Your privacy is important to us. This Privacy Policy explains how The Models’ Masterclass Ltd (“we” or “us”) collects, uses, stores, and protects your personal data when you use our website or services. It also outlines your rights under the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws. We publish this information to be transparent about our data practices and to fulfill our legal obligation to inform you how your data is handled. By using our site or enrolling in our courses, you consent to the data practices described in this Policy.
1. Who We Are (Data Controller)
The Models’ Masterclass Ltd (Company No. 15395038) is the “data controller” of your personal data collected via our website themodelsmasterclass.com. This means we determine the purposes and manner in which your personal data is processed. If you have any questions about this Privacy Policy or your personal data, you can contact us at [email protected]. We do not currently have a designated Data Protection Officer, but all privacy inquiries will be handled by our management team.
We are committed to handling your information in compliance with the UK GDPR and the Data Protection Act 2018. This includes ensuring we have a valid legal basis for processing your data, and respecting your rights to control what happens with your personal information.
2. Personal Data We Collect
We may collect and process the following categories of personal data:
Information You Provide Directly: When you register an account, enroll in a course, or contact us, you provide personal details. This may include your name, email address, postal address (if needed for billing or certification), phone number, login username, and password. If you make a purchase, our payment processor will collect your payment details (such as credit card number and billing address), but we do not store full payment card information on our servers.
Profile and Course Data: If our platform allows you to create a user profile or submit content (for example, posting in course discussions or completing quizzes), we collect whatever information you choose to provide in these contexts. This could include photos or biographical info on a profile, and any submissions or messages you make within the course platform.
Usage Data: We automatically collect certain data about how you use our website and courses. This includes technical information like your IP address, browser type and version, device information, and operating system. We also gather data on your activity, such as pages or course modules accessed, time spent on the platform, interaction with videos (e.g. completion of lessons), and clickstream data. This usage data helps us analyze and improve our services.
Cookies and Similar Technologies: When you visit our site, we use cookies and similar tracking technologies (explained in our Cookie Policy) to collect information about your browsing actions and preferences. For example, we may collect data on which pages you visited, whether you are a returning visitor, or if you came to our site via a marketing email. Cookies can also track information like your language preferences or login status. We treat this information as personal data when it is linked to your user account or other identifiers.
Communication Data: If you communicate with us (for example, by emailing support or filling out a contact form), we will collect and keep records of that correspondence, which may include your name, contact information, and the content of your message.
Third-Party Sources: In general, we collect personal data directly from you. We do not typically purchase or obtain data about you from third parties. However, if you login via a third-party service (for instance, signing in using Google or Facebook, if that feature is available), we may receive basic profile information from that third-party with your consent. Also, if someone refers you to our course via an affiliate link, we might note the referrer’s identity.
We aim to collect only the minimum amount of data necessary for the purposes explained below. You can choose not to provide certain information (for example, you can browse parts of the site without creating an account), but then you may not be able to register or access course content that requires that information.
3. How We Use Your Personal Data
We will only use your personal data when the law allows us to (i.e. we have a lawful basis for processing). The main purposes for which we process your data are:
To Provide Services and Fulfill Contracts: We use your personal information to set up and administer your user account, enroll you in online courses, and provide you with the educational content you have purchased. For example, we use your name and email to register your account and grant you course access, and we process your payment details to complete the transaction. This use is necessary for the performance of the contract between you and us (i.e. to deliver the course you ordered).
User Identification and Authentication: Your login credentials (email/username and password) are used to authenticate you when you sign into the platform and to maintain the security of your account.
Communications: We use contact information (like your email and/or phone number) to communicate with you about your course and account. This includes sending service emails for confirmations, invoices, technical notices, updates, security alerts, and support messages. For instance, after you enroll we email you a confirmation and may send follow-ups like reminders to continue your course or notifications about new content or features in the course. These communications are part of our contract with you or our legitimate interest in ensuring customer satisfaction.
Customer Support: If you reach out with questions or need help, we will use your provided information and our internal notes to assist you. This may include troubleshooting technical issues, responding to inquiries about course content, or addressing any concerns.
Improvement and Analytics: We analyze usage data and feedback to improve our courses and website. For example, we might review how users progress through a course to identify areas where learners struggle, and then refine those lessons. We may use analytics services (like Google Analytics) which collect information about your interaction with our site. The data used for analytics is typically aggregated and does not directly identify you; where it might (such as an IP address), we rely on our legitimate interests to improve our services in a manner that respects your privacy (for instance, IP addresses may be anonymized for analytics).
Marketing (With Consent): If you opt in to receive marketing communications, we will use your email to send you newsletters or promotions about new courses or relevant content. We will only send you marketing emails if you have given consent (such as by ticking a signup box) or if you are an existing customer and the communications relate to similar products you initially purchased (under the soft opt-in rule, as applicable). You will always have the opportunity to unsubscribe or opt out of marketing communications. We do not sell or share your personal data with third parties for them to market to you.
Legal Compliance and Protecting Misuse: We may process personal data as required to comply with legal obligations, such as maintaining transaction records for tax and accounting purposes or responding to lawful requests by public authorities. We also reserve the right to process data to the extent necessary to prevent or address fraud, security breaches, or other misuse of our platform. For example, we may use certain data to detect violations of our Terms of Use or to enforce our rights (such as investigating suspected piracy of our course content).
Other Purposes (with Notice): If we intend to use your data for a purpose that is not compatible with the original purpose for which it was collected, we will inform you and, if required, obtain your consent.
We ensure that we have an appropriate legal basis for each use of your data – this may be your consent, the necessity to perform a contract with you, compliance with a legal obligation, or our legitimate interests (which we will balance against your rights and expectations of privacy).
4. How We Store and Protect Your Data
Data Storage Location: Your data is stored on secure servers which may be operated by us or reputable third-party hosting providers. We primarily use servers located in the United Kingdom or European Economic Area (EEA). In some cases, your data may be stored or backed up on servers outside the UK/EEA (for example, if we use a US-based cloud service). If so, we will ensure appropriate safeguards are in place (such as Standard Contractual Clauses or an adequacy decision) to protect your information in accordance with UK data protection standards.
Security Measures: We implement technical and organizational measures to secure your personal data. This includes encryption of data in transit (our website is served over HTTPS, so information you submit is encrypted between your browser and our server) and encryption of sensitive data at rest where appropriate. We restrict access to personal data to authorized personnel who need it for their job duties, and we ensure those individuals are subject to confidentiality obligations. Our systems are protected against unauthorized access with firewalls, access controls, and monitoring for potential vulnerabilities or attacks. We also regularly update our software and train our staff on data security practices.
Payment Security: As noted, we do not store raw payment card data on our servers. We rely on PCI-DSS compliant third-party payment processors to handle transactions. Those providers are responsible for securely processing and storing your payment information.
Retention Period: We retain personal data only as long as necessary for the purposes outlined in this policy, or as required by law. For instance, we will keep your account information while you are an active user of our services. If you delete your account or it remains inactive for an extended period, we will remove or anonymize personal data associated with your account, except for information we are required to retain for legal or accounting reasons. Transaction records (which may include your name, contact, and purchase details) are kept for at least the minimum period required by tax law (typically 6 years in the UK). We periodically review the data we hold and delete or anonymize personal data that is no longer needed.
Data Breach Procedures: Despite all measures, no system can be 100% secure. In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will inform you and the UK Information Commissioner’s Office (and any other relevant regulators) as required by law. We have a procedure in place to quickly respond to and mitigate any data breaches, should they occur.
Account Protection: You play a role in keeping your data safe as well. Please choose a strong, unique password for our website and do not share it. If you suspect any unauthorized access to your account or personal data, notify us immediately so we can investigate and take action.
5. Sharing of Personal Data
We treat your personal data with care and confidentiality. We do not sell your personal information to third parties. However, we do share your data in certain limited scenarios, as described below:
Service Providers: We use trusted third-party companies to help us deliver our services (often called “data processors”). These include:
Payment processors (to handle secure transactions),
Web hosting and cloud storage providers (to host our website and data),
Email service providers (to send transactional emails, newsletters, etc.),
Analytics services (to help us understand how users engage with our site, e.g. Google Analytics, as mentioned above),
Customer support tools (to manage support tickets or live chat if offered), and
Marketing platforms (if we send email newsletters or run referral programs).
These third parties will only receive the information necessary for them to perform their specific services. We ensure that any service providers who handle personal data on our behalf are bound by data protection obligations (contractual agreements) to safeguard your information and to only use it for the purposes we specify.
Affiliates and Business Transfers: The Models’ Masterclass Ltd currently does not have any parent or subsidiary companies with which we share data. If in the future we become part of a group or undergo a business transaction (like a merger or acquisition), personal data might be shared with new owners or affiliates as part of that process. If such a change occurs, we will notify users and ensure your data remains subject to protections consistent with this policy.
Legal Requirements: We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court order, law enforcement demand, or regulatory requirement). We will only share the data that is necessary to comply with the request. Additionally, if needed to enforce our Terms and other agreements or to protect the rights, property, or safety of our company, our customers, or others, we may share relevant information with law enforcement or legal advisors (for example, providing information to investigators if a user is engaged in fraudulent or criminal activity on our platform).
With Your Consent: In cases where we want to share your information for something not covered by the above, we will ask for your explicit consent. For example, if we were to partner with another training provider and you wanted to participate in a joint program, we would only share your data with that provider if you opt-in.
Aggregated or Anonymized Data: We may share information that has been aggregated (combined with other users’ data) or anonymized (stripped of personally identifying characteristics) so that it cannot reasonably be used to identify you. For instance, we might publish trends about course completion rates or demographic breakdown of our user base. This type of data does not identify any individual and therefore is not considered personal data.
We will never rent or sell your personal data to third parties for marketing or any other purposes. Any sharing is done with caution and only as outlined above, with your privacy rights in mind.
6. Your Rights and Choices
Under data protection law, you have several rights regarding the personal data we hold about you. You can exercise these rights by contacting us at [email protected]. We will respond to requests within one month as required by law (and usually much sooner). Your principal rights include:
Right of Access: You have the right to request a copy of the personal data we hold about you, as well as information about how we process it. This is commonly known as making a “subject access request.” Upon verification of your identity, we will provide you with a summary or copy of your data, typically in electronic form. There is no fee for making an access request, unless the request is manifestly unfounded or excessive, in which case a reasonable fee may be charged.
Right to Rectification: If any personal data we have about you is inaccurate or incomplete, you have the right to have it corrected or updated. For example, if you change email addresses or notice that we have a misspelled name on file, you can ask us to fix it. We rely on you to provide accurate information, and you can update some of your data directly through your account settings as well.
Right to Erasure: You have the right to request deletion of your personal data in certain circumstances – for instance, if the data is no longer necessary for the purposes it was collected, or if you withdraw consent and we have no other legal basis to continue processing. This is sometimes called the “right to be forgotten.” Upon a valid request, we will erase your personal data (and inform any processors to do so) unless we have a lawful reason to retain it (e.g. an overriding legal obligation or right to free expression, etc.). Please note that if you request deletion of data necessary for us to provide the service (such as your account credentials or course enrollment info), you may need to discontinue use of the service as we cannot provide it without that data.
Right to Restrict Processing: You can ask us to suspend or limit the processing of your personal data in certain scenarios. For example, if you contest the accuracy of the data, you can request we pause processing (aside from storing it securely) until we verify its accuracy. Or if you object to processing we are carrying out under our legitimate interests, you can request restriction while we review your objection. Restricting processing might mean we simply keep your data but don’t use it. If processing is restricted, we will inform you before lifting the restriction.
Right to Object: You have the right to object to our processing of your personal data when that processing is based on legitimate interests (or performed for public interest tasks). If you object, we must stop processing the data unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless processing is needed for legal claims. Importantly, you also have an unconditional right to object to any processing of your personal data for direct marketing purposes. If you object to marketing, we will stop sending you marketing communications promptly.
Right to Data Portability: For personal data that you have provided to us and which we process by automated means on the basis of your consent or for performance of a contract, you have the right to obtain that data in a structured, commonly used, machine-readable format. You also have the right to request that we transmit such data directly to another service provider (where technically feasible). In practice, this might include basic account data or content you’ve provided to us. We will assist with such requests as required by law.
Right to Withdraw Consent: If we are processing any of your personal data based on your consent (for example, if you consented to receive our newsletter), you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing we carried out prior to your withdrawal. Nor will it affect processing that is not based on consent (for example, processing necessary to provide you with the service). You can withdraw consent to marketing emails by clicking the “unsubscribe” link in any of our emails or by contacting us. For other consents, just let us know of the change in preference.
Right to Complain: If you believe that we have not complied with your data protection rights or applicable privacy laws, you have the right to lodge a complaint with the supervisory authority in your country. In the UK, the supervisory authority is the Information Commissioner’s Office (ICO). You can find more information about making a complaint to the ICO on its website. We encourage you to contact us first, so we have the opportunity to address your concerns directly, but you are entitled to go to the ICO at any time.
Please note that these rights are not absolute – there are specific conditions or exemptions applicable under the law. For example, we might not erase data we are required by law to keep, or we might refuse an access request that is unfounded or excessive. However, we will evaluate and respond to each request in accordance with applicable law. Exercising your rights will not affect the service we provide to you; we do not discriminate against individuals for exercising their privacy rights.
7. Cookies and Tracking Technologies
Our use of cookies and similar technologies is explained in detail in our Cookie Policy (see below). In summary, cookies are small text files placed on your device to store information, and we use them to make our website function, to remember your preferences, and to understand how our site is used. Some cookies are essential for the site to work (e.g., keeping you logged in as you navigate), while others are optional and help us improve your experience (e.g., analytics cookies). We obtain your consent for non-essential cookies through the cookie banner when you first visit our site. You can manage your cookie preferences at any time. Please refer to our Cookie Policy for more information on what cookies we use and how you can control them.
8. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make significant changes, we will notify you by email (if you have an account) or by posting a prominent notice on our website. The “last updated” date at the bottom of this Policy will indicate when the latest changes were made. We encourage you to review this Policy periodically to stay informed about how we are protecting your information. Continuing to use our website or services after we update the Policy will indicate that you have read and understood the revised terms.
9. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:
By Email: [email protected]
By Post: The Models’ Masterclass Ltd, [Address] (Attn: Privacy)
We will be happy to address any concerns or queries you have regarding your privacy and our data handling practices.
If you feel we have not resolved your concern, you have the right to contact the UK Information Commissioner’s Office (ICO). You can find their contact details and procedures on the ICO website (ico.org.uk). We value your privacy and will do our utmost to ensure your information is safe and used properly.
(Last updated: Monday, 24th March 2025)
