Privacy Policy

This privacy policy sets out how McArthurMorgan uses and protects any information that we may collect from you.

McArthurMorgan is committed to being compliant with the General Data Protection Regulation (GDPR) legislation and ensuring that your privacy is protected. Any personally identifiable information that we ask you to provide us with will only be used in line with this privacy policy.

This privacy policy is effective from 25th May 2018
This privacy policy was last updated: 2nd November 2019

1. Personal information we collect

Personal data and information means information about a person or entity that can be identified and does not include data where the identity as been removed (anonymous or anonimised data).

We collect, use, store and transfer different types of data about an individual or entity. This data can be grouped together into different classifications as follows:

  • Identity Data – includes title, first name, maiden name, last name, username, company name, date of birth, sex (gender) and nationality
  • Contact Data – includes billing address, postal address, email address, telephone numbers
  • Financial Data – includes bank accounts or payment card details
  • Transaction Data – includes details about payments you made to us, refunds we provided to you
  • Technical Data – includes IP addresses you used to access our services, browser type, OS and Geographical location, timezone settings, browser plugins and versions, platform used and other technical information on the technology used on devices to access our services including our websites
  • Profile Data – includes your username and password, application forms, reference ID, courses you have taken, educational history, future study plans, your interests, preferences, feedback and survey responses
  • Usage Data – includes information on how you use our websites, online course materials, and any our services we provide to you
  • Marketing and Communications Data – includes your preferences about receiving information from us, our third parties and your communication method preferences

Additionally, we collect and may share Aggregated Data such as statistics or demographics. Aggregated Data may be sourced from your personal data but is not considered personal data in law as this data does not reveal your identity. We might calculate the percentage of people showing interest by clicking a link on our website about the course timetable we are thinking of offering, for example. However, if we combine Aggregated Data with personal data so that it identifies you, we treat the combined data as personal data which will be handled in compliance with GDPR and this privacy policy.

We do not collect any data about an individuals religious or philosophical beliefs, sex life, sexual orientation, trade union membership, health or biometric data, criminal convictions, offences committed, or political opinions.

If you fail to provide personal data or decide to remove your consent for us to hold your personal data, we may not be able to perform the agreement we have together or are seeking to enter into together (for example, to provide an AAT course to you). In this case, we may have to cancel your studies with us, but we would notify you about this at the time.

2. How we collect this personal information

We use different methods to collect data.

  • When you contact us directly: online (for example, by filling out our general contact and request more information forms, social media interactions) and by email (and by attaching documents), and by phone, and in writing
  • When you enrol
  • When you subscribe to a service or publication
  • When you create an online learning account
  • When you request marketing, accounting, our AAT courses info and updates be sent to you
  • When you complete a survey
  • When you enter a competition or event signup
  • When you give feedback

Additionally, there are automated technologies and interactions when we may collect Technical Data automatically about your computer, mobile device, browser actions and patterns. We collect this data by using cookies and other similar methods. We may also receive Technical Data about you if you visit other websites that use cookies. See our section of Cookies, specifically.

Additionally we may receive personal data about you from our third party service providers (see paragraph 4 below) and Contact Data from other publicly available sources (Companies House and the Electoral Register, both based within the UK).

3. The lawful basis for processing

We have set out below the purposes we have for using personal data:

To provide classroom based educational AAT courses, and online learning AAT courses

TYPE OF DATA: Identity, Contact, Financial, Transaction, Profile, Usage, Technical, Marketing and Communications

BASIS: Performance of a contract, Necessary for our legitimate interests (to provide services)

To enrol a student with McArthur Morgan

TYPE OF DATA: Identity, Contact, Profile

BASIS: Performance of a contract

To process enrolment including managing payments, or to recover money owed

TYPE OF DATA: Identity, Contact, Financial, Transaction, Marketing and Communications

BASIS: Performance of a contract, Necessary for our legitimate interests (to recover debts)

To maintain our relationship with an individual or entity (such as notification of privacy policy changes, asking to leave a review, or respond to a survey, etc)

TYPE OF DATA:  Identity, Contact, Profile, Usage, Marketing and Communications

BASIS: Performance of a contract, Legal compliance, GDPR compliance, Necessary for  our legitimate interests (learn how we can improve how students use/access our services)

To  troubleshooting, secure, test, analyse, maintain the system, support,  report and maintain data, on all aspects of our IT including this website

TYPE OF DATA: Identity, Contact, Technical, Usage

BASIS: Necessary for our legitimate interests (to help prevent fraud, to run our business, IT security, To comply with legal obligations including GDPR

To deliver relevant online content, advertisements, promotions and understand their effectiveness

TYPE OF DATA: Identity, Contact, Profile, Usage, Marketing and Communications

BASIS: Necessary for our legitimate interests (to learn how our students and potential students access or are interested in our services, to develop and grow our business and to continually improve and make our courses relevant)

To use analytics to improve our services (including our websites), courses, online courses, student relationships with us and their experiences

TYPE OF DATA: Technical, Profile, Usage

BASIS: Necessary for our legitimate interests (to understand our student and company audiences so as to provide only relevant content, to improve the relevance of our business to them, and to improve the relevance of our business growth activities)

To make suggestions and recommendations about services and courses that may be relevant

TYPE OF DATA: Identity, Contact, Technical, Usage, Profile

BASIS: Necessary for our legitimate interests (to develop and grow our services, courses and business)

4. Sharing your information

We maintain a strict “No Spam” policy that means we do not intend to sell, rent, or otherwise give your e-mail address to a third-party without your consent unless we are required to do so by law. Your personal information will not be transferred outside of the European Economic Area (EEA).

In addition, McArthurMorgan will not send you e-mails that you have not agreed to receive. If you are a member of our Mailing List, you will be contacted with announcements, news, additions, and new products or services. You have the option of “Unsubscribing” from our Mailing List at any time, thereby disabling any further such e-mail communication from being sent to you.

We may share your personal data with the parties set out below for the purposes set out in paragraph 3.

  • Service providers acting as processors based in England & Wales who provide IT and system administration and processing services including the following:
    1. AAT
    2.  Royal Mail
    3. Parcel Force
    4. Fed Ex
    5. Google (based outside the EU for analytics provision)
    6. Trustpilot
    7. Postmark
    8. Amazon AWS
    9. Google
    10. Sticky New Media
    11. Sticky Design & Digital
    12. United Hosting
    13. Digitalocean
    14. MailChimp
    15. Campaign Monitor
    16. Rackspace
    17. Stackpoint
    18. Backblaze
    19. LinkedIn
    20. Twitter
    21. Pinterest
    22. Facebook
    23. Reed
    24. Brand Reveller
    25. ClearCourse (FLG Business Technology)
    26. WP Engine
  • Professional advisers acting as processors or joint controllers including solicitors, bankers, auditors, HR advisers and insurers.
  • HM Revenue & Customs, regulators and other authorities acting as processors or join controllers based in the UK who require reporting and processing activities.
  • Third parties to whom we sell, merge or acquire. If that happens then the new owners may use your personal data in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data in compliance with the law. We do not allow third party service providers to use your data for their own purposes but only in accordance with the purposes set out and with our instructions.

5. How we maintain your information

If you do not register for one of our courses we will delete your personal information within 1 year. If you become one of our students then your information will be kept within our system for the duration of the contract. Once your contract has ended we will archive your information hold it for a minimum of 6 years for tax and legal purposes. Twelve months later it will be permanently erased (anonymised).

To ensure that your information remains secure, McArthurMorgan uses appropriate precautions and has suitable security measures in place to keep the information you have disclosed to us secure.

McArthurMorgan reserves the right to transfer information in connection with the sale of all or part of McArthurMorgan to any third party, specifically for the purpose of maintaining any contractual obligations. Furthermore, we are not responsible for any breach of security or for any actions of any third parties that receive the information.

We have processes in place to help prevent you data becoming accidentally lost, used or accessed in an unauthorised way, altered or exposed. We limit access to those staff, tutors, third party contractors and others who have a legitimate task to perform and they themselves are subject to GDPR compliance and a duty of case.

In the event of any breach we will notify you and an appropriate regulator and comply with the law.

6. Controlling your personal information

In some circumstances you may choose to Request Erasure of your personal information. We will comply unless there is a legal reason whey we may not.

We will not provide your personal information to any third parties, except those set out in paragraph 4, unless we are required, by law, to do so.

You may request details of personal information which we hold about you by emailing us at [email protected] You will not have to pay a fee to access your personal data (or to exercise any other legal rights), however we reserve the right to charge a reasonable fee if we receive a request which is clearly unfounded, repetitive or excessive, or we may refuse to comply with your request under these conditions.

We may request specific information from you to help us validate your identity and ensure that you have the right to access the personal data you request. This is a security measure to help prevent fraud and identity theft. We may also contact you to request further information in relation to your request.

We try to respond swiftly to all valid and legitimate requests within 30 days. Occasionally it may take longer if your request if complex or if you have made multiple requests. In this case we will notify you.

If you believe that any information we are holding about you is incorrect or incomplete, please email us as soon as possible at [email protected]

7. International data transfers

We do not transfer your data outside of the EU.

8. Cookies

Cookies are small pieces of data that are transferred to your computer through your Web browser from our Web Server. A cookie cannot read data from your computer or read cookie data that may have been created from other sites

You can choose whether to accept cookies by changing the settings of your browser. Typically, by accessing the browser’s help feature you can obtain information on how to prevent your browser from accepting all cookies or to notify you when a cookie is being sent. If you choose not to accept these cookies, your experience at our website and other websites may be diminished and some features may not work as intended.

9. Cancellation Policy

Under this policy, you may cancel your purchase of the course within the period of 14 calendar days from the date on which the contract of purchase is concluded. This is called a “Cancellation Period”. Note that if you redeem your voucher during the Cancellation Period, you expressly request us to begin providing the course materials and you acknowledge that you lose your right to cancel the purchase of the course and get any refund for it.*

*Only applicable to courses purchased via

10. Links to other websites

Our website may contain links to other websites of interest. Once you have used these links to leave our site, you should note that we do not have any control over other websites and cannot be responsible for the protection and privacy of any information that you provide. Those sites are not governed by this Privacy Policy, and we urge you to check with those websites to determine their privacy policy.

Call us now on 0203 9558887