testimonial
- Sharing your work as a course example
- Participating in case studies or research
- Partner collaborations or joint promotions
Public Information
Information you choose to make public (e.g., public forum posts, public profile information, social media interactions) may be visible to others and collected by third parties.
6. Do We Use Cookies and Tracking Technologies?
Yes, we use cookies and similar tracking technologies to collect and store information.
What Are Cookies?
Cookies are small text files placed on your device when you visit our website. They help us recognize you, remember your preferences, and provide a better user experience.
Types of Cookies We Use
Essential Cookies (Strictly Necessary):
- Required for the website to function properly
- Enable core features like security, authentication, and accessibility
- Cannot be disabled without breaking site functionality
Performance and Analytics Cookies:
- Help us understand how visitors use our site
- Track pages visited, time spent, and navigation patterns
- Collected data is aggregated and anonymous
- Used to improve website performance
Functional Cookies:
- Remember your preferences and choices
- Provide enhanced features and personalization
- Remember your login details
- Save your language preferences
Marketing and Advertising Cookies:
- Track your browsing across websites
- Build a profile of your interests
- Deliver relevant advertisements
- Measure ad campaign effectiveness
- Limit how many times you see an ad
Specific Technologies We Use
Google Analytics:
- Tracks website usage and visitor behavior
- Provides insights into demographics and interests
- Helps improve our website and content
- You can opt out: https://tools.google.com/dlpage/gaoptout
Facebook Pixel:
- Tracks conversions from Facebook ads
- Enables retargeting to visitors
- Measures ad effectiveness
TikTok Pixel:
- Tracks conversions from TikTok ads
- Enables retargeting campaigns
- Analyzes user behavior
Social Media Plugins: We use social media features like “Like” and “Share” buttons for:
- YouTube
- TikTok
- Twitter/X
These features may track your IP address, pages visited, and may set cookies. Your interactions are governed by the privacy policies of these platforms.
Managing Cookies
You can control cookies through:
- Your Browser Settings:
- Most browsers allow you to refuse or delete cookies
- You can usually find cookie settings in “Options” or “Preferences”
- Note: Disabling essential cookies may affect site functionality
- Cookie Consent Banner:
- Manage your preferences when you first visit our site
- Update preferences at any time through cookie settings
- Opt-Out Tools:
- Network Advertising Initiative: http://optout.networkadvertising.org/
- Google Ads Settings: https://adssettings.google.com/
- Facebook Ad Preferences: https://www.facebook.com/ads/preferences/
For full details about cookies we use, please see our Cookie Policy: https://artistictouchnailacademy.com/cookie-policy/
7. How Do We Handle Social Logins?
If you choose to register or log in using a social media account (Facebook, Google, Apple), we may access certain information from your social media profile.
Information We May Receive:
- Name
- Email address
- Profile picture
- Friends list or connections (if applicable)
- Other information you make public
Important:
- You control what information the social platform shares with us through your social media privacy settings
- We use this information only to create and manage your account
- We do not post to your social media without your permission
- You can disconnect social login at any time
8. Is Your Information Transferred Internationally?
Yes, your information may be transferred to, stored, and processed in countries other than your own.
Why International Transfers Occur
Our servers and service providers may be located in:
- United Kingdom
- European Union
- United States
- Other countries where our service providers operate
Data Protection Safeguards
When we transfer your data internationally, we ensure appropriate safeguards are in place:
For UK/EU to Other Countries:
- Standard Contractual Clauses (SCCs) approved by UK/EU authorities
- Adequacy decisions (where applicable)
- Service provider commitments to protect data
- Compliance with UK GDPR and EU GDPR
Data Protection Standards:
- All service providers must maintain adequate security measures
- Data is encrypted during transfer
- Access is restricted to authorized personnel only
- Regular security audits and assessments
Your Rights Remain Protected
Regardless of where your data is processed, you retain all rights under UK GDPR and applicable data protection laws.
9. Data Retention and Record Keeping
How Long We Keep Your Information
We only keep your personal information for as long as necessary for the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
Specific Retention Periods
Student Registration and Course Data: 7 years after course completion or account closure
Includes:
- Student registration information
- Course enrollment records
- Certification and qualification evidence
- Assessment results and training progress
- Attendance records for in-person sessions
Why we keep it:
- Legal requirement for educational records
- Insurance and liability protection
- Certification verification requests
- Professional standards compliance
- ABT accreditation requirements
Payment and Financial Records: 6 years
Includes:
- Payment transaction history
- Invoice records
- Refund documentation
- VAT records (if applicable)
- Financial statements
Why we keep it:
- UK tax law requirements (HMRC)
- Financial auditing purposes
- Dispute resolution
- Fraud prevention
Communication Records: Up to 7 years
Includes:
- Email correspondence
- Support ticket history
- Consultation notes
- Customer service interactions
- Feedback and complaints
Why we keep it:
- Customer service quality assurance
- Legal protection and dispute resolution
- Service improvement
- Contract enforcement
Qualification Verification Documents: 7 years
Includes:
- Copies of previous qualification certificates
- Proof of professional insurance
- Portfolio evidence
- Industry experience documentation
Why we keep it:
- Course prerequisite verification
- Professional standards compliance
- Insurance requirements
- Accreditation audit trail
Marketing and Consent Records: Until consent is withdrawn, then up to 2 years
Includes:
- Marketing opt-in/opt-out records
- Cookie consent preferences
- Communication preferences
- Newsletter subscription status
Why we keep it:
- GDPR compliance (proof of consent)
- Respecting your preferences
- Marketing law compliance
- Evidence of consent withdrawal
Website Analytics Data: Up to 26 months
Includes:
- Google Analytics data
- Usage statistics
- Anonymous browsing patterns
Why we keep it:
- Service improvement
- Understanding user behavior
- Website optimization
Safeguarding and Legal Records: Indefinitely (where required)
Includes:
- Records related to safeguarding concerns
- Legal proceedings documentation
- Serious incident reports
- Regulatory investigation materials
Why we keep it:
- Legal obligations
- Protection of vulnerable individuals
- Defense against legal claims
After Retention Periods End
Once retention periods expire and we have no legal obligation to retain your data, we will:
- Securely delete personal information from active systems
- Anonymize data used for statistical analysis (removing all identifying information)
- Destroy physical records using secure disposal methods (cross-cut shredding or certified destruction services)
Exceptions to Deletion
We may retain information longer than stated periods if:
- Required by law or court order
- Necessary for ongoing legal proceedings
- Needed to defend against legal claims
- Required for insurance purposes
- You request us to keep your information
- We have another lawful basis for retention
Your Rights Regarding Stored Data
Even during retention periods, you have rights including:
- Accessing your data
- Correcting inaccuracies
- Objecting to certain processing
- Requesting deletion (where legally permissible)
Note: Some data cannot be deleted during retention periods due to legal obligations (e.g., tax records, certification evidence, contract documentation).
10. How Do We Keep Your Information Safe?
We have implemented appropriate technical and organizational security measures to protect your personal information.
Technical Security Measures
Encryption:
- SSL/TLS encryption for all data transmitted to and from our website
- Encrypted storage for sensitive information
- End-to-end encryption for payment processing
Access Controls:
- Multi-factor authentication for admin accounts
- Role-based access control (staff access only what they need)
- Regular access reviews and audits
- Secure password requirements
Network Security:
- Firewalls and intrusion detection systems
- Regular security updates and patches
- Vulnerability scanning and penetration testing
- DDoS protection
Data Protection:
- Regular backups (encrypted and secure)
- Secure data centers with physical security
- Disaster recovery procedures
- Business continuity planning
Organizational Security Measures
Staff Training:
- Regular data protection training for all staff
- Confidentiality agreements
- Clear data handling procedures
- Security awareness programs
Policies and Procedures:
- Data protection policy
- Incident response plan
- Data breach notification procedures
- Third-party vendor assessment
Monitoring and Auditing:
- Regular security audits
- Access log monitoring
- Incident detection and response
- Compliance reviews
Payment Security
We do NOT store full payment card details. Payments are processed by:
- PCI DSS compliant payment processors
- Tokenization of card information
- Secure payment gateways
- Fraud detection systems
Important Security Notice
No method of transmission or storage is 100% secure. While we implement strong security measures, we cannot guarantee absolute security.
You can help protect your information by:
- Using a strong, unique password
- Not sharing your login credentials
- Logging out after using shared devices
- Keeping your contact information up to date
- Reporting suspicious activity immediately
Data Breach Response
In the unlikely event of a data breach affecting your personal information:
- We will assess the risk and impact
- Notify relevant authorities within 72 hours (if required by law)
- Notify affected users without undue delay
- Provide information about the breach and steps to protect yourself
- Take measures to prevent future breaches
11. Do We Collect Information From Minors?
No, we do not knowingly collect personal information from anyone under 18 years of age.
Age Restriction
Our services are intended for adults (18 years or older). By using our services, you represent that you are at least 18 years old.
If You Are a Parent or Guardian
If you believe your child under 18 has provided us with personal information, please contact us immediately at https://artistictouchnailacademy.com/contact-us/
We will:
- Delete the information as soon as possible
- Terminate the account
- Take steps to prevent future access by minors
Educational Purpose Only
Our courses are professional training programs designed for adults pursuing careers in the nail care industry. They are not suitable for children.
12. What Are Your Privacy Rights?
Depending on where you are located, you may have certain rights regarding your personal information.
Rights Under UK GDPR and EU GDPR
If you are in the UK or EU, you have the following rights:
Right of Access (Subject Access Request)
- Request a copy of all personal information we hold about you
- Understand how we use your information
- Receive information about data sharing
Right to Rectification
- Correct inaccurate or incomplete information
- Update your personal details
- Ensure data accuracy
Right to Erasure (“Right to be Forgotten”)
- Request deletion of your personal information
- Subject to legal retention obligations
- May not apply if we have legitimate grounds to retain data
Right to Restrict Processing
- Limit how we use your information
- Temporarily suspend processing
- Challenge accuracy or lawfulness
Right to Data Portability
- Receive your data in a structured, machine-readable format
- Transfer your data to another service provider
- Applies to data provided under consent or contract
Right to Object
- Object to processing based on legitimate interests
- Object to direct marketing (including profiling)
- Opt out of automated decision-making
Right to Withdraw Consent
- Withdraw consent at any time (where processing is based on consent)
- Does not affect lawfulness of processing before withdrawal
- May affect our ability to provide certain services
Right to Lodge a Complaint
- File a complaint with your supervisory authority
- UK: Information Commissioner’s Office (ICO) – https://ico.org.uk/make-a-complaint/
- EU: Your national data protection authority – https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
How to Exercise Your Rights
To exercise any of these rights:
- Contact us through our contact form at https://artistictouchnailacademy.com/contact-us/
- Clearly state which right you wish to exercise
- Provide sufficient information to verify your identity
- We will respond within 30 days (or 60 days for complex requests)
We will never charge a fee for exercising your rights, unless your request is clearly unfounded or excessive.
Account Information Management
You can also:
- Log in to your account and update your information
- Adjust your privacy and communication preferences
- Download your course completion certificates
- Manage your email subscriptions
Limitations on Rights
In some cases, we may not be able to fulfill your request if:
- We have a legal obligation to retain the information
- The information is necessary for legal claims
- Processing is necessary for public interest
- Your request is manifestly unfounded or excessive
13. Controls for Do-Not-Track Features
Most web browsers and mobile devices include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference.
Current Status:
No uniform technology standard for recognizing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or similar mechanisms that automatically indicate your choice not to be tracked online.
Alternative Privacy Controls:
- Manage cookies through your browser settings
- Use our cookie consent preferences
- Opt out of specific tracking services
- Adjust privacy settings in your account
If a standard for online tracking is adopted in the future, we will update our practices accordingly.
14. Do United States Residents Have Specific Privacy Rights?
Yes, residents of certain US states have additional privacy rights.
State-Specific Privacy Laws
We comply with privacy laws in:
- California – California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
- Virginia – Virginia Consumer Data Protection Act (VCDPA)
- Colorado – Colorado Privacy Act (CPA)
- Connecticut – Connecticut Data Privacy Act (CTDPA)
- Utah – Utah Consumer Privacy Act (UCPA)
- Other states with comprehensive privacy laws
Categories of Personal Information We Collect
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Name, email, postal address, phone number, IP address, account name | Yes |
| B. Personal information (CA Customer Records statute) | Name, contact information, education, employment history, financial information | Yes |
| C. Protected classification characteristics | Age, gender (optional demographic data) | Yes |
| D. Commercial information | Purchase history, transaction records, course enrollments | Yes |
| E. Biometric information | None | No |
| F. Internet/network activity | Browsing history, search history, interaction with website | Yes |
| G. Geolocation data | Approximate location based on IP address | Yes |
| H. Sensory data | None (no audio/video recording of users) | No |
| I. Professional/employment information | Job title, work history, professional qualifications | Yes |
| J. Education information | Student records, course progress, certifications | Yes |
| K. Inferences | Preferences, characteristics, behavioral profiles | Yes |
How We Use Personal Information
We collect and use personal information for business purposes including:
- Providing and improving our services
- Processing transactions
- Customer support
- Marketing and advertising (with opt-out rights)
- Security and fraud prevention
- Legal compliance
Sharing Personal Information
We share personal information with:
- Service providers (payment processors, email services, analytics)
- Business partners (affiliate marketers)
- Legal authorities (when required by law)
We do NOT sell your personal information.
Your Rights (US State Residents)
Depending on your state, you may have rights to:
Right to Know
- Request disclosure of personal information collected
- Request categories and specific pieces of data
- Understand sources, purposes, and sharing practices
Right to Delete
- Request deletion of personal information
- Subject to legal exceptions
Right to Correct
- Request correction of inaccurate information
- Update outdated records
Right to Opt-Out
- Opt out of sale or sharing of personal information (we don’t sell data)
- Opt out of targeted advertising
- Opt out of automated decision-making (profiling)
Right to Non-Discrimination
- Equal service and pricing
- No retaliation for exercising rights
Right to Limit Use of Sensitive Personal Information
- Limit use of sensitive data (where applicable)
How to Exercise Your Rights
Submit a Request:
- Contact form: https://artistictouchnailacademy.com/contact-us/
- Email us through the contact form
- Clearly state your request and provide necessary information
Verification Process: We will verify your identity by:
- Matching information you provide with our records
- Requesting additional information if needed
- Confirming email address or account details
Response Time:
- We will respond within 45 days
- May extend by additional 45 days for complex requests
Authorized Agents: You may designate an authorized agent to make requests on your behalf:
- Provide written authorization
- Verify the agent’s authority
- You may need to verify your identity directly
Appeals (Where Applicable)
If we deny your request, you may appeal by:
- Contacting us through our contact form
- Explaining why you believe our decision was incorrect
- We will review and respond within required timeframes
California “Shine the Light” Law
California residents may request information about disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.
15. Do Other Regions Have Specific Privacy Rights?
Canada
If you are in Canada, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy laws.
Your Rights:
- Right to access personal information
- Right to correct inaccurate information
- Right to withdraw consent
- Right to file a complaint with the Privacy Commissioner of Canada
Contact:
Office of the Privacy Commissioner of Canada – https://www.priv.gc.ca/
Australia
If you are in Australia, we comply with the Privacy Act 1988 and Australian Privacy Principles (APPs).
Your Rights:
- Right to access personal information
- Right to correct information
- Right to complain to the Office of the Australian Information Commissioner (OAIC)
Contact:
Office of the Australian Information Commissioner – https://www.oaic.gov.au/
Switzerland
If you are in Switzerland, we comply with the Swiss Federal Act on Data Protection (FADP).
Your Rights:
- Right to access personal information
- Right to correction and deletion
- Right to object to processing
- Right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC)
Contact:
Federal Data Protection and Information Commissioner – https://www.edoeb.admin.ch/
Other Countries
If you are located in a country not specifically mentioned, you may still have rights under local data protection laws. Contact us to understand your rights and how we protect your information.
16. Third-Party Plugins and Links
Third-Party Websites and Services
Our website may contain links to third-party websites, applications, or services that are not operated by us.
Important Notice:
- We have no control over third-party content or practices
- We are not responsible for their privacy policies
- Their terms and privacy policies apply when you visit their sites
- We do not endorse or make representations about third-party sites
Examples of third-party links:
- Payment processor websites
- Social media platforms
- Partner websites
- Educational resources
- Product vendors
- Blog references
We encourage you to review the privacy policy of every site you visit.
Social Media Plugins
We use social media features and widgets including:
- Facebook Like and Share buttons
- Instagram embeds
- YouTube video embeds
- Pinterest Pin buttons
- TikTok embeds
- LinkedIn Share buttons
- Twitter/X Share buttons
How These Work:
- These features may collect your IP address and track pages you visit
- They may set cookies to enable functionality
- Your interactions are governed by the privacy policy of the social media company
- If you are logged into a social platform and interact with our plugins, your activity may be recorded to your profile
To Avoid Tracking:
- Log out of social media platforms before visiting our site
- Use browser privacy settings
- Review and adjust social media privacy settings
Embedded Content
We may embed third-party content such as:
- YouTube videos
- Google Maps
- Survey tools
- Calendar booking widgets
These embedded services may collect data about your interaction. Refer to their respective privacy policies for details.
17. Fraud Prevention, Security, and Misuse
We take fraud prevention and security seriously to protect our services, our business, and our users.
Fraud Detection and Prevention
We monitor for:
- Suspicious account activity
- Multiple accounts from the same user
- Unusual payment patterns
- Course content piracy and unauthorized sharing
- Account credential sharing
- Fraudulent chargebacks
- Identity theft
Detection Methods:
- IP address monitoring
- Device fingerprinting
- Behavioral analysis
- Payment verification
- Account activity patterns
- Login location tracking
Security Monitoring
We actively monitor for:
- Unauthorized access attempts
- Brute force attacks
- SQL injection attempts
- Cross-site scripting (XSS)
- Malware and viruses
- DDoS attacks
Misuse Prevention
Prohibited Activities We Monitor:
- Violation of Terms and Conditions
- Copyright infringement (downloading and redistributing course content)
- Account sharing or credential selling
- Spamming or harassment
- Automated scraping or bot activity
- Attempting to circumvent security measures
Actions We May Take
If we detect fraud, security threats, or misuse:
- Suspend or terminate accounts immediately
- Require additional verification
- Report to law enforcement
- Pursue legal action
- Ban IP addresses or devices
- Block payment methods
Important: Fraudulent chargebacks or payment disputes will result in immediate account termination and may be reported to authorities.
Your Responsibility
You must:
- Keep your login credentials secure
- Report suspicious activity immediately
- Not share your account with others
- Use our services only for lawful purposes
- Respect intellectual property rights
- Comply with our Terms and Conditions
Report Security Concerns: If you suspect fraud, a security breach, or misuse, contact us immediately through our contact form.
18. Account Termination and Data Deletion
Voluntary Account Closure
You can close your account at any time by:
- Contacting us through our contact form at https://artistictouchnailacademy.com/contact-us/
- Requesting account closure and deletion
- Following any account closure procedures in your account settings
What Happens When Your Account Is Closed
Immediately:
- Your access to courses will be terminated
- You will no longer receive emails from us (except administrative)
- Your account will be deactivated
Data Handling:
- Some personal information will be deleted immediately
- Other information will be retained according to our retention schedule (Section 9)
- Financial records retained for 6 years (tax law requirement)
- Course records retained for 7 years (insurance and certification verification)
- Anonymized data may be retained for statistical purposes
Account Termination by Us
We may terminate your account if:
- You violate our Terms and Conditions
- You engage in fraudulent activity
- You share course content or account access
- You abuse or harass staff or other students
- Your account shows signs of security compromise
- As required by law
Effect of Termination:
- Immediate loss of access to all courses
- No refund (except as required by law)
- Outstanding payments remain due
- Certificates already issued remain valid (unless revoked for misconduct)
Right to Erasure (GDPR)
Under UK GDPR, you have the right to request deletion of your personal information. However, this right is not absolute.
We may refuse deletion if:
- Required to retain data by law (tax, financial, educational records)
- Needed for legal claims or defense
- Necessary for public interest
- Required for contract performance
- Within statutory retention periods
To Request Deletion: Contact us through our contact form and specify what information you want deleted. We will assess your request and respond within 30 days.
19. Legal Cooperation
Cooperation with Law Enforcement
We may disclose your personal information to law enforcement, government officials, or other third parties when:
Required by Law:
- Court orders, subpoenas, or warrants
- Legal processes or regulatory requirements
- Government investigations
- Tax authority requests
To Protect Rights and Safety:
- Enforce our Terms and Conditions
- Protect our legal rights
- Investigate fraud or security incidents
- Prevent harm to individuals
- Respond to emergencies
Legal Proceedings:
- Defend against legal claims
- Participate in litigation
- Comply with discovery requests
- Provide evidence as required
Transparency
Where legally permitted, we will:
- Notify you of legal requests for your information
- Provide you with a copy of the request
- Give you an opportunity to challenge the request
- Limit disclosure to what is legally required
Data Disclosure Limits
We will only disclose the minimum amount of information necessary to comply with legal obligations.
20. Do We Make Updates to This Policy?
Yes, we may update this Privacy Policy from time to time to reflect changes in:
- Our practices
- Legal requirements
- Technology
- Business operations
- Industry standards
How We Notify You of Changes
For Material Changes:
- Email notification to registered users at least 30 days before effective date
- Prominent notice on our website
- Pop-up notification when you log in
- Updated “Last Updated” date at the top
For Non-Material Changes:
- Update the “Last Updated” date
- Publish revised policy on website
- No individual notification required
Your Responsibility
You should:
- Review this Privacy Policy periodically
- Check for updates when you use our services
- Ensure your contact information is current
- Contact us if you have questions about changes
Continued Use Equals Acceptance
Your continued use of our services after changes take effect constitutes acceptance of the revised Privacy Policy.
If you do not agree with changes:
- Discontinue use of our services
- Contact us to close your account
- Exercise your data deletion rights (where applicable)
21. How Can You Contact Us About This Policy?
If you have questions, comments, or concerns about this Privacy Policy or our data practices, please contact us:
Primary Contact Method:
Contact Form: https://artistictouchnailacademy.com/contact-us/
Company Information:
Artistic Touch Studio Ltd
Trading As: Artistic Touch – Nail Training Academy
Company Number: SC832165
Registered in: Scotland, United Kingdom
Based in: Dundee, Scotland, UK
Website: https://artistictouchnailacademy.com
Response Time:
We aim to respond to all privacy inquiries within 5 business days.
For Data Protection Inquiries:
- Use our contact form
- Specify “Data Protection” or “Privacy” in your message
- Provide your name and registered email address
- Clearly describe your inquiry or concern
For Complaints:
- Try to resolve the issue with us first
- If unsatisfied, you can contact your supervisory authority:
- UK: Information Commissioner’s Office (ICO) – https://ico.org.uk/
- EU: Your national data protection authority
- US: Your state attorney general or consumer protection office
- Canada: Office of the Privacy Commissioner
- Australia: Office of the Australian Information Commissioner
Related Policies:
Terms and Conditions: https://artistictouchnailacademy.com/terms-and-conditions/
Refund Policy: https://artistictouchnailacademy.com/refund-policy/
Cookie Policy: https://artistictouchnailacademy.com/cookie-policy/
22. How Can You Review, Update, or Delete Your Data?
You have several options to access, update, or delete your personal information.
Review Your Information
To access your data:
- Log in to your account
- View your profile and account settings
- Review your course enrollment history
- Download your certificates
To request a full copy of your data:
- Contact us through our contact form
- Request a Subject Access Request (SAR)
- We will provide your data within 30 days
- Data will be provided in a portable format (CSV, PDF, or JSON)
Update Your Information
You can update:
- Name and contact details
- Email address
- Password
- Marketing preferences
- Communication settings
How to update:
- Log in to your account
- Go to Account Settings
- Edit the relevant information
- Save changes
Or contact us through our contact form if you cannot update information yourself.
Delete Your Data
To request deletion:
- Contact us through our contact form
- Request “Right to Erasure” or “Account Deletion”
- Specify what information you want deleted
- We will assess your request within 30 days
Important Limitations:
- Some data must be retained by law (6-7 years for financial and educational records)
- Data needed for legal claims cannot be deleted
- Anonymized data may be retained for statistics
Correct Inaccurate Information
If you believe we have inaccurate information about you:
- Contact us through our contact form
- Specify what information is incorrect
- Provide correct information
- We will update our records and notify you
Export Your Data (Data Portability)
You can request a copy of your data in a machine-readable format:
- Contact us through our contact form
- Request “Data Portability”
- Specify what data you need
- We will provide data in CSV, JSON, or PDF format
Consent to This Privacy Policy
By using our services, you consent to:
- The collection and use of information as described in this Privacy Policy
- The transfer of information to countries outside your own
- The use of cookies and tracking technologies (subject to your cookie preferences)
- Communication from us regarding your account and services
You can withdraw consent at any time by:
- Contacting us to close your account
- Opting out of marketing communications
- Adjusting your cookie preferences
- Exercising your data protection rights
Additional Information for Specific Users
Students Under Accreditation Programs
If you are enrolled in an ABT-accredited course:
- Additional information may be shared with the accrediting body
- Your certification records will be maintained according to accreditation requirements
- ABT may audit our records for quality assurance
- Your consent is required for accreditation-related data sharing
In-Person Training Participants
If you attend in-person training:
- We may collect health and safety information
- Attendance records are maintained for certification purposes
- Photos or videos may be taken for educational purposes (with consent)
- Emergency contact information may be collected
Business or Corporate Accounts
If you purchase on behalf of a business:
- Business information will be processed for invoicing
- Multiple user accounts may be linked to your organization
- Usage reports may be provided to account administrators
- Additional contractual terms may apply
Glossary of Terms
Personal Information / Personal Data: Any information that identifies or can be used to identify an individual.
Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
Data Controller: The entity that determines the purposes and means of processing personal data (Artistic Touch Studio Ltd).
Data Processor: A third party that processes personal data on behalf of the data controller (e.g., payment processors, email services).
Consent: Freely given, specific, informed agreement to the processing of personal data.
GDPR: General Data Protection Regulation – EU and UK data protection law.
Subject Access Request (SAR): A formal request to access personal data held by an organization.
Data Breach: Unauthorized or unlawful access, loss, or disclosure of personal data.
Anonymization: The process of removing identifying information so that individuals cannot be identified.
Pseudonymization: Processing data so that it can no longer be attributed to a specific individual without additional information.
Document Control
Version: 2.0
Effective Date: 3 May 2025
Last Updated: 22 October 2025
Next Review Date: 22 April 2026 (6 months)
Document Owner: Artistic Touch Studio Ltd
Approved By: Radina Ignatova, Founder & Lead Educator
Thank you for trusting Artistic Touch – Nail Training Academy with your personal information. We are committed to protecting your privacy and using your data responsibly.
END OF PRIVACY POLICY