Política de privacidad
1. Important Information and Who We Are
Objeto del presente aviso de confidencialidad
This policy explains how Professional Animated Learning Limited (“PAL”) collects and processes personal data through our website (nailknowledge.org) and mobile application (“NailKnowledge App”). This website and app are not intended for children and we do not knowingly collect data relating to children.
It is important that you read this Privacy Notice together with any other privacy notice or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you, and our Cookies Policy. This will mean that you are fully aware of how and why we are using your data.
PAL serves as the data controller. We have appointed a data privacy manager for inquiries about this policy.
Contact Details
- Entity: PAL Limited
- Email: [email protected]
- Address: 31 Tower Rd, Burton, DE15 0NH
- Regulatory body: Information Commissioner’s Office (www.ico.org.uk)
We would appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
Third-Party Links
This website and app may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our website or app, we encourage you to read the privacy notice of every website you visit.
Your Duty to Inform Us of Changes
Es importante que los datos personales que tenemos sobre usted sean exactos y estén actualizados. Por favor, manténganos informados si sus datos personales cambian durante su relación con nosotros.
2. The Data We Collect About You
We collect several categories of personal information:
Identidad y datos de contacto – Names, addresses, email addresses, phone numbers, and information from forms, telephone conversations, competition entries, and third-party sources with permission.
Transaction Data – Purchase details, subscription information, and recorded telephone calls for customer service, staff training, and contract documentation purposes.
Datos técnicos – IP addresses, login credentials, browser information, timezone settings, operating systems, device identifiers, and device technology details.
Datos del perfil – Usernames, passwords, purchase history, learning progress, interests, preferences, feedback, and survey responses.
Datos de uso – Information about how you interact with our website, mobile app, products, and services, including lessons viewed, courses completed, and features used.
User-Generated Content – Photos you upload for AI feedback, chat messages with our AI coach, and tutorial requests.
Datos de marketing y comunicación – Preferences regarding marketing communications and communication channel preferences.
Datos agregados – Statistical or demographic information that doesn’t identify individuals. We may aggregate your Usage Data to calculate the percentage of users accessing a specific feature. However, if we combine Aggregated Data with your personal data so that it can identify you, we treat the combined data as personal data.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If You Fail to Provide Personal Data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with courses or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
3. How Personal Data Is Collected
Direct Interactions
You provide information through:
- Creating an account on our website or mobile app
- Completing forms or correspondence
- Subscribing to newsletters or marketing
- Participating in competitions or surveys
- Using AI features (coach chat, photo feedback)
- Uploading content for tutorials
- Making purchases or subscriptions
Automated Technologies
We use cookies and similar technologies for:
- Experience tracking (visitor behavior and duration)
- Security (data protection and fraud prevention)
- Service choices (signup preferences)
- Marketing campaign measurement
- Video player functionality
- Analytics and app improvement
Our cookies don’t store financial information or personal details like your name or address. You can turn cookies off, but if you do this you may not be able to use all services on our websites and you might see more pop-ups and other intrusive advertising. Disabling cookies may limit functionality.
Third-Party Sources
Data comes from:
- Analytics and advertising providers
- Search information providers
- Payment and delivery service providers
- Public sources like Companies House and the Electoral Register
4. Third-Party Data Processors
We work with trusted third-party services to provide and improve our services. Below are the services that process your data:
Website Services
| Service | Purpose | Data Shared |
| UKFast.Net Ltd (UK) | Website hosting | Technical data |
| WordPress/Automattic (Ireland, USA) | Website platform | Usage data |
| HubSpot, Inc. (Ireland, USA) | CRM services | Contact data |
Mobile App Services
| Service | Purpose | Data Shared | Política de privacidad |
| Supabase | Backend services, authentication, data storage | Account information, learning progress, uploaded content | https://supabase.com/privacy |
| Mixpanel | Analytics to improve app experience | Anonymous usage events, device type | https://mixpanel.com/legal/privacy-policy/ |
| Sentry | Error tracking and crash reporting | Anonymous error logs, device info | https://sentry.io/privacy/ |
| OpenAI (via OpenRouter) | AI coaching and feedback features | Chat messages, uploaded images (when using AI features) | https://openai.com/policies/privacy-policy |
| RevenueCat | Subscription and purchase management | Purchase history, subscription status | https://www.revenuecat.com/privacy |
All third parties are required to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
5. How Personal Data Is Used
Sólo utilizaremos sus datos personales cuando la ley nos lo permita. Lo más habitual es que utilicemos sus datos personales en las siguientes circunstancias:
- Contract performance – Where we need to perform a contract we have entered into with you
- Legitimate interests – Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
- Legal obligation – Where we need to comply with a legal obligation
- Consent – Where you have given us your consent
Generally, we do not rely on consent as a legal basis for processing your personal data, although we will get your consent before sending direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
Purposes for Which We Use Your Personal Data
| Objetivo/Actividad | Type of Data | Lawful Basis |
| Para registrarle como nuevo cliente | Identity and Contact Data, Profile Data | Ejecución de un contrato con usted |
| Tramitar y entregar su pedido | Identity and Contact Data, Profile Data, Transaction Data | Performance of a contract with you; Legitimate interests (to track orders and payments) |
| To provide learning content and track your progress | Identity and Contact Data, Profile Data, Usage Data | Ejecución de un contrato con usted |
| To provide AI coaching and personalised feedback | Profile Data, Usage Data, User-Generated Content | Performance of a contract with you; Legitimate interests (to improve our services) |
| To manage our relationship with you (including notifying you about changes to our terms or privacy notice, asking you to leave a review or take a survey) | Identity and Contact Data, Profile Data, Marketing and Communications Data | Performance of a contract with you; Legal obligation; Legitimate interests (to keep our records updated) |
| Para permitirle participar en un concurso, evento o completar una encuesta | Identity and Contact Data, Profile Data, Usage Data, Marketing and Communications Data | Performance of a contract with you; Legitimate interests (to study how customers use our services) |
| To administer and protect our business, website and app (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | Identity and Contact Data, Technical Data | Legitimate interests (for running our business, IT services, network security, to prevent fraud); Legal obligation |
| To deliver relevant website content and advertisements to you and measure effectiveness | Identity and Contact Data, Profile Data, Usage Data, Marketing and Communications Data, Technical Data | Legitimate interests (to study how customers use our services, to develop them, to grow our business and to inform our marketing strategy) |
| To use data analytics to improve our website, app, products/services, marketing, customer relationships and experiences | Technical Data, Usage Data | Legitimate interests (to define types of customers, to keep our website and app updated and relevant, to develop our business and to inform our marketing strategy) |
| Para hacerle sugerencias y recomendaciones sobre productos o servicios que puedan ser de su interés. | Identity and Contact Data, Technical Data, Usage Data, Profile Data, Marketing and Communications Data | Legitimate interests (to develop our products/services and grow our business) |
AI Features
When you use our AI features (coach chat, photo feedback), your messages and uploaded images are processed by OpenAI to provide responses. This data is:
- Used only to provide the AI service
- Not used to train AI models
- Subject to OpenAI’s data processing agreement
Marketing
Where you have given your consent to marketing, we will send you our marketing and promotional materials for services, products, surveys, competitions, events and other activities we think useful to you.
We use online behavioural advertising (OBA) which allows us to deliver targeted advertising to visitors. As you browse our site, some of the cookies used are advertising cookies, so we can understand what sort of pages you are interested in. The OBA techniques we use will not collect personal information such as your name, email address, postal address or phone number.
We may also share anonymised behavioural data with advertising partners. This may mean that when you are on other websites, you will be shown advertising based on your behaviour on our website. You can opt out of this form of marketing, but you will still see adverts when you visit our site – they just will not be personalised for you.
You can withdraw your consent to any marketing at any time by contacting us at the address in the Contact Us section.
6. International Data Transfers
Some of our third-party service providers are based outside the UK. For transfers outside the UK, we implement safeguards:
- Transfers only to countries deemed adequate for data protection, or
- Use of contracts approved for UK use that maintain equivalent protection
Póngase en contacto con nosotros si desea más información sobre el mecanismo específico que utilizamos al transferir sus datos personales fuera del Reino Unido.
7. Data Security
We implement appropriate security measures to protect your personal data:
- All data transmitted over HTTPS/TLS encryption
- Database connections encrypted
- Access restricted to authorised personnel
- Regular security assessments
- Procedures for handling data breaches
We will notify affected parties of any data breach when legally required.
8. Data Retention
| Data Type | Retention Period |
| User account data | Until account deletion |
| Learning progress | Until account deletion |
| Analytics data | 2 years |
| Error logs | 90 days |
| Transaction records | 7 years (legal requirement) |
Data may be retained longer during complaints or potential litigation. In some cases, data may be anonymised for research or statistics, in which case we may use this information indefinitely without further notice to you.
9. Your Legal Rights
Under data protection laws, you have the right to:
| Right | Description |
| Access | Request a copy of your personal data |
| Correction | Request correction of inaccurate data |
| Erasure | Request deletion of your data |
| Object | Object to processing of your data |
| Restrict | Request restriction of processing |
| Portability | Request transfer of your data |
| Withdraw consent | Withdraw consent at any time |
How to Exercise Your Rights
Mobile App Users:
- Export your data: Settings > Privacy Settings > Export My Data
- Delete your account: Settings > Account Settings > Delete Account
- Manage consent: Settings > Privacy Settings (toggle analytics/data collection)
All Users:
- Email: [email protected]
- We respond within one month (complex requests may take longer)
- We may request identification for security purposes
Access requests are generally free, though unreasonable, repetitive, or excessive requests may incur reasonable fees or may be refused.
10. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes through:
- Email notification
- In-app notification
- Notice on our website
11. Glossary
Interés legítimo means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Ejecución del contrato el tratamiento de sus datos cuando sea necesario para la ejecución de un contrato en el que usted sea parte o para adoptar medidas a petición suya antes de celebrar dicho contrato.
Cumplir una obligación legal significa tratar sus datos personales cuando sea necesario para cumplir una obligación legal a la que estemos sujetos.
12. Contact Us
For questions about this policy or to exercise your rights:
Email: [email protected]
Address: 31 Tower Rd, Burton, DE15 0NH
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk if you believe your data protection rights have been violated.pliance with a legal obligation that we are subject to.
