Last updated: January 2025
Data Controller: Emnek Digital Limited, England, United Kingdom
Contact: support@emneklms.com
1. Our Commitment
Emnek Digital Limited ("we", "us", "our") is committed to protecting the privacy and security of your personal data. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This page explains how we handle your data and your rights as a data subject.
2. What Data We Collect
When you use EmnekLMS, we may collect and process the following personal data:
- Account information: Name, email address, phone number, profile image
- Learning data: Course progress, quiz scores, assignment submissions, certificates earned
- Payment data: Processed securely via Stripe — we do not store card numbers
- Usage data: Pages visited, features used, login timestamps
- AI feature data: Chat conversations with AI assistant, CV uploads (processed in memory only, not stored), quiz generation inputs
- Communication data: Support messages, feedback submitted
3. Lawful Basis for Processing
We process your data under the following lawful bases:
- Contract: To provide the LMS service you signed up for (course delivery, progress tracking, certificates)
- Legitimate Interest: To improve our platform, prevent fraud, and provide customer support
- Consent: For marketing emails, non-essential cookies, and AI feature usage
- Legal Obligation: To comply with tax, accounting, and regulatory requirements
4. Your Rights Under GDPR
As a data subject, you have the following rights:
You can exercise any of these rights by emailing support@emneklms.com. We will respond within 30 days.
- Right of Access (Article 15): Request a copy of all personal data we hold about you
- Right to Rectification (Article 16): Request correction of inaccurate personal data
- Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten")
- Right to Restrict Processing (Article 18): Request we limit how we use your data
- Right to Data Portability (Article 20): Request your data in a machine-readable format
- Right to Object (Article 21): Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
5. Data Retention
We retain your personal data only for as long as necessary:
- Account data: Retained while your account is active, deleted within 30 days of account closure
- Learning records: Retained for 3 years after last activity for certificate verification purposes
- Payment records: Retained for 7 years as required by UK tax law
- AI-processed data (CV uploads): Not stored — processed in memory only and discarded immediately after generation
- Chat conversations: Retained for 12 months for service improvement, then anonymised
6. Data Sharing and Transfers
We may share your data with:
- Amazon Web Services (AWS): Cloud hosting provider (data stored in EU/UK region)
- Stripe: Payment processing (PCI DSS compliant)
- Course instructors: Limited to enrolled student names and progress for courses you've joined
We do not sell your personal data to third parties. Where data is transferred outside the UK, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).
7. Data Security
We implement appropriate technical and organisational measures to protect your data:
- SSL/TLS encryption for all data in transit
- Encrypted database storage at rest
- Access controls and least-privilege IAM policies
- Regular security reviews and monitoring
- Secure password hashing (bcrypt)
8. AI Features and Data Processing
Our AI-powered features (CV Optimizer, AI Assistant, Quiz Generation) process data as follows:
- CV files are processed in memory only and are never stored on our servers
- AI conversations may be retained for service improvement but are anonymised after 12 months
- AI processing is performed via Amazon Bedrock within the EU-West-2 region
- You can opt out of AI features at any time
9. Cookies
We use cookies to provide essential site functionality and, with your consent, to improve your experience. See our full Cookie Policy for details.
10. Children's Data
EmnekLMS is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.
11. Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay.
12. Complaints
If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
13. Contact Us
For any data protection queries or to exercise your rights: