Privacy Policy
Last Updated: 22 June 2026
Azhar Academy ("we", "us", or "our") is a registered charity in England and Wales. We operate our website and our mobile application (the "App"). We are committed to protecting and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website or App. Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.
1. Important Information and Who We Are
Data Controller
For the purposes of UK data protection law, Azhar Academy is the "data controller" of the personal data collected through our website and App. This means we are responsible for deciding how and why your data is processed.
Contact Details
If you have any questions about this Privacy Policy, including any requests to exercise your legal data rights, please contact us using the details below:
- Registered Charity Name: Azhar Academy
- Email Address: azharacademyblton@gmail.com
-
Mailing Address:
Azhar Academy Bolton (Devonshire Education Centre)
20 Devonshire Road, Heaton, Bolton
Lancashire, England, BL1 4PG
2. The Data We Collect About You
"Personal data" means any information about an individual from which that person can be identified. We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped together as follows:
- Identity Data: Includes username, first name, last name, or similar identifiers created when you register an account.
- Contact Data: Includes your email address.
- Technical Data: Includes your internet protocol (IP) address, login data, device ID, mobile operating system and platform, browser type, and time zone setting.
- Usage Data: Includes information about how you navigate and use our website, App, and services.
- Notification Data: Includes unique device push tokens required to deliver push notifications to your mobile device.
- Financial Transaction Data: Includes details about payments made by you through our services (e.g., donation or payment amounts, timestamps, and payment success status). Note that we do not store raw credit card numbers on our infrastructure (see Section 5).
3. How We Collect Your Personal Data
We use different methods to collect data from and about you, including:
- Direct Interaction: You give us your Identity and Contact data by filling in forms or creating an account using your email address and a password within the App or website.
- Automated Technologies: As you interact with our website or App, we automatically collect Technical and Usage data about your equipment and browsing patterns using cookies, server logs, and software development kits (SDKs).
- Third Parties: We receive technical information from push notification frameworks and payment processors when transactions are updated.
4. How We Use Your Personal Data and Our Legal Basis
We will only use your personal data when the law allows us to. Under the UK GDPR, the lawful bases we rely on for processing this information are:
- Performance of a Contract: Necessary to provide the account services and App functionalities you request.
- Legitimate Interests: Necessary for our legitimate organisational interests (e.g., maintaining system security, tracking app stability, and analysing usage to improve our charitable offerings), provided your fundamental rights do not override those interests.
- Legal Obligation: Necessary to comply with UK legal or regulatory requirements (such as financial reporting or charity regulations).
| Purpose / Activity | Type of Data | Lawful Basis for Processing |
|---|---|---|
| To register you as a user and create your account | Identity, Contact | Performance of a contract |
| To send you critical transactional or functional updates | Identity, Contact | Performance of a contract |
| To send operational or informative push notifications | Notification, Device ID | Performance of a contract / Legitimate Interests |
| To process donations or payments via third parties | Identity, Contact, Financial Transaction | Performance of a contract |
| To monitor app performance, debug crashes, and maintain security | Technical, Usage | Legitimate Interests (System stability and data security) |
| To evaluate app engagement and improve user experience | Technical, Usage | Legitimate Interests (Optimising our digital services) |
5. Third-Party Services & Payment Processing
To effectively deliver our services, we integrate vetted third-party tools. These providers process data only on our instructions:
Push Notifications
We utilise Expo and Firebase frameworks to generate unique device tokens and transmit transactional or informational push notifications to your device. You can manage your notification preferences directly through your mobile device settings at any time.
Performance Analytics & Crash Reporting
- Google Analytics (GA): Used to analyse aggregated website and app traffic data to understand user behaviour patterns.
- New Relic: Used to monitor real-time server and app performance, helping us rapidly identify and resolve technical issues, application crashes, or system bottlenecks.
Secure Payment Processing
All financial transactions are handled securely through our third-party payment gateway, Stripe (which includes processing for Apple Pay, and Google Pay integrations).
- When you make a payment, your payment card details are provided directly to Stripe.
- We do not collect, process, or store your raw credit or debit card numbers on our infrastructure.
- Stripe's use of your personal data is governed by their independent privacy policy, which adheres to strict PCI-DSS safety standards.
6. Where Your Data is Kept (International Data Transfers)
The personal data we collect is hosted and stored securely within infrastructure located inside the United Kingdom (UK) and the European Union (EU).
Some of our third-party partners (such as analytics or notification distribution networks) may occasionally route or process metadata outside of the UK or EEA. Where these transfers occur, we ensure standard contractual frameworks approved by the UK government are utilised to enforce equivalent data protection safeguards.
7. Data Security and Retention
Security
We have established rigorous security measures to protect your personal data from accidental loss, alteration, unauthorised disclosure, or access. Account access is heavily protected using industry-standard email and password encryption hashes.
Retention
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including any legal, accounting, or statutory charity reporting requirements under UK law.
8. Your Legal Rights
Under UK data protection law, you hold comprehensive rights regarding your personal data:
- Right of Access: You can request a copy of the personal data we hold about you.
- Right to Rectification: You can request that we correct any inaccurate or incomplete personal information.
- Right to Erasure ("Right to be Forgotten"): You can request that we delete your account and associated personal data under certain conditions.
- Right to Restrict or Object to Processing: You can object to us processing your data under legitimate interests or request a temporary halt to processing.
- Right to Data Portability: You can request the transfer of your structured digital data to another service provider.
To exercise any of these rights, please contact our team directly at azharacademyblton@gmail.com.
Right to Complain
You retain the right to lodge a complaint at any time with the Information Commissioner's Office (ICO), the UK's independent data protection regulatory authority (www.ico.org.uk). We would, however, highly appreciate the opportunity to resolve your technical or privacy concerns directly before you make an official approach to the ICO.
