Serenity Academy Privacy Policy



Last Updated: 5th June 2026

Welcome to the Privacy Policy for Serenity Academy. We operate the website https://www.serenityacademy.co.uk/ (the "Site").


At Serenity Academy, we are committed to protecting and respecting your privacy. This policy explains when, why, and how we collect personal information about people who visit our website, book our training courses, or receive treatments at our salon, as well as how we keep it secure and the conditions under which we may disclose it to others.


For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the Data Controller is Serenity Academy, located at:

20 High Street

Wath upon Dearne

Rotherham

South Yorkshire S63 7QG.

1. Information We May Collect From You

We may collect and process the following categories of personal data:


  • Contact & Identity Data: Your name, title, address, email address, and telephone numbers when you register for a course, book a salon treatment, or contact us via our website forms.
  • Student, Educational & Professional Data: Because we provide accredited NVQ/VRQ and VTCT qualifications, we collect details necessary for course registration, including your date of birth, unique learner number (ULN), national insurance number (where required for funding or registration eligibility), and academic progression records.
  • Health & Special Category Data: For specific beauty, holistic, or aesthetic treatments (such as lash tints, facial skincare, or massage therapies), or to ensure your safety during practical course assessments, we may collect sensitive health information. This includes medical conditions, allergies, contraindications, and mandatory patch-test history. We will only ever process this data with your explicit, written consent.
  • Financial & Transaction Data: Details about payments made by you for training courses (including booking deposits, full fees, or partial funding details) and salon services. Note: We do not directly store your credit/debit card information; transactions are processed via secure, compliant third-party payment gateways (e.g., PayPal).
  • Technical & Usage Data: This includes your IP address, browser type and version, time zone setting, operating system and platform, and details about how you use our Site.


2. How We Collect Your Personal Data

We use different methods to collect data from and about you, including:


  • Direct Interaction: You explicitly provide your details when filling out course application forms online, making enquiries via email or phone, or completing consultation cards in person at our Rotherham academy.
  • Automated Technologies: When using our Site, we may automatically gather Technical Data regarding your browsing patterns and equipment via cookies.

3. How We Use Your Information (Legal Basis)

We will only use your personal data when permitted by UK law. Most commonly, we process your information under the following grounds:


  • Performance of a Contract: To process your course enrolment, manage your student files, provide practical instruction with real clients, and issue your professional certifications.
  • Explicit Consent: For verifying medical suitability and safety requirements via consultation cards before performing any hair, beauty, or holistic treatments.
  • Legitimate Interests: To operationalise our training schedule, answer enquiries, manage customer accounts, and distribute administrative site updates.
  • Legal Obligation: Where we are legally bound to maintain records for tax, accounting, or business insurance compliance or to fulfil regulatory audits by external educational bodies.

4. Who We Share Your Data With

We do not sell or rent your personal information. However, to effectively run our training academy and salon, we may share information with:


  • Awarding Bodies & Regulators: External professional entities such as VTCT / NVQ to formally register you for training modules, log assessment results, and request final certifications.
  • Funding & Educational Partners: If your training programme is fully or partially funded via partner colleges or regional initiatives, data is shared to satisfy compliance and eligibility audits.
  • Service Providers: Trusted third parties supplying our operational tools, including our website platform (Duda), payment processors, and student database management software.
  • Professional Advisors: Our insurers, legal advisors, or accountants were strictly required to maintain liability coverage or financial reporting.

5. International Data Transfers

Certain digital service providers (such as web hosting, cloud storage, or contact forms) may store or process data outside of the United Kingdom. Where data is transferred internationally, we ensure that appropriate UK-approved safeguards—such as Standard Contractual Clauses (SCCs) or International Data Transfer Agreements (IDTAs)—are actively maintained to protect your privacy.

6. Data Security

We have established strict security procedures to protect your personal data against accidental loss, alteration, unauthorised disclosure, or access. Access to sensitive information is strictly limited to directors, tutors, and staff who possess a verified business need to know.

7. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes it was originally collected for, including legal, accounting, insurance, or mandatory educational body reporting.


  • Student Assessment Records: Registration, training completion files, and verification records are held longer in compliance with VTCT/NVQ archival rules.
  • Salon Treatment Cards: Health consultations and patch-test histories are kept securely for standard professional liability insurance periods following your most recent appointment.

8. Your Legal Rights

Under UK data protection laws, you retain explicit rights regarding your personal information:


  • Request access to a copy of the personal data we hold about you.
  • Request correction of any inaccurate or outdated information.
  • Request erasure of your data when there is no overriding legal or contractual reason for us to keep processing it.
  • Object to processing or ask us to restrict how your information is handled.
  • Withdraw consent at any moment for data dependent on your explicit permission (such as marketing emails or special health category consultations).


If you wish to execute any of these legal rights, please contact us directly using the details provided below.

9. Third-Party Links

Our website may feature links to external sites or third-party plug-ins (such as social media profiles). Clicking these links may enable those third parties to collect or track your data. Serenity Academy does not control outside websites and is not responsible for their independent privacy practices.

10. Contact Us & Complaints 

If you have any questions concerning this Privacy Policy, wish to update your details, or would like to submit a request, please contact us:



You also reserve the right to raise an issue at any point with the UK supervisory authority, the Information Commissioner’s Office (ICO) (www.ico.org.uk). We would, however, welcome the opportunity to address and resolve your concerns directly before you make an official approach, so please get in touch with us first.