GDPR & Data Protection
Our commitment to data protection under the UK GDPR, EU GDPR and India’s DPDPA — including your rights, our roles, cookies and international transfers.
Last updated June 2026 · Recolearn Limited1. Our commitment
Recolearn is built privacy-first. We help our customers comply with the GDPR and DPDPA by giving them control over learner data, clear processing terms, and the tools to honour data-subject requests.
2. Controller & processor roles
| Scenario | Controller | Processor |
|---|---|---|
| recolearn.com visitors & leads | Recolearn | Our vendors |
| An academy’s learners & content | The academy (our customer) | Recolearn |
When we act as a processor, we only process data on the customer’s documented instructions under a Data Processing Agreement (DPA).
3. Lawful bases for processing
- Contract — to deliver the platform you signed up for.
- Consent — for marketing and non-essential cookies.
- Legitimate interests — security, fraud prevention and product improvement.
- Legal obligation — tax, accounting and regulatory requirements.
4. Your data-subject rights
You have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Erase your data (“right to be forgotten”).
- Restrict or object to processing.
- Data portability — receive your data in a portable format.
- Withdraw consent at any time.
- Lodge a complaint with a supervisory authority (e.g. the UK ICO).
5. Data Processing Agreement & sub-processors
Customers can sign our DPA, which incorporates Standard Contractual Clauses where needed. We maintain a list of sub-processors (hosting, payments, messaging, analytics, AI) and notify customers of material changes so they can object.
6. International data transfers
Personal data may be processed in the UK, EU and India. For cross-border transfers we rely on adequacy decisions, Standard Contractual Clauses (SCCs) and the UK IDTA, plus technical safeguards like encryption.
7. Cookie categories
| Category | Purpose | Consent |
|---|---|---|
| Essential | Security, sessions, load balancing | Always on |
| Analytics | Understand usage to improve the product | Optional |
| Marketing | Relevant offers and remarketing | Optional |
Manage your choices any time via the cookie banner or your browser settings.
8. India — DPDPA 2023
For Indian users, we follow the Digital Personal Data Protection Act: clear notice and consent, purpose limitation, and the ability to access, correct and erase data. Guardian consent is required for processing children’s data.
9. Breach notification
In the unlikely event of a personal-data breach, we notify affected customers without undue delay and, where required, the relevant supervisory authority within 72 hours.
10. Contact our Data Protection team
For any data-protection matter, contact our team at info@recolearn.com, or write to Recolearn Limited, The Long Lodge, 265–269 Kingston Road, Wimbledon, London SW19 3NW.
Questions about this document? Email info@recolearn.com or write to our UK or India office (addresses in the footer).