Ocean of Islam
Student Portal
Legal

Privacy Policy

How we collect, use, and protect your personal information when you use this website or enrol in a course.

Last updated: 24 May 2026

1. Who we are

Ocean of Islam ("we", "us", "our") provides Islamic education, translation, marriage, and pilgrimage services. You can contact us at info@oceanofislam.uk.

2. What personal data we collect

We collect personal data only when you actively provide it. The categories of data we may collect are:

  • Website enquiries: name, email address, subject, and message content submitted via our contact form.
  • Course enrolment: name, email address, phone number, age group, educational background, and any other information provided when registering for a course (including via Google Forms or the student portal).
  • Student portal account: login credentials and activity on the student portal ( courses.oceanofislam.uk ), managed by our student portal provider.
  • Payment information: billing details processed securely by our payment provider, Stripe. We do not store card or bank details ourselves.
  • Attendance & academic records: attendance, assessment results, feedback, and progress notes held for enrolled students during and after the course period.
  • Communications: messages sent to us via email, WhatsApp, or Telegram for course support and administration.
  • Parental / guardian consent forms: for students aged 14–17, we collect the name and contact details of a parent or guardian.

We do not currently use cookies, tracking pixels, or third-party analytics on this website. If we add analytics in future, this policy will be updated and a cookie banner shown where required.

3. Why we collect it

We use your personal data to:

  • Respond to enquiries and provide the services you have requested
  • Process course enrolment and manage your student account
  • Process payments and issue receipts or refunds
  • Maintain attendance records and provide academic feedback
  • Send course-related communications (timetables, updates, resources)
  • Fulfil our safeguarding obligations, including for under-18 students
  • Comply with our legal obligations under UK law

4. Legal basis (UK GDPR)

We process your personal data on the following legal bases under UK GDPR:

  • Contract: processing necessary to deliver the course you have enrolled in.
  • Consent: where you have actively provided information (e.g. submitting a contact form or interest survey).
  • Legitimate interests: responding to enquiries, maintaining academic records, and communicating with enrolled students about their studies.
  • Legal obligation: safeguarding duties in respect of students under 18.

5. Where your data is stored and shared

Your data may be held by the following services acting as processors on our behalf, all of which are GDPR-compliant:

  • Netlify — website hosting and contact form submissions (servers in EU/US).
  • Student portal provider — learner accounts, course materials, and progress data for enrolled students.
  • Stripe — payment processing; card data is handled entirely by Stripe and is not stored by us.
  • Google Workspace — email communications and course administration documents.
  • Zoom — live lesson delivery; please note that we do not record sessions, but Zoom's own privacy policy applies to your use of the platform.

We do not sell, rent, or trade your personal data with any third party for marketing purposes. Student data is never shared with external parties without your consent, except where required by law (for example, safeguarding disclosures).

6. How long we keep your data

Contact form submissions are retained for as long as needed to respond to your enquiry plus a reasonable follow-up period, after which they are securely deleted.

Student enrolment records, attendance logs, and academic results are retained for a period of up to 5 years following the end of the course, in line with our legitimate interest in providing references and certificates. Payment records are retained for 6 years as required by HMRC regulations.

7. Data relating to students under 18

Where a student is under 18, we also hold the name and contact details of their parent or guardian. This information is used solely for safeguarding and emergency contact purposes. It is not used for marketing and is not shared with third parties.

We take particular care with data relating to minors and apply stricter access controls to these records.

8. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of your data (subject to legal obligations)
  • Object to or restrict certain types of processing
  • Withdraw consent at any time (where processing is consent-based)
  • Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

To exercise any of these rights, contact us at info@oceanofislam.uk. We will respond within 30 days.

9. Third-party links

Our site links to external services including the student portal, payment pages (Stripe), booking pages (YouCanBookMe), and social media platforms. Each has its own privacy policy; we are not responsible for their data practices.

10. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. Course administrators are the only staff with access to student records. In the event of a data breach that poses a risk to individuals, we will notify the ICO within 72 hours as required by UK GDPR.

11. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision. Significant changes will be communicated to enrolled students by email.

12. Contact

For any privacy-related questions, contact us at info@oceanofislam.uk.