Privacy Policy

This Privacy Policy describes how Lucy Gordon (“we”, “us”, or “our”) collects, uses, and protects your personal information when you visit our website, use our services, or otherwise interact with us.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Lucy Gordon is a UK-based business that provides online training, digital resources, and consulting services.
We are the data controller responsible for your personal data.

If you have any questions about this Privacy Policy or how we handle your data, please contact us at:

[email protected]

Once incorporated, our company and registered address details will be added to this policy.

2. Information we collect

We may collect and process the following types of information:

Information you provide directly

- Name and contact details (e.g. email address, phone number)

- Payment and billing details when you purchase a product or service

- Any information you include in contact forms, surveys, or emails

- Your marketing preferences and consent records

Information collected automatically

When you visit our website, we automatically collect certain data through cookies, pixels, and analytics tools, such as:

- IP address and approximate location

- Browser type and version

- Device type and operating system

- Pages visited, time spent, and referral source

3. How we use your information

We use your personal data for the following purposes:

- To provide and deliver our services, courses, and digital products

- To process payments and manage your account

- To send service-related communications (e.g. receipts, updates, password resets)

- To send marketing emails where you have given consent

- To analyse website traffic and improve our content and services

- To comply with legal obligations and resolve disputes

4. Legal basis for processing

We rely on one or more of the following legal bases under UK GDPR:

- Contractual necessity – where processing is required to provide our services or fulfil an order

- Consent – where you have opted in to receive marketing communications

- Legal obligation – to meet our tax, accounting, and compliance requirements

- Legitimate interests – for business administration, analytics, and improving our services (where your rights do not override our interests)

5. Sharing your information

We only share personal data when necessary and with trusted third parties that help us operate our business, such as:

- Payment processors (e.g. Stripe)

- All-in-one business platform (used for hosting, course delivery, and email marketing)

- Cloud storage providers (e.g. Google Drive, OneDrive)

Each third party is required to keep your information secure and process it in compliance with data protection law.
We do not sell or rent your personal information to anyone.

6. International transfers

Some of our third-party providers may transfer data outside the UK.
Where this happens, we ensure appropriate safeguards are in place (for example, UK adequacy decisions or standard contractual clauses).

7. Data retention

We keep personal data only for as long as necessary for the purposes for which it was collected.
Typically this means:

- Enquiry and marketing data – up to 2 years

- Client and transaction data – up to 6 years (to comply with tax and legal record-keeping obligations)

After this time, data will be securely deleted or anonymised.

8. Cookies and tracking

Our website uses cookies and similar technologies to:

- Enable essential site functionality

- Analyse website performance and traffic

- Personalise content and ads (where applicable)

You can control or delete cookies through your browser settings.
Further information about cookies will be provided in our separate Cookie Policy.

9. Your rights

Under UK data protection law, you have the following rights:

- To access a copy of your personal data

- To correct or update inaccurate information

- To request deletion of your data (“right to be forgotten”)

- To restrict or object to processing in certain circumstances

- To withdraw consent for marketing at any time

- To data portability (where applicable)

You can exercise your rights by contacting [email protected].
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk.

10. Data security

We use appropriate technical and organisational measures to protect your information, including encryption, access controls, and secure data storage.
However, no system is completely secure, and we cannot guarantee absolute security of your data.

11. Updates to this policy

We may update this Privacy Policy from time to time.
The latest version will always be available on our website, and the “last updated” date will be amended accordingly.

Contact:
[email protected]