Coseng LearnLearn

Privacy Policy

Coseng Learn — learn.coseng.co.uk

Last updated: 22 May 2026

1. Who We Are

This Privacy Policy applies to Coseng Learn (learn.coseng.co.uk), an online training platform operated by Coseng Limited, trading as Coseng Training Academy.

Data Controller: Coseng Limited
Registered address: Quorum Business Park, Newcastle Upon Tyne, NE12 8BU
Company number: 13071013
ICO registration: ZB68312
Email: privacy@coseng.co.uk

We are registered with the Information Commissioner's Office (ICO) as a data controller. We are committed to protecting your personal data and handling it in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

Account Data

  • Full name and email address (provided at registration)
  • Password (stored as a one-way cryptographic hash — we cannot read it)

Payment Data

Payments are processed securely by Stripe, Inc. We do not store your card number, CVV, or full payment details. We receive only a confirmation of successful payment and a transaction reference. Stripe's privacy policy is available at stripe.com/gb/privacy.

Learning Data

  • Courses you are enrolled on
  • Lesson progress and completion records
  • CPD certificates issued to you

Technical Data

  • Session tokens (stored in an encrypted cookie to keep you logged in)
  • Standard server logs (IP address, browser type, pages visited) retained for up to 90 days for security purposes

We do not use advertising cookies, tracking pixels, or third-party analytics on this platform. The only cookie we set is an essential session cookie required to keep you logged in.

3. How We Use Your Data

We use your personal data for the following purposes:

  • Providing the service — creating and managing your account, giving you access to courses you have purchased, issuing your CPD certificate on completion. Lawful basis: performance of a contract.
  • Processing payments — verifying and recording your purchase. Lawful basis: performance of a contract.
  • Communications — responding to your enquiries, sending transactional emails (e.g. enrolment confirmation, password reset). Lawful basis: performance of a contract / legitimate interests.
  • Security and fraud prevention — monitoring for suspicious activity and protecting our systems. Lawful basis: legitimate interests.
  • Legal compliance — retaining financial records as required by HMRC and applicable legislation. Lawful basis: legal obligation.

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

4. Data Sharing

We share your data with the following third parties only where necessary:

  • Stripe, Inc. — payment processing. Data is transferred under standard contractual clauses in compliance with UK GDPR.
  • Amazon Web Services (AWS) — secure video storage and delivery (AWS S3, eu-west-2 region, United Kingdom).
  • Vercel, Inc. — website hosting and deployment infrastructure.
  • MongoDB, Inc. — cloud database hosting for account and learning data.

We do not sell, rent, or share your personal data with any third party for marketing purposes.

5. Data Retention

  • Account and learning data: Retained for the lifetime of your account. If you request deletion, we will erase your data within 30 days, except where we are required to retain it by law.
  • Financial records: Retained for 7 years in compliance with HMRC requirements.
  • Session tokens: Expire after 30 days of inactivity.
  • Server logs: Retained for 90 days.

6. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access — request a copy of the data we hold about you.
  • Right to rectification — ask us to correct inaccurate data.
  • Right to erasure — request deletion of your data (“right to be forgotten”), subject to legal retention obligations.
  • Right to restriction — ask us to limit how we process your data in certain circumstances.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests.

To exercise any of these rights, please email privacy@coseng.co.uk. We will respond within one calendar month.

7. Cookies

We use one essential cookie: a session cookie (learn_session) that keeps you logged in. This cookie is strictly necessary for the platform to function and cannot be disabled without logging you out.

We do not use Google Analytics, Facebook Pixel, or any other tracking or advertising cookies.

8. Children's Privacy

Our platform is intended for users aged 16 and over. We do not knowingly collect personal data from children under 16. If you believe a child has registered without parental consent, please contact us at privacy@coseng.co.uk and we will delete the account promptly.

9. Complaints

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the UK's supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113

We would, however, appreciate the chance to address your concern first — please contact us at privacy@coseng.co.uk before escalating to the ICO.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users by email if we make material changes. The date at the top of this page shows when it was last updated.

View Terms & Conditions →