Privacy Policy
Last Updated: 17 April 2026
1. Introduction
DMR EthicsAI ("we," "our," "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website at drm-ethicsai.site (the "Website") and our AI ethics training services (the "Services").
This Privacy Policy complies with UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and Privacy and Electronic Communications Regulations (PECR).
Data Controller:
- Trading Name: EthicsAI by DMR Group / DMR EthicsAI
- Location: Northern Ireland, United Kingdom
- ethicai@drmgroup.uk
- drm-ethicsai.site
2. Information We Collect
2.1 Personal Information You Provide
Registration and Account Information:
- Full name, email address, job title and role
- Organization name, phone number (optional), country/location
- Password (encrypted)
Payment Information:
- Billing name and address
- Payment card details (processed securely by Stripe - we do not store full card details)
- Transaction history and invoice information
Course and Learning Information:
- Course enrollment and completion data
- Learning progress and quiz results
- Certificate achievements
2.2 Information We Collect Automatically
- IP address, browser type and version, operating system
- Device type, screen resolution, time zone setting
- Pages visited, time and date of visits, referring website
- Course viewing patterns and platform interactions
3. Legal Basis for Processing (UK GDPR)
Contract Performance:
Provide access to courses, process payments, deliver customer support.
Legitimate Interests:
Website security, improving services, marketing to existing customers (with opt-out).
Consent:
Marketing emails to non-customers, optional cookies, testimonials. You may withdraw consent at any time.
Legal Obligation:
Comply with tax regulations, respond to legal requests, prevent fraud.
4. How We Use Your Information
- Service Delivery: Create accounts, provide course access, track progress, process payments
- Communication: Send course updates, respond to inquiries, provide support
- Marketing: Send promotional emails (with consent or legitimate interest), share relevant content
- Analytics: Analyze usage patterns, identify improvements, generate anonymized statistics
- Security: Detect fraud, protect against unauthorized access, monitor for threats
5. How We Share Your Information
We do not sell your personal data to third parties.
Service Providers:
- Stripe: Payment processing and fraud prevention
- Vercel: Website hosting
- Supabase: Database and authentication
Legal Requirements:
We may disclose information to comply with legal obligations or protect rights.
6. Data Security
- SSL/TLS encryption for data transmission
- Encrypted storage of sensitive data
- Secure password hashing
- Regular security updates and patches
- Limited access to personal data (need-to-know basis)
- Payment security via Stripe (PCI DSS Level 1 certified)
7. Data Retention
- Active Accounts: Data retained while your account is active
- Inactive Accounts: After 24 months of inactivity, we may delete or anonymize data
- Financial Records: 7 years (UK tax law requirement)
- Marketing Data: Until you withdraw consent or 3 years of inactivity
8. Your Rights Under UK GDPR
Right of Access
Request a copy of your personal data. Response within 30 days.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data ("Right to be Forgotten").
Right to Data Portability
Request your data in a machine-readable format (CSV, JSON).
Right to Object
Object to processing for direct marketing or legitimate interests.
Right to Lodge a Complaint
Contact the Information Commissioner's Office (ICO) at ico.org.uk or call 0303 123 1113.
To exercise any of these rights, email us at ethicai@drmgroup.uk.
9. Children's Privacy
Our Services are not intended for children under 18 years of age. We do not knowingly collect personal data from children under 18. If we discover we've collected data from a child under 18, we will delete it immediately.
10. Cookies
We use cookies and similar technologies to enhance your experience. For full details, see our Cookies Policy.
11. Updates to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified via email and displayed on our Website. Changes will be effective 30 days after notification.
12. Contact Us
Privacy Questions
- ethicai@drmgroup.uk
- drm-ethicsai.site
- Northern Ireland, United Kingdom
Response time: General questions 2-3 business days, Data subject requests 30 days.
Version: 1.0