Privacy Policy

1. About This Privacy Policy

This Privacy Policy explains how North & Soul Ltd ("we", "us", "our") collects, uses, stores and protects your personal data when you visit pollystandeven.co.uk and any associated pages (including livinginlight), purchase our courses, or subscribe to our email list.

We are committed to protecting your privacy and handling your personal data in an open and transparent manner, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this policy carefully. By using our website you acknowledge that you have read and understood it.

2. Who We Are

The data controller responsible for your personal information is:

3. Personal Information We Collect

We collect personal information in the following ways:

Information you give us directly

• Email address and name — when you subscribe to our newsletter (the Weekly Lowdown) or join a waitlist
• Contact details — if you email us directly
• Payment information — when you purchase a course. Note: payment processing is handled entirely by our third-party payment providers (e.g. Stripe, Kajabi). We do not store your card details.

Information collected automatically

• Device and browser information — including IP address, browser type, operating system and referring URL
• Usage data — pages visited, time spent, clicks and interactions (via Google Analytics)
• Advertising data — if you arrive via a Facebook or Instagram ad (via Meta Pixel)
• Cookie data — see our Cookies section below

4. How We Use Your Information

• To send you our weekly newsletter and email communications you have opted in to receive
• To process your course purchase and deliver access to course materials
• To respond to your enquiries and provide customer support
• To improve and optimise our website and content
• To measure the effectiveness of our advertising campaigns
• To comply with our legal obligations

We will never sell your personal data to third parties or use it for any purpose you have not consented to.

5. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases:

• Consent — for email marketing. You can withdraw your consent at any time by unsubscribing via the link in any email we send you.
• Contract — to fulfil a course purchase or service agreement with you.
• Legitimate interests — to analyse website usage and improve our services, where these interests are not overridden by your rights.
• Legal obligation — where we are required by law to process your data.

6. How Long We Keep Your Data

• Email subscribers — we retain your data for as long as you remain subscribed. If you unsubscribe, your data is removed from our active mailing list within 30 days.
• Course customers — we retain your purchase records for 7 years in line with UK tax and accounting obligations.
• Website analytics — anonymised data is retained for up to 26 months via Google Analytics.
• Direct enquiries — correspondence is retained for up to 2 years.

7. How We Share Your Data

We do not sell your personal data. We may share it only with the following trusted third-party service providers who help us operate our website and business:

• Kit (ConvertKit) — email marketing platform. Privacy Policy
• Google Analytics — website analytics. Privacy Policy
• Meta (Facebook/Instagram) — advertising measurement via Meta Pixel. Privacy Policy
• Vimeo — video hosting for course content. Privacy Policy
• Senja — testimonial display widget. Privacy Policy
• Kajabi / Stripe — course delivery and payment processing. Their own privacy policies apply to any data collected during purchase.

All third-party providers are required to process your data only on our instructions and in compliance with applicable data protection law.

We may also disclose your information if required by law, court order, or regulatory authority.

8. Cookies & Tracking Technologies

Cookies are small text files stored on your device when you visit our website. We use the following types:

• Essential cookies — required for the website to function correctly.
• Analytics cookies — Google Analytics uses cookies to collect anonymised information about how visitors use our site. These cookies do not identify you personally.
• Marketing cookies — the Meta Pixel places cookies to help us measure the effectiveness of our advertising on Facebook and Instagram.
• Third-party cookies — embedded content from Vimeo and Senja may place their own cookies. Please refer to their respective privacy policies.

You can control and delete cookies through your browser settings at any time. Disabling cookies may affect the functionality of some parts of our website.

9. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right to access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate or incomplete data
• Right to erasure — request deletion of your personal data ("right to be forgotten")
• Right to restrict processing — request that we limit how we use your data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests or for direct marketing purposes
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at donnie@northandsoul.co.uk. We will respond within 30 days.

10. How We Protect Your Data

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration or disclosure. These include:

• Secure HTTPS connections across all pages
• Access controls limiting who within our team can access personal data
• Use of reputable, data-compliant third-party providers

Whilst we take all reasonable precautions, no internet transmission is completely secure. If you have concerns about the security of your data, please contact us directly.

11. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the UK's data protection supervisory authority:

We would appreciate the opportunity to address your concerns directly before you approach the ICO, so please do contact us first.

12. How to Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or the way we handle your personal data, please contact us:

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. When we make significant changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Your continued use of our website after any changes constitutes your acceptance of the updated policy.