Privacy Policy

Privacy Policy

Common Space Project

Last Updated: January 2026

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform, whether accessed via mobile app or desktop website.

By using Common Space, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you register for Common Space, we collect:

• Full name
• Email address
• Phone number (optional)
• Date of birth
• Password (encrypted)

2.2 Educational and Professional Information

To support your learning journey and RAL assessment, we collect:

• Employment history and current role
• Work experience details
• Industry certifications and qualifications
• Portfolio evidence submissions (documents, images, videos)
• Learning outcomes and assessment records
• Reflective writing and coursework
• Attendance records for live classes

2.3 Payment Information

• Subscription payment details are processed through Stripe
• We do not store full payment card details on our servers
• We retain transaction history for accounting purposes

2.4 Technical Information

We automatically collect:

• Device type and operating system
• Browser type and version
• IP address and location data
• Usage patterns and navigation paths
• Time spent on platform sections
• Login timestamps

2.5 Communications

• Messages exchanged with tutors and support staff
• Forum posts and community interactions
• Survey responses and feedback
• Customer service correspondence

3. How We Use Your Information

3.1 Educational Purposes

• Delivering your chosen courses and qualifications
• Assessing your RAL portfolio submissions
• Providing personalized learning support
• Tracking your academic progress
• Issuing certificates and qualifications

3.2 Platform Operations

• Managing your subscription and payments
• Providing customer support
• Scheduling live synchronous classes
• Facilitating peer learning communities
• Improving platform functionality

3.3 Accreditation and Compliance

• Sharing necessary information with awarding bodies (City & Guilds, ILM)
• Meeting regulatory requirements for educational providers
• Maintaining academic records and audit trails
• Verifying eligibility for Advanced Learner Loans

3.4 Communications

• Sending course updates and educational content
• Providing technical support and platform notifications
• Sharing relevant opportunities and resources
• Marketing communications (with your consent)

4. Legal Basis for Processing (UK GDPR)

We process your personal data under the following lawful bases:

- Contract Performance: Processing necessary to deliver educational services you've subscribed to

- Legal Obligation: Compliance with educational regulations and awarding body requirements

- Legitimate Interests: Platform improvement, fraud prevention, and business operations

- Consent: Marketing communications and optional data uses (you may withdraw consent anytime)

5. Sharing Your Information

5.1 Awarding Bodies

We share relevant assessment data with:

• City & Guilds
• Institute of Leadership & Management (ILM)
• Other accrediting partners

This sharing is essential for qualification certification and quality assurance.

5.2 Service Providers

We work with trusted third-party providers who process data on our behalf:

• Payment processing (Stripe)
• Email communications
• Cloud hosting and data storage
• Learning Management System providers
• Analytics and performance monitoring

All service providers are bound by data protection agreements.

5.3 Legal Requirements

We may disclose information when required by law, court order, or to:

• Protect our legal rights
• Prevent fraud or security threats
• Comply with regulatory investigations
• Safeguard student welfare

5.4 Business Transfers

If Common Space merges with or is acquired by another organization, your data may transfer to the new entity under equivalent privacy protections.

6. Data Retention

We retain your personal information for:

- Active Students: Duration of enrollment plus 6 years (standard educational records retention)

- Course Materials: 6 years after completion (to support certification verification)

- Financial Records: 7 years (HMRC requirements)

- Marketing Consent: Until you withdraw consent or 2 years of inactivity

After retention periods expire, we securely delete or anonymize your data.

7. Your Rights

Under UK GDPR, you have the right to:

7.1 Access

Request a copy of all personal data we hold about you

7.2 Rectification

Correct inaccurate or incomplete information

7.3 Erasure ("Right to be Forgotten")

Request deletion of your data (subject to legal retention requirements)

7.4 Restriction

Limit how we process your data in certain circumstances

7.5 Portability

Receive your data in a machine-readable format

7.6 Object

Object to processing based on legitimate interests or for marketing purposes

7.7 Withdraw Consent

Withdraw consent for marketing or optional processing at any time

To exercise these rights, contact us at privacy@commonspaceproject.org

We will respond within 30 days. If your request affects your qualification progress or certification, we will clearly explain any implications.

8. Data Security

We implement robust security measures:

- Encryption: Data encrypted in transit (SSL/TLS) and at rest

- Access Controls: Role-based access with authentication requirements

- Regular Backups: Secure, encrypted backup systems

- Security Audits: Regular vulnerability assessments

- Staff Training: All personnel trained in data protection

- Incident Response: Protocols for breach detection and notification

While we maintain industry-standard security, no internet transmission is completely secure. You are responsible for maintaining the confidentiality of your login credentials.

9. International Data Transfers

Your data is primarily stored and processed within the United Kingdom. If we transfer data outside the UK/EEA, we ensure:

• Adequate protection through UK GDPR-approved mechanisms
• Standard contractual clauses with service providers
• Equivalent data protection standards

10. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your login session
• Remember your preferences
• Analyze platform usage
• Improve user experience

You can control cookie settings through your browser, though this may limit platform functionality.

For detailed information, see our separate Cookie Policy.

11. Children's Privacy

Common Space is designed for adults aged 24+. We do not knowingly collect information from individuals under 18. If we discover such data, we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy to reflect:

• Platform developments
• Legal or regulatory changes
• Feedback and best practices

We will notify you of significant changes via email or prominent platform notice. Continued use after changes indicates acceptance.

13. Complaints

If you're concerned about how we handle your data, you have the right to lodge a complaint with:

Information Commissioner's Office (ICO)

Website: ico.org.uk

Helpline: 0303 123 1113

We encourage you to contact us first so we can address your concerns directly.

14. Contact Us

Data Protection Officer

Common Space Project

Email: privacy@commonspaceproject.org

For general enquiries: support@commonspaceproject.org

________________________________________________________________________________

Your privacy matters to us. Common Space is built on principles of trust, dignity, and respect for working-class knowledge and experience. We are committed to protecting your personal information with the same care we bring to recognizing your professional competence.