Privacy Policy

SpotCheck Academy Privacy Policy

This Privacy Policy explains how SpotCheck Academy collects, uses, stores and shares personal data in delivering dermoscopy and lesion‑safety education and training to cosmetic practitioners. It is written to comply with UK GDPR and the Data Protection Act 2018 and is suitable for publication on the SpotCheck Academy website and for regulatory inspection.

1. Who we are and how to contact us

SpotCheck Academy is an education and training platform providing face‑to‑face and online courses on dermoscopy, lesion safety and risk reduction for cosmetic practitioners. For data protection purposes, SpotCheck Academy acts as the Data Controller for the personal data described in this policy.

Contact details for privacy queries, Aesthetk Ltd, First Floor, 40 Hutton Road, Shenfield Brentwood, Essex CMa5 8LB. Phone 01277 503 505, Whatsapp: 07405651638

2. Scope of this Privacy Policy

This Privacy Policy applies to:

Practitioners and learners who register for SpotCheck Academy courses or access our e‑learning platform.

Users who browse the SpotCheck Academy website or receive our educational communications.

It covers all personal data processed in relation to course enrolment, delivery of teaching, assessment and certification, user support, quality assurance and governance activities.

3. What data we collect

3.1 Learner and practitioner data

We may collect and process the following categories of personal data about learners and practitioners:

Identification and contact details: name, title, clinic or organisation name, postal address, email address and telephone number.

Professional details: role (e.g. aesthetic practitioner, electrologist, laser or IPL practitioner, beauty therapist), professional registration numbers where applicable, scope of practice and relevant training history.

Account and learning records: username, login details, course bookings, access history, modules completed, assessment scores, certificates awarded and feedback or evaluations submitted.

Financial and transaction data: payment records and invoice details (processed securely via approved payment providers where used).

We do not require routine collection of identifiable patient data for SpotCheck Academy courses; where de‑identified clinical images or case examples are shared for training, these should be anonymised by the contributing practitioner.

3.2 Website and technical data

When you visit the SpotCheck Academy website or online learning environment, we may collect:

Technical data: IP address, device identifiers, browser type and version, time zone settings and operating system.

Usage data: pages visited, time spent on pages, links clicked, course navigation patterns and interactions with learning content.

This information is typically collected through cookies and similar technologies and is used to maintain platform security, improve user experience and understand engagement with our educational materials (see separate Cookie Policy for more detail).

4. Why we process personal data (purposes and legal bases)

SpotCheck Academy processes personal data only where there is a clear lawful basis under UK GDPR and where it supports our core purpose of educating practitioners and reducing lesion‑related risk in cosmetic practice.

4.1 Course enrolment, delivery and certification

Purpose: to manage course bookings, provide access to learning materials, record progress, administer assessments and issue certificates or evidence of completion.

Legal basis: Article 6(1)(b) UK GDPR – processing necessary for the performance of a contract with you (providing the education and training you have purchased or enrolled in).

4.2 Educational quality assurance and improvement

Purpose: to manage course bookings, provide access to learning materials, record progress, administer assessments and issue certificates or evidence of completion.

Legal basis: Article 6(1)(b) UK GDPR – processing necessary for the performance of a contract with you (providing the education and training you have purchased or enrolled in).

4.3 Governance, compliance and legal obligations

Purpose: to comply with legal and regulatory requirements, respond to audit requests or enquiries (including from regulators or insurers) and maintain records that demonstrate appropriate governance of an education provider.

Legal basis: Article 6(1)(c) – processing necessary for compliance with legal obligations; and Article 6(1)(f) – legitimate interests in managing risk and supporting professional and insurer expectations.

4.4 Communication and service administration

Purpose: to send essential service communications about your account, course information, joining instructions, updates to policies and important safety or governance messages.

Legal basis: Article 6(1)(b) and 6(1)(f). For optional marketing about new courses or events, we will rely on Article 6(1)(a) (consent) or other applicable lawful bases and you will be able to opt out at any time.

5. How we use clinical case material

Clinical images and case material used within SpotCheck Academy teaching are intended for educational purposes to illustrate lesion‑safety principles, dermoscopic patterns and decision‑making around referral or avoidance of cosmetic treatment. Wherever case material relates to real patients, it should be appropriately anonymised and used in accordance with applicable professional and legal standards on consent and confidentiality.

SpotCheck Academy courses do not confer clinical authorisation to treat specific lesions; responsibility for clinical decisions remains with the practitioner within their own professional scope of practice and local governance arrangements.

6. Sharing of personal data

We only share personal data where necessary for the purposes described in this policy and where appropriate safeguards are in place.

We may share data with:

  • Course faculty, tutors and assessors who need access to learner records to deliver teaching, provide feedback, mark assessments or verify attendance.
  • Technology and hosting providers who operate our learning platforms and email systems under data‑processing agreements.
  • Professional advisers or regulators where this is necessary to meet legal, governance or insurance requirements, or to address complaints or disputes.
  • We do not sell your personal data or share it with third parties for unrelated marketing purposes.

7. International transfers

If any personal data are stored or processed outside the UK (for example by a cloud hosting provider), we will ensure that appropriate safeguards are in place, such as adequacy regulations or standard contractual clauses recognised under UK GDPR. Details of significant international transfers can be provided on request.

8. Data retention

We retain personal data only for as long as needed to fulfil the purposes described in this policy and to meet legal, governance and insurance requirements for education providers.

Typical retention periods include:

  • Learner account and training records: for the duration of your relationship with SpotCheck Academy and for a defined period afterwards to evidence course completion and support professional or insurance verification.
  • Financial and transaction records: for the periods required by tax, accounting and financial regulations.

At the end of the relevant retention period, data are securely deleted, anonymised or archived in accordance with recognised information‑governance standards.

9. Data security

SpotCheck Academy takes data security seriously and implements appropriate technical and organisational measures to protect personal data from unauthorised access, loss or misuse. These measures may include secure user authentication, role‑based access controls, encryption of data in transit and at rest where appropriate, regular system updates and staff training on data protection and information governance.

Learners are responsible for keeping their login details confidential and should notify us promptly if they suspect unauthorised access to their account.

10. Your data protection rights

Under UK GDPR, learners and practitioners have a number of rights in relation to their personal data. These include the right to:

  • Be informed about how their data are used (through this and related notices).
  • Access their personal data.
  • Request correction of inaccurate or incomplete data.
  • Request erasure of certain data where legal conditions are met.
  • Restrict or object to certain types of processing.
  • Request data portability where applicable.
  • Withdraw consent where processing is based on consent, without affecting the lawfulness of prior processing.

Requests to exercise these rights should be directed to the contact details in Section 1. Some requests may be limited by legal, contractual or governance requirements, and this will be explained where relevant.

11. Complaints

If you have concerns or complaints about how SpotCheck Academy handles your personal data, please contact us in the first instance so we can try to resolve the issue. You also have the right to raise concerns with the Information Commissioner’s Office (ICO), the UK regulator for data protection, via www.ico.org.uk.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our courses, technology, legal requirements or regulatory guidance. The latest version will always be available on the SpotCheck Academy website, and significant changes may be notified by email or through platform messages.

By enrolling on SpotCheck Academy courses or using our learning platforms, you acknowledge this Privacy Policy as part of the overall governance framework supporting our mission: protecting patients, educating practitioners and reducing the risk of harm from cosmetic treatment of undiagnosed skin lesions.