46–48 East Smithfield, London E1W 1AW
Last updated: 19 June 2026

Accolade UK Ltd (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal data lawfully, fairly and transparently.

For the purposes of UK data protection law, Accolade UK Ltd is the data controller responsible for your personal data. Our registered address is 46–48 East Smithfield, London E1W 1AW.

We are registered with the Information Commissioner’s Office (ICO) under registration number [Z1577960].

This policy explains what personal data we collect, how and why we use it, who we share it with, how long we keep it, and the rights you have. It should be read alongside any other notices we provide when we collect data from you.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR), and the Data (Use and Access) Act 2025.

We may collect and process the following data about you.

Information you give us. You may give us information by filling in forms on our website, or by corresponding with us by phone, email or otherwise. This may include your name, postal address, email address and telephone number, along with any other information you choose to provide.

Information we collect automatically. With regard to each of your visits to our website, we may automatically collect:

• Technical information, including the Internet Protocol (IP) address used to connect your device to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
• Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time), pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), and methods used to browse away from the page.

Much of this is collected through cookies and similar technologies — see section 4 below.

Under the UK GDPR we must have a lawful basis for each way we use your personal data. The table below sets out our purposes and the lawful basis we rely on for each.

Where we rely on legitimate interests, we have carried out a balancing assessment to ensure our interests are not overridden by your rights and freedoms. You can ask us for more information about this.
Where we rely on consent (for example, certain marketing or non-essential cookies), you can withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Our website uses cookies and similar technologies to distinguish you from other users, to make the site work, and to help us improve it. Strictly necessary cookies (for example, those needed for security or to make the site function) and certain low-risk cookies such as those used purely for analytics may be set without your consent, but you can opt out of non-essential processing. For all other cookies we will ask for your consent before they are placed. You can manage your preferences through our cookie banner and your browser settings.

We may share your personal data in the following circumstances:

• With any member of our group, as defined in section 1159 of the UK Companies Act 2006.
• With service providers and suppliers who process data on our behalf (for example, IT, hosting and analytics providers), under written contracts that require them to safeguard your data and use it only on our instructions.
• Where we are under a legal or regulatory duty to disclose or share your personal data, or to protect our rights, property or safety, or those of others.
• In connection with a sale, restructuring or transfer of our business or assets.

We do not sell your personal data.

Your personal data is held securely in accordance with our internal security policy and the law.

Where we transfer your personal data outside the United Kingdom, we ensure an appropriate level of protection by relying on one of the following safeguards: a transfer to a country covered by UK adequacy regulations; the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses; or another lawful transfer mechanism recognised under UK data protection law. You can contact us for more information about the safeguards in place.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data transmitted to our website, and any transmission is at your own risk. Once we have received your information we will use appropriate procedures and security features to prevent unauthorised access.

We keep your personal data only for as long as is necessary for the purposes for which it was collected, including to satisfy any legal, accounting, regulatory or reporting requirements. The criteria we use to determine retention periods include the nature of the data, the purpose for which it is held, and any applicable legal obligations. When we no longer need your data we will securely delete or anonymise it.

Under UK data protection law you have the following rights, which you can exercise free of charge in most cases:

• The right to be informed about how we use your personal data (which this policy provides).
• The right of access to a copy of the personal data we hold about you.
• The right to rectification of inaccurate or incomplete data.
• The right to erasure (“right to be forgotten”) in certain circumstances.
• The right to restrict processing in certain circumstances.
• The right to data portability, allowing you to obtain and reuse certain data.
• The right to object to processing based on legitimate interests, and to direct marketing at any time.
• Rights in relation to automated decision-making and profiling, where such processing produces legal or similarly significant effects.

You also have the right to ask us not to process your personal data for marketing purposes. We will give you the chance to unsubscribe from any marketing communications at any time.

To exercise any of these rights, please contact us using the details in section 11. We will respond within one month, although we may extend this where requests are complex. When responding to a request for access, we will carry out a reasonable and proportionate search for the relevant information.

If you are unhappy with how we have handled your personal data, you have the right to complain directly to us in the first instance, and we will acknowledge and investigate your complaint without undue delay. Please use the contact details in section 11.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection:

Information Commissioner’s Office

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Helpline: 0303 123 1113

Website: ico.org.uk

We would, however, appreciate the chance to address your concerns before you approach the ICO.

Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that they have their own privacy policies and we do not accept any responsibility or liability for them. Please check those policies before submitting any personal data.

We keep this privacy policy under regular review and may update it from time to time. Any changes will be posted on this page with a revised “last updated” date.

Questions, comments and requests regarding this privacy policy, or about your personal data, should be addressed to: