Privacy Policy

Last updated: 25 May 2025

1. Who We Are

MAHBUB HOUSING LIMITED ("we", "us", "our") is the data controller responsible for your personal data in connection with the FreshWater Academy website (the "Website"). We are registered in England and Wales under company number 17211750. Our registered office is at 89 St. Saviours Road, Birmingham, England, B8 1HN.

This Privacy Policy explains how we collect, use, store, and share your personal data when you use our Website, enrol in our free educational course, or contact us. It also explains your rights under UK GDPR and the Data Protection Act 2018.

We are committed to protecting your privacy and processing your personal data fairly, lawfully, and transparently. If you have any questions about this Privacy Policy or our data practices, please contact us using the details in Section 11 below.

2. Data We Collect

We may collect and process the following categories of personal data:

Information you provide directly:

• Identity data: first name, last name.
• Contact data: email address, telephone number.
• Communication data: messages, enquiries, and any other information you send us via our contact form or by WhatsApp.

Information collected automatically:

• Technical data: IP address, browser type and version, operating system, referring website, pages visited, time spent on pages, and other standard server log information.
• Usage data: information about how you use our Website, including your browsing patterns and interactions with our content.
• Cookie data: information stored in cookies and similar technologies on your device. See Section 10 (Cookies) for more details.

We do not collect any special categories of personal data (such as data about your health, religion, or ethnicity) or data about criminal convictions or offences.

3. How We Use Your Data

We use your personal data for the following purposes:

• Course enrolment and delivery: to process your enrolment in our free educational course and to provide you with access to course materials, updates, and related communications.
• Responding to enquiries: to respond to questions, comments, or complaints you submit via our contact form or by other means.
• Service improvement: to analyse how our Website is used and to improve its content, functionality, and user experience.
• Communications: to send you information about our educational content, updates to course materials, or other information we believe you may find relevant and useful, where you have consented to receiving such communications or where we have a legitimate interest in doing so.
• Legal compliance: to comply with our legal and regulatory obligations, including maintaining records as required by law.
• Security: to protect the security and integrity of our Website and to detect, prevent, and respond to fraudulent, abusive, or otherwise unlawful activity.

4. Legal Basis for Processing

Under UK GDPR, we are required to have a lawful basis for processing your personal data. We rely on the following legal bases:

• Consent (Article 6(1)(a)): where you have given us your clear, specific consent to process your data for a particular purpose — for example, when you tick a marketing communications opt-in box or accept non-essential cookies. You have the right to withdraw your consent at any time.
• Legitimate interests (Article 6(1)(f)): where processing is necessary for our legitimate interests (or those of a third party), provided those interests are not overridden by your interests, rights, or freedoms. Our legitimate interests include operating and improving our Website, communicating with prospective learners, preventing fraud, and ensuring the security of our systems. We carry out balancing tests to ensure our legitimate interests do not unduly impact your rights.
• Legal obligation (Article 6(1)(c)): where processing is necessary for compliance with a legal obligation to which we are subject.

5. How We Share Your Data

We do not sell your personal data to third parties. We may share your personal data in the following limited circumstances:

• Service providers: we may share your data with carefully selected third-party service providers who assist us in operating our Website and delivering our services (such as web hosting providers, email delivery services, and analytics providers). These providers act as data processors on our behalf and are contractually bound to process your data only on our instructions and in accordance with applicable data protection law.
• Legal requirements: we may disclose your personal data if required to do so by law or in response to valid requests from public authorities (e.g., courts, law enforcement agencies).
• Business transfers: in the event that we sell, transfer, or merge parts of our business or assets, your personal data may be transferred to the relevant third party. We will notify you if this occurs.
• Protecting rights: we may disclose your data where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, or violations of our Terms and Conditions.

6. Data Retention

We will retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

In determining the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the data, and whether we can achieve those purposes through other means.

As a general guide:

• Enrolment data (name, email, phone): retained for up to 3 years from the date of last engagement, unless you request deletion earlier.
• Contact form enquiries: retained for up to 2 years from the date of the enquiry.
• Website analytics data: retained for up to 26 months in an aggregated and anonymised form.
• Legal and compliance records: retained for up to 6 years in accordance with applicable UK law.

When personal data is no longer required, it will be securely deleted or anonymised.

7. Your Rights Under UK GDPR

Under UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

• Right to access: you have the right to request a copy of the personal data we hold about you (a "subject access request"). We will respond within one month of receiving your request.
• Right to rectification: you have the right to request that we correct inaccurate or incomplete personal data we hold about you.
• Right to erasure ("right to be forgotten"): you have the right to request the deletion of your personal data in certain circumstances, such as where the data is no longer necessary for the purposes it was collected, or where you withdraw consent.
• Right to restriction of processing: you have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to data portability: where processing is based on consent or contract, and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
• Right to object: you have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to processing for direct marketing, we will cease such processing immediately.
• Rights related to automated decision-making: you have the right not to be subject to decisions made solely on the basis of automated processing, including profiling, that produce legal or similarly significant effects on you. We do not currently carry out such automated decision-making.
• Right to withdraw consent: where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing carried out before the withdrawal.

To exercise any of your rights, please contact us using the details in Section 11. We may need to verify your identity before responding to your request. We will not charge a fee for responding to your request unless it is clearly unfounded, repetitive, or excessive.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection, at ico.org.uk or by calling 0303 123 1113.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. These measures include the use of secure servers, SSL/TLS encryption for data in transit, access controls, and regular security assessments.

However, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately.

9. International Transfers

We aim to keep your personal data within the United Kingdom and European Economic Area. If we transfer your personal data to third-party service providers outside the UK or EEA, we will ensure that appropriate safeguards are in place — such as the use of UK International Data Transfer Agreements (IDTAs) or equivalent mechanisms — to protect your data in accordance with UK GDPR requirements.

10. Cookies

Our Website uses cookies and similar tracking technologies to enhance your browsing experience, analyse site traffic, and understand user behaviour. A cookie is a small text file that is placed on your device when you visit a website.

We use the following types of cookies:

• Strictly necessary cookies: these are essential for the Website to function correctly. They do not collect personal information and cannot be switched off.
• Preference cookies: these allow the Website to remember choices you have made (such as your cookie consent preference, stored in localStorage under the key cookiesOk) to provide a more personalised experience.
• Analytics cookies: these help us understand how visitors interact with the Website by collecting and reporting information anonymously. This helps us improve the Website's performance and content.

When you first visit our Website, you will be shown a cookie banner asking for your consent to non-essential cookies. You can accept or decline non-essential cookies at that point. You can also control cookies through your browser settings; please refer to your browser's help documentation for instructions on how to manage cookies.

Please note that disabling certain cookies may affect the functionality of the Website and your ability to access certain features.

11. Contact Us / Data Protection Enquiries

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:

Data Controller: MAHBUB HOUSING LIMITED
Company No. 17211750
89 St. Saviours Road
Birmingham, England, B8 1HN

You can also reach us via our Contact Page or by messaging us on WhatsApp. We will endeavour to respond to all data protection enquiries within 30 days.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal obligations, or for other operational, legal, or regulatory reasons. When we make changes, we will update the "last updated" date at the top of this page. We encourage you to review this Privacy Policy periodically. Your continued use of the Website after any changes to this Privacy Policy will constitute your acknowledgement of the changes and your acceptance of the updated policy.