Privacy Policy

Privacy Policy

Last updated: 7 April 2026

Resilient Sustainance Limited (“RSustain”, “we”, “us”, or “our”), trading as RSustain Academy, is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our online learning platform at academy.rsustain.co.uk.

Company Details:
Resilient Sustainance Limited
128 City Road, London EC1V 2NX
Company No. 16530947
Email: learn@rsustain.co.uk

1. Information We Collect

We collect the following categories of personal data:

  • Account Information: Your name, email address, and password when you register for an account.
  • Payment Information: Billing details processed securely through our third-party payment providers (see Section 4). We do not store your full credit or debit card details on our servers.
  • Course Enrolment Data: Records of courses you enrol in, your progress, assessment results, and certificates earned.
  • Communications: Messages you send to us via email or through the platform, including support enquiries.
  • Technical Data: IP address, browser type and version, operating system, referring URLs, pages visited, and timestamps collected automatically when you use our platform.

2. How We Use Your Data

We process your personal data for the following purposes:

  • Course Delivery: To provide access to courses, track your learning progress, issue certificates, and manage your enrolments.
  • Account Management: To create and maintain your user account and authenticate your identity.
  • Payment Processing: To process course fees and manage billing records.
  • Communications: To send you enrolment confirmations, course updates, and respond to your enquiries. We may also send occasional educational updates, from which you may unsubscribe at any time.
  • Platform Improvement: To analyse usage patterns and improve the functionality, content, and user experience of our platform.
  • Legal Compliance: To comply with applicable laws, regulations, and legal obligations.

Our lawful bases for processing under the UK GDPR are: performance of a contract (course delivery and account management), legitimate interests (platform improvement and security), consent (marketing communications), and legal obligation (regulatory compliance).

3. Cookies

Our platform uses cookies and similar technologies to:

  • Keep you signed in to your account (essential cookies).
  • Remember your preferences and settings (functional cookies).
  • Understand how you use our platform so we can improve it (analytics cookies).

You can manage your cookie preferences through your browser settings. Disabling essential cookies may affect your ability to use certain features of the platform.

4. Payment Processors

We use the following third-party payment processors to handle transactions securely:

  • Stripe – for credit/debit card payments. Stripe’s privacy policy is available at stripe.com/privacy.
  • Razorpay – for additional payment methods. Razorpay’s privacy policy is available at razorpay.com/privacy.

Your payment data is transmitted directly to these processors using industry-standard encryption. We receive only confirmation of payment and a transaction reference; we do not have access to your full card details.

5. Data Sharing

We do not sell your personal data. We may share your data with:

  • Payment processors (Stripe, Razorpay) as described above.
  • Hosting and infrastructure providers who process data on our behalf under strict data processing agreements.
  • Law enforcement or regulatory authorities where required by law.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. Specifically:

  • Account and enrolment data: Retained for the duration of your account plus 3 years after account closure, to allow certificate verification and re-access.
  • Payment records: Retained for 7 years to comply with UK tax and accounting obligations.
  • Technical and analytics data: Retained for up to 26 months.

You may request deletion of your account and associated data at any time by contacting us (see Section 9).

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encrypted data transmission (TLS/SSL), secure server infrastructure, and access controls. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Your Rights Under UK GDPR

As a data subject, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data, subject to legal retention obligations.
  • Right to Restrict Processing: Request that we limit how we use your data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at learn@rsustain.co.uk. We will respond within one month as required by law.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

9. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: learn@rsustain.co.uk
Post: Resilient Sustainance Limited, 128 City Road, London EC1V 2NX

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.