Privacy Policy

We collect the minimum data needed to run our courses: account details, course preferences, and communications. We never sell your data.

Data controller: Shadowbrook Drawing Ltd, London, UK.
Lawful bases: contract, consent, and legitimate interests.
Retention: limited to course and legal requirements.
Your rights: access, rectify, erase, restrict, object, data portability.
Cookies: necessary cookies run by default; analytics/marketing are optional.

At a glance

We use your data to run classes, process bookings, and support you. No sale of data.

Your control

Use “Exercise your rights” to request or delete your data. Manage cookies anytime.

Contact

[email protected] • +44 20 3984 7261

1. Information we collect

We collect the minimum personal information necessary to provide courses and operate our school:

Account details: name, email address, password hash, and contact phone (optional).
Course and booking data: classes you view or book, waitlist status, attendance, workshop preferences.
Communications: emails, messages, and feedback you send us.
Technical data: IP address, device and browser information, time zone and basic diagnostics for security and fraud prevention.
Payment metadata: billing amount, status, and tokenised references processed by our payment provider. We do not store full card numbers.

We do not intentionally collect special category data. Please avoid sharing sensitive information unless we specifically request it.

2. How we use information

We use your data to:

Provide and manage courses, bookings, certificates and student support.
Respond to enquiries and provide customer service.
Improve classes, curriculum and site performance.
Protect our services, including fraud detection, security and legal compliance.
Send service messages. Marketing emails are opt‑in and include an unsubscribe link.

Lawful bases: contract (to provide classes you request), consent (for optional cookies/marketing), legitimate interests (site security, service improvement), and legal obligation (tax and accounting).

3. Cookies

We use necessary cookies to make the site work and optional cookies for analytics and marketing. You can accept, reject or customise via the cookie banner or the “Cookie settings” button. Your choices are stored for up to 6 months and you can change them anytime.

Necessary: security, session and consent storage. Always on.
Analytics: helps us understand site usage. Off by default.
Marketing: personalisation and ads. Off by default.

If your browser sends a Do Not Track signal, we treat optional cookies as declined.

4. Sharing

We share data with service providers acting under our instructions and data processing agreements. Typical recipients:

Payment processing and fraud prevention.
Email delivery and support systems.
Website hosting and content delivery.
Analytics (only if you consent).

We do not sell your personal data.

5. International transfers

Where data is transferred outside the UK, we use UK GDPR‑approved safeguards such as the UK Addendum to the EU Standard Contractual Clauses or a UK International Data Transfer Agreement, plus additional technical and organisational measures.

6. Data retention

We keep personal data only as long as necessary for the purposes described:

Account and booking records: 6 years after your last transaction (tax and accounting).
Support communications: up to 24 months.
Analytics (if consented): 26 months or less.

After these periods, we delete or irreversibly anonymise the data.

7. Your rights

You have the right to access, rectify, erase, restrict processing, object to processing, and data portability. You can also withdraw consent at any time. To exercise your rights, use the “Exercise your rights” button or contact us at [email protected].

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO). We would appreciate the chance to address your concerns first.

8. Contact

Data Controller: Shadowbrook Drawing Ltd, London, United Kingdom.

Email: [email protected] • Phone: +44 20 3984 7261

We aim to respond to privacy enquiries within 30 days.

9. Children

Our services are intended for adults and older teens with parental consent where required. If you believe a child under 13 has provided personal data without consent, contact us and we will delete it.

10. Security

We use encryption, access controls, and least‑privilege principles to protect your information. No online service can be 100% secure, but we continuously improve our measures.

11. Automated decision‑making

We do not use automated decision‑making that produces legal or similarly significant effects.

12. Changes

We will update this policy as needed and note the effective date above. Significant changes will be communicated via the website or email.