Internet Business School LLP
Online Privacy Policy
Last updated: March 2026 · UK GDPR · DPA 2018 · DUAA 2025
Contents
- Introduction
- Data Protection Enquiries
- What Data We Collect
- Legal Basis for Processing
- How We Collect Your Data
- Credit Reference Checks
- How We Use Your Data
- Marketing Communications
- Disclosures of Your Data
- International Transfers
- Data Security
- Data Retention
- Your Rights
- Provision of Personal Data
- Automated Decision-Making
- Cookies
- Children’s Data Protection
- How to Make a Complaint
- Third-Party Links
- Changes to This Policy
1. Introduction
This privacy notice provides you with details of how we collect and process your personal data through your use of our site https://internetbusinessschool.co.uk, including any information you may provide when you purchase a product or service, subscribe to a webinar, sign up to our newsletter, or take part in a survey, prize draw, or competition.
By providing us with your data, you warrant to us that you are over 13 years of age.
Internet Business School LLP is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice). We own and operate a secondary limited company called Education By Experts Ltd — data is shared and managed equally between the two entities.
Contact Details
- Full legal name: Internet Business School LLP
- Address: Ross Enterprise Centre, Ross Way, Folkestone, Kent, CT20 3UJ
- Email: [email protected]
- Telephone: +44 (0) 1233 226222
- ICO Registration Number: ZA460416
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO). Please see Section 18 for our full complaints procedure.
Please contact us at [email protected] if your personal information changes so that our records remain accurate and up to date.
2. Data Protection Enquiries
We do not have a formally appointed Data Protection Officer. If you have any questions about this privacy policy or how we handle your personal data, please contact us directly at [email protected].
3. What Data Do We Collect About You
Personal data means any information capable of identifying an individual. It does not include anonymised data. We may process the following types of personal data about you:
- Identity Data — first name, last name, username, title, gender
- Contact Data — billing address, delivery address, email address and telephone numbers
- Financial Data — bank account and payment card details
- Transaction Data — details about payments and purchases made by you
- Technical Data — login data, IP addresses, browser type and version, time zone, operating system and other technology on devices used to access this site
- Profile Data — username and password, purchases or orders, interests, preferences, feedback and survey responses
- Usage Data — information about how you use our website, products and services
- Marketing and Communications Data — your preferences in receiving marketing communications from us and third parties
- Credit and Identity Data — where required for finance applications, data relating to your identity, credit commitments, payment history and public record information obtained via credit reference agencies
We do not collect any Sensitive Data (such as data about race or ethnicity, religious beliefs, sex life, sexual orientation, political opinions, trade union membership, health, genetic or biometric data) without your explicit consent.
4. Legal Basis for Processing Personal Data
Personal data is processed in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025 (DUAA). Depending on the activity, we rely on the following lawful bases:
- Performance of a contract — where processing is necessary to deliver services or meet contractual obligations, including obligations involving TransUnion.
- Legal obligation — where processing is required to comply with applicable laws, regulatory requirements, or statutory obligations.
- Legitimate interests — where processing is necessary for legitimate business purposes such as system security, fraud prevention, risk management, audit, and compliance, and where such interests do not override the rights and freedoms of individuals. Where we rely on legitimate interests, we conduct a Legitimate Interests Assessment (LIA) to ensure processing is proportionate.
- Recognised legitimate interests (DUAA 2025) — the Data (Use and Access) Act 2025 introduced a new lawful basis of ‘recognised legitimate interests’ for certain specified purposes, such as crime prevention and fraud detection, where no separate balancing test is required.
- Consent — where required by law, and where individuals have been provided with a clear choice and the ability to withdraw consent at any time without detriment.
Our Legitimate Interests Our legitimate interests include operating our business, fulfilling contractual obligations, ensuring system and data security, preventing fraud, supporting audit and compliance activities, and protecting TransUnion data. These interests are balanced against the rights and freedoms of individuals, with appropriate safeguards in place.
5. How We Collect Your Personal Data
We collect data about you through a variety of methods including:
- Direct interactions — forms on our site, post, phone, email, including when you order products or services, create an account, subscribe to publications, request resources, enter competitions, or give us feedback.
- Automated technologies — as you use our site, we automatically collect Technical Data via cookies, server logs and similar technologies. Please see our cookie policy.
- Third parties and public sources — including analytics providers (e.g. Google), advertising networks, search information providers, payment service providers (e.g. Stripe), data brokers, publicly available sources (e.g. Companies House, Electoral Register), and credit reference agencies.
Source of Personal Data
We may collect personal data about you from:
- You directly
- Employers or clients when you apply for a role or are considered for an opportunity
- Referees (where relevant and permitted)
- Publicly available sources (for example, professional networking sites, business websites, and public records)
- Credit reference agencies (CRAs) where required for consumer credit, identity, or affordability checks
- Third-party service providers used to support recruitment, screening, and compliance processes
6. Credit Reference and Affordability Checks
To help us assess applications, prevent fraud, and meet our legal and regulatory obligations, we may obtain information about you from credit reference agencies (CRAs). We obtain this information via Creditsafe, which uses its data partner TransUnion to supply consumer credit and identity data.
Creditsafe Business Solutions Limited Authorised and regulated by the Financial Conduct Authority
FCA Firm Reference Number: 742313 Transparency Notice ↗
FCA Firm Reference Number: 742313 Transparency Notice ↗
TransUnion International UK Limited Authorised and regulated by the Financial Conduct Authority
FCA Firm Reference Number: 805757 CRAIN ↗ Bureau Privacy Notice ↗
FCA Firm Reference Number: 805757 CRAIN ↗ Bureau Privacy Notice ↗
The information we receive may include data relating to your identity, credit commitments, payment history, and public record information. This data is used solely for legitimate business purposes, including creditworthiness assessment, identity verification, and fraud prevention, in accordance with applicable data protection laws.
7. How We Use Your Personal Data
We will only use your personal data when legally permitted. The table below describes the purposes for which we use your data and the lawful basis for doing so.
| Purpose / Activity | Type of Data | Lawful Basis |
|---|---|---|
| Register you as a new customer | Identity, Contact | Performance of a contract |
| Process and deliver your order; manage payments | Identity, Contact, Financial, Transaction | Performance of a contract; Legitimate interests (debt recovery) |
| Manage our relationship; notify changes; request reviews | Identity, Contact, Profile, Marketing | Performance of a contract; Legal obligation; Legitimate interests |
| Enable participation in competitions or surveys | Identity, Contact, Profile, Usage | Performance of a contract; Legitimate interests |
| Administer and protect our business and website | Identity, Contact, Technical | Legitimate interests; Legal obligation |
| Deliver relevant content and advertising; measure effectiveness | Identity, Contact, Profile, Usage, Technical | Legitimate interests |
| Data analytics to improve website, products and services | Technical, Usage | Legitimate interests |
| Make suggestions and recommendations about products/services | Identity, Contact, Technical, Usage, Profile | Legitimate interests |
| Credit reference and affordability checks; fraud prevention; identity verification | Credit and Identity Data | Legal obligation; Legitimate interests; Performance of a contract |
8. Marketing Communications
You will receive marketing communications from us if you have requested information from us or purchased goods or services from us, or if you provided us with your details and opted in to receive marketing, and you have not subsequently opted out.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
You can opt out at any time by logging into the website and adjusting your marketing preferences, following the opt-out links on any marketing message, or emailing us at [email protected].
9. Disclosures of Your Personal Data
We may share your personal data with the following parties:
- Other companies in our group who provide IT and system administration services
- Service providers who provide IT and system administration services
- Professional advisers including lawyers, bankers, auditors and insurers
- HM Revenue & Customs, regulators and other authorities
- Creditsafe Business Solutions Limited and TransUnion International UK Limited (for credit reference and affordability checks)
- Third parties to whom we sell, transfer, or merge parts of our business or assets
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
10. International Data Transfers
Some of our third-party service providers (such as analytics providers and payment processors) may be based or operate servers outside the UK and/or European Economic Area (EEA). Where such transfers take place, we ensure appropriate safeguards are in place to protect your data in accordance with UK data protection law.
Safeguards we use may include:
- Standard contractual clauses or international data transfer agreements approved by the UK authorities
- Transfers to countries or organisations that have been recognised as providing an adequate level of data protection
- Binding corporate rules where applicable
Note on EU–UK Adequacy The European Commission renewed its adequacy decision for the UK in December 2025, valid until 2031. This means UK organisations can freely receive personal data from the EEA without additional safeguards. Under the Data (Use and Access) Act 2025, the test for outbound transfers has also been updated to permit transfers where the level of protection is “not materially lower” than that provided under UK law.
For further information about the safeguards we use, please contact us at [email protected].
11. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorised way, altered or disclosed. Access to your personal data is limited to those with a business need to know. We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator where we are legally required to do so.
12. Data Retention
We keep personal data only for as long as necessary for its purpose and to meet legal or regulatory obligations. By law, we keep basic customer information (including Contact, Identity, Financial and Transaction Data) for six years after a customer relationship ends, for tax purposes. Data used for credit reference or affordability checks is retained only for as long as required and then securely deleted.
In some circumstances we may anonymise your personal data for research or statistical purposes, in which case we may use this information indefinitely without further notice.
13. Your Rights as a Data Subject
Under UK data protection law, you have the following rights in relation to your personal data:
| Right | What it means |
|---|---|
| Right of access | Request a copy of the personal data we hold about you and information about how it is used. |
| Right to rectification | Request that inaccurate or incomplete personal data is corrected. |
| Right to erasure | Request that we delete your personal data where there is no lawful reason for us to continue processing it. |
| Right to restrict processing | Request that we limit how we use your personal data in certain circumstances. |
| Right to data portability | Receive your personal data in a structured, commonly used, machine-readable format, and request we transfer it to another organisation where technically feasible. |
| Right to object | Object to the processing of your personal data where we rely on legitimate interests or where data is used for direct marketing. |
| Right to withdraw consent | Where we rely on consent, withdraw it at any time without affecting the lawfulness of prior processing. |
To exercise any of these rights, please email us at [email protected]. You will not normally have to pay a fee. We try to respond to all legitimate requests within one month.
Further information: ICO Individual Rights guidance ↗
14. Provision of Personal Data
Is the provision of personal data statutory or contractual?
The provision of certain personal data is primarily contractual and, in some circumstances, required to meet legal and regulatory obligations. Personal data is required to:
- Enter into and perform contracts with customers, suppliers, or business partners
- Process orders, manage accounts, and deliver goods and services
- Verify identity and prevent fraud
- Comply with applicable legal, regulatory, accounting, and tax obligations
What are the consequences of not providing personal data?
If you choose not to provide the personal data we request:
- We may be unable to enter into a contract with you
- We may be unable to fulfil orders, supply goods, or provide services
- We may be unable to conduct necessary verification, compliance, or fraud prevention checks
- As a result, our services may be delayed, restricted, or declined
Where personal data is requested for optional purposes such as marketing communications, providing this data is not mandatory and you may withdraw your consent at any time without affecting your ability to receive goods or services from us.
15. Automated Decision-Making and Profiling
Updated under DUAA 2025 The Data (Use and Access) Act 2025 revised the UK GDPR framework for automated decision-making, replacing Article 22 with new provisions (Articles 22A–22D). Solely automated decisions with legal or similarly significant effects on individuals are now permitted in a broader range of circumstances, subject to safeguards.
We may use automated systems and tools to support certain business processes, such as risk assessment, fraud prevention, affordability checks, identity verification, or record management. Where we make significant decisions based wholly or partly on automated processing, we implement the following safeguards:
- We will provide you with clear information about any significant decision made about you through automated means
- You have the right to request that a human reviews such a decision
- You have the right to make representations about and to contest any such decision
Automated processing involving special category data (such as health, biometric or ethnicity data) remains subject to stricter controls and will only be carried out where explicit consent has been given or where permitted by law.
For further information, please contact us at [email protected].
16. Cookies and Tracking Technologies
We use cookies and similar technologies on our website. The Data (Use and Access) Act 2025 introduced updates to the Privacy and Electronic Communications Regulations (PECR) regarding cookies. Certain low-risk cookies — including analytics cookies used to collect statistical data to improve website performance, functional cookies that enhance user experience, and cookies used for security or fraud prevention — may in some circumstances be used without requiring explicit prior consent, provided users can opt out.
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, some parts of this website may become inaccessible or not function properly.
For more information and to manage your preferences, please see our Cookie Policy.
Important — PECR Fines Update From August 2025, the maximum fine for PECR breaches (including unlawful use of cookies or electronic marketing) was aligned with UK GDPR levels — up to £17.5 million or 4% of global annual turnover. We review our cookie practices regularly to ensure compliance.
17. Children’s Data Protection
We are committed to protecting the personal data of children. The Data (Use and Access) Act 2025 introduced ‘children’s higher protection matters’ as part of the UK GDPR’s data protection by design and by default requirements. If our online services are likely to be accessed by children (individuals under 18), we are required to take account of their specific needs, including the fact that children may be less aware of the risks associated with data processing.
Our website is not directed at children under 13, and we do not knowingly collect personal data from children under 13 without verifiable parental consent. By providing us with your data, you warrant that you are over 13 years of age.
Where our services may be accessed by children aged 13–17, we apply additional care to how their data is processed, including applying data minimisation practices and avoiding processing that may be detrimental to their wellbeing.
If you believe we have inadvertently collected personal data from a child without appropriate consent, please contact us at [email protected] and we will take prompt steps to delete it.
18. How to Make a Data Protection Complaint
We take data protection complaints seriously and are committed to resolving them promptly and fairly. A statutory right to complain directly to organisations is being introduced under the Data (Use and Access) Act 2025 on 19 June 2026. In anticipation of this, we have put the following process in place now.
1
Contact Us Directly Email us at [email protected] with a description of your concern. We will acknowledge your complaint within 30 days and aim to provide a full response without undue delay.
2
Escalate to the ICO If you are not satisfied with our response, you have the right to complain to the Information Commissioner’s Office (ICO):
Website: www.ico.org.uk
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Our ICO registration number: ZA460416
Website: www.ico.org.uk
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Our ICO registration number: ZA460416
19. Third-Party Links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
20. Changes to This Privacy Policy
We may update this privacy policy from time to time. Any changes will be posted on this page with an updated date at the top. We encourage you to review this policy periodically to stay informed about how we are protecting your information.