Privacy Policy

Last updated: September 1, 2025

1. Introduction

Bolingo English Academy Ltd. (“Bolingo”, “we”, “our”, or “us”), a company established in London, England, is committed to protecting your privacy and handling your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the UK GDPR (as incorporated into UK law by the Data Protection Act 2018).

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website and services (the “Services”). By using our Services, you acknowledge you have read and understood this Policy.

2. Data Controller & Contact Information

Data Controller:
Bolingo English Academy Ltd.
London, England
📧 [email protected]

If you are located in the EEA, we may appoint an EU representative to act as a point of contact for data-protection matters.

3. Categories of Personal Data We Collect

  • Identity Data: name, date of birth (if provided), nationality.
  • Contact Data: email address, phone number, billing/shipping address.
  • Account Data: login credentials, profile settings, course enrolments and progress.
  • Payment Data: card/payment details (processed by PCI-DSS compliant providers such as Stripe/PayPal; we do not store full card numbers).
  • Technical Data: IP address, device identifiers, browser type/version, operating system.
  • Usage Data: pages viewed, features used, time spent, referral source.
  • Marketing Data: communication and cookie/consent preferences.
  • Support Data: content of support requests, survey responses, or feedback.

4. Lawful Bases for Processing

We process your personal data under one or more of the following bases:

  1. Performance of a Contract – to create your account, provide courses, process payments, and deliver customer support.
  2. Legal Obligation – to meet tax, accounting, and regulatory requirements.
  3. Legitimate Interests – to improve Services, ensure security, prevent fraud/abuse, and market similar services to existing users (you can opt out at any time).
  4. Consent – for non-essential cookies/analytics and for sending marketing to new subscribers. You may withdraw consent at any time via your account, cookie banner settings, or by contacting [email protected]

5. How We Use Your Personal Data

  • Operate and improve the website and LMS.
  • Authenticate logins and secure accounts.
  • Process payments and manage subscriptions/enrolments.
  • Provide learner support and communicate important updates.
  • Personalise content and measure course performance/analytics.
  • Detect, prevent, and address fraud, abuse, or security incidents.
  • Comply with legal and contractual obligations.

6. Sharing Your Personal Data

We do not sell your personal data. We may share it with:

  • Service Providers/Processors: hosting, LMS, video delivery, email/SMS providers, analytics, payment processors, customer support tools—bound by data-processing agreements.
  • Authorities: where required by law, court order, or to enforce our terms and protect rights.
  • Business Transfers: as part of a merger, acquisition, financing, or asset sale (with appropriate safeguards).

7. International Data Transfers

Because we use global service providers, your data may be transferred outside the UK/EEA. We ensure appropriate safeguards, including:

  • EU Standard Contractual Clauses (SCCs) for EEA transfers, and
  • The UK International Data Transfer Addendum (IDTA) or UK Addendum to the SCCs for UK transfers.
    Where applicable, we implement supplementary measures consistent with EDPB/ICO guidance. You may request a copy of relevant transfer safeguards via [email protected]

8. Data Retention

We keep personal data only as long as necessary for the purposes set out in this Policy (e.g., while you have an account), to resolve disputes, and to comply with legal obligations (e.g., statutory tax/accounting retention). When no longer needed, data is securely deleted or anonymised.

9. Your Rights (GDPR/UK GDPR)

You have the right to:

  • Access your personal data and obtain a copy.
  • Rectify inaccurate or incomplete data.
  • Erase data in certain circumstances (“right to be forgotten”).
  • Restrict processing in certain circumstances.
  • Object to processing based on legitimate interests and to direct marketing at any time.
  • Data Portability: receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
  • Withdraw Consent where processing is based on consent.

To exercise your rights, contact [email protected]

. We will respond within one month (extendable by two months for complex requests as permitted by law).

10. Cookies & Similar Technologies

We use cookies and similar technologies to:

  • Enable site functionality and secure login (strictly necessary).
  • Perform analytics and performance measurement (non-essential; consent-based in EEA/UK).
  • Personalise content/marketing (consent-based).

You can manage preferences via our cookie banner and your browser settings. See our Cookie Policy (linked from the banner) for details on providers, purposes, and retention.

11. Security

We implement appropriate technical and organisational measures (encryption in transit, least-privilege access, MFA for admin systems, regular backups, vendor due diligence). No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

12. Children’s Privacy

Our Services are primarily intended for adult learners. If you are under 16, you must obtain parental/guardian consent before registering. We do not knowingly collect personal data from children under 16 without appropriate consent.

13. Automated Decision-Making

We do not engage in automated decision-making producing legal or similarly significant effects without human involvement. If this changes, we will provide required notices and safeguards.

14. Complaints & Supervisory Authorities

If you have concerns, please contact [email protected]

first. You also have the right to lodge a complaint with your data-protection authority:

  • UK: Information Commissioner’s Office (ICO) – ico.org.uk
  • EEA: See your national authority via the European Data Protection Board (EDPB) website.

15. Changes to This Policy

We may update this Policy from time to time. We will post the updated version with a new “Last updated” date. Material changes will be notified through the website or by email where appropriate.

16. Contact

Bolingo English Academy Ltd.
London, England
📧 [email protected]