Privacy Policy

Effective date: 15 January 2025

This Privacy Policy explains how Jyotish Vidya Academy Ltd. (Company No. 14523891), registered at 71 Gloucester Place, London, W1U 8JW, United Kingdom ("we", "us", "our" or "the Academy"), collects, processes and safeguards your personal data when you access our website at academy-jyotish.pro and use our online Vedic astrology education services.

We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are committed to protecting your privacy and handling your data in a transparent, lawful manner.

1. What Personal Data We Collect

We may collect and process the following categories of personal data:

1.1 Information You Provide Directly

• Account registration data: your full name, email address, chosen password, country of residence and preferred language.
• Enrolment information: programme selections, date of birth (where required for Jyotish chart exercises), billing address and payment details.
• Communications: any messages, enquiries or feedback you submit via our contact forms, email or live chat.
• Assessment submissions: chart analyses, written assignments and examination responses submitted as part of your programme.

1.2 Information Collected Automatically

• Technical data: IP address, browser type and version, operating system, device identifiers and screen resolution.
• Usage data: pages visited, time spent on each page, click patterns, referral URLs and search terms used within the platform.
• Cookie data: information collected through cookies and similar technologies, as described in our Cookie Policy.

1.3 Information from Third Parties

• Payment processors: transaction confirmation and fraud-screening data from our payment service providers (we do not store full card numbers on our servers).
• Analytics providers: aggregated and pseudonymised usage statistics.

2. How We Use Your Data

We process your personal data for the following purposes:

• Service delivery: to create and manage your student account, grant access to enrolled programmes, track your progress and issue certificates upon completion.
• Payment processing: to process tuition payments, generate invoices and administer refund requests in accordance with our Return and Refund Policy.
• Communication: to respond to your enquiries, send programme updates, mentorship scheduling notifications and administrative notices.
• Improvement of services: to analyse usage patterns, diagnose technical issues and enhance our curriculum, platform features and user experience.
• Legal compliance: to comply with applicable laws, regulations and legal processes, including tax reporting and record-keeping obligations.
• Marketing: with your explicit consent, to send newsletters featuring Vedic astrology insights, new programme announcements and promotional offers. You may withdraw consent at any time.

3. Legal Basis for Processing (GDPR)

We rely on the following legal bases under Article 6 of the UK GDPR:

• Performance of a contract (Art. 6(1)(b)): processing necessary to fulfil our obligations under your enrolment agreement, including account management, programme delivery and certification.
• Legitimate interests (Art. 6(1)(f)): processing necessary for our legitimate business interests, such as improving our services, preventing fraud and ensuring platform security, provided these interests do not override your fundamental rights.
• Consent (Art. 6(1)(a)): where you have given clear, affirmative consent, such as opting in to marketing communications. You have the right to withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
• Legal obligation (Art. 6(1)(c)): processing necessary to comply with a legal obligation to which we are subject, such as financial record-keeping requirements.

4. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Account and enrolment records: retained for the duration of your active account and for six years following the date of your last interaction with the platform, in line with UK statutory limitation periods.
• Payment and transaction records: retained for six years from the date of the transaction to satisfy tax and accounting obligations.
• Assessment submissions: retained for three years after programme completion to support certification verification and academic integrity reviews.
• Marketing consent records: retained until you withdraw consent, plus a further twelve months to evidence that consent was obtained lawfully.
• Technical and usage logs: retained for up to twenty-four months in pseudonymised form and then permanently deleted or fully anonymised.

When personal data is no longer required, it is securely deleted or irreversibly anonymised.

5. Third-Party Sharing

We do not sell your personal data to any third party. We may share your data with the following categories of recipients, strictly on a need-to-know basis:

• Payment service providers: to process transactions securely (e.g., Stripe, PayPal). These providers act as independent data controllers for payment fraud prevention.
• Hosting and infrastructure providers: to store and deliver platform content. Our servers are located within the United Kingdom and the European Economic Area.
• Analytics providers: to help us understand how users interact with our platform. Data shared for this purpose is pseudonymised wherever technically feasible.
• Professional advisers: including solicitors, accountants and auditors, where necessary for the administration of our business or to comply with legal obligations.
• Regulatory and law enforcement authorities: where we are required by law to disclose information, or where disclosure is necessary to protect our rights, your safety or the safety of others.

Where personal data is transferred outside the United Kingdom, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the Information Commissioner's Office.

6. Cookies

Our website uses cookies and similar technologies to provide essential functionality, analyse traffic and remember your preferences. For detailed information on the types of cookies we use and how to manage them, please refer to our Cookie Policy.

7. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

• Right of access (Art. 15): you may request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): you may request correction of inaccurate or incomplete personal data.
• Right to erasure (Art. 17): you may request deletion of your personal data where there is no compelling reason for its continued processing.
• Right to restriction of processing (Art. 18): you may request that we limit the processing of your data in certain circumstances.
• Right to data portability (Art. 20): you may request that we provide your personal data in a structured, commonly used, machine-readable format, or that we transmit it directly to another controller where technically feasible.
• Right to object (Art. 21): you may object to processing based on legitimate interests or for direct marketing purposes.
• Rights related to automated decision-making (Art. 22): you have the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you.

To exercise any of these rights, please contact us using the details provided below. We will respond to your request within one calendar month. In exceptional cases, where requests are complex or numerous, we may extend this period by a further two months, in which case we will inform you of the extension and the reasons for it.

If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. These measures include encryption of data in transit via TLS, access controls, regular security assessments and staff training on data protection obligations. While no method of transmission or storage is entirely secure, we are committed to maintaining industry-standard safeguards.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or regulatory guidance. When we make material changes, we will notify you by posting the revised policy on this page and updating the effective date above. We encourage you to review this page periodically.

10. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how your personal data is processed, please contact us: