Privacy Policy

1. Introduction and scope

This Privacy Policy explains how Ivy Training & Consulting UK Limited (“Ivy Training”, “we”, “us”, “our”) collects, uses, stores, and shares personal data when you use ivytrainingconsulting.com (the “Website”), contact us, register for programmes, or make payments. Using the Website or submitting information means you acknowledge this Policy. If you do not agree, please do not use the Website or submit personal data.

This Policy is designed to support compliance with the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR) where applicable. We also summarise rights for visitors in other jurisdictions (including the United States) where helpful.

This Policy is not legal advice for you or your business. It describes our practices. For our separate GDPR summary, see our GDPR Statement.

2. Data controller and contact

The data controller responsible for personal data described in this Policy is Ivy Training & Consulting UK Limited.
Email: support@ivytrainingconsulting.com
Website: ivytrainingconsulting.com

We do not currently appoint a Data Protection Officer (DPO) as a statutory requirement; for any data-protection query, use the email above and mark the subject line “Privacy / GDPR”.

3. Personal data we collect

We may collect the following categories of information, depending on how you interact with us:

• Identity and contact data: name, email address, telephone number, country or time zone, and similar details you enter on forms (for example on contact or registration pages).
• Enrolment and education-related data: programme of interest, preferred cohort or start date, free-text notes you provide, acknowledgements (such as agreement to lock-in fee terms), and communications about training.
• Transaction and payment-related data: we do not collect or store full payment card numbers on our Website servers. Payments made via Stripe or PayPal are processed by those providers; we may receive limited payment metadata (for example confirmation of payment, amount, payer reference, or partial account identifiers) needed to administer your place. For Zelle or other bank transfers, your bank processes the payment; we may see information your bank displays to us (such as name, email, or reference in the transfer).
• Technical and usage data: IP address, browser type, device type, general location derived from IP, pages viewed, and timestamps—typically collected by hosting, security, or analytics tools.
• Communications data: content of emails, chat messages, or form submissions you send to us.
• Marketing and reviews: if you interact with review widgets or marketing tools on the Website, those providers may collect data under their own policies (see section 7).

We do not intentionally collect special category personal data (such as health, biometric, or political data) via the Website. Please do not send such information unless we explicitly request it for a documented purpose.

Our training services are aimed at adults. We do not knowingly collect personal data from anyone under 16 without appropriate authority. If you believe a minor has provided data, contact us and we will take steps to delete it where appropriate.

4. How we use personal data (purposes)

• To respond to enquiries, provide consultations, and manage prospective student relationships.
• To process registrations, allocate cohort places, send operational updates, and deliver training and student support.
• To verify or reconcile payments (including matching payments to registrations) and handle billing, refunds, or disputes in line with our terms.
• To operate, secure, and improve the Website; detect fraud, spam, or abuse; and troubleshoot technical issues.
• To comply with legal obligations (for example tax, accounting, or regulatory requests where applicable).
• To evidence compliance, defend legal claims, and protect Ivy Training’s legitimate business interests where permitted by law.

We do not use your personal data for solely automated decisions that produce legal or similarly significant effects about you.

5. Lawful bases (UK GDPR)

We rely on one or more of the following lawful bases:

• Contract (Article 6(1)(b)): where processing is necessary to take steps at your request before a contract, or to perform our agreement with you (for example delivering training you purchase).
• Legitimate interests (Article 6(1)(f)): where processing is necessary for our legitimate interests (for example operating a secure website, improving services, internal record-keeping, fraud prevention), and those interests are not overridden by your rights.
• Consent (Article 6(1)(a)) (and PECR where applicable): where we rely on consent (for example certain non-essential cookies or marketing communications where required). You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
• Legal obligation (Article 6(1)(c)): where we must process data to comply with applicable law.

6. Cookies and similar technologies

The Website may use essential cookies required for security, load balancing, or basic functionality. We may also allow third-party scripts (such as chat or review widgets) that set their own cookies or read similar technologies. You can control cookies through your browser settings; blocking some cookies may affect features.

If we introduce non-essential analytics or advertising cookies that require consent under UK rules, we will update this Policy and implement appropriate consent controls.

7. Recipients, processors, and third-party services

We use reputable service providers who process personal data on our behalf as processors (under contract where required). Examples relevant to the Website include:

• Website hosting (for example GitHub Pages or successor hosting): stores and serves site content; may process technical logs.
• Form delivery (for example FormSubmit / similar form relay services): receives form submissions you send from the Website and forwards them to our inbox.
• Stripe (payments): processes card payments when you use our Stripe Checkout / Payment Link. See Stripe’s privacy notice for how they handle payment data.
• PayPal (payments): processes payments when you use PayPal.Me or PayPal checkout. See PayPal’s privacy statement.
• Live chat (for example Tawk.to, if enabled on pages): may process chat content and technical data.
• Trustpilot (if widgets load): may process interaction data under Trustpilot’s policies.

We do not sell your personal data in the conventional sense (we do not exchange personal data for money with data brokers). If US state laws define “sale” or “sharing” more broadly (for example certain digital advertising), we aim to honour applicable opt-out rights where those laws apply.

Links on the Website may lead to third-party sites. Their privacy practices are their own; please read their policies before submitting data.

8. International transfers

Ivy Training is UK-focused, but our processors may store or process data in the UK, the EEA, the United States, or other countries. Where UK GDPR requires safeguards for transfers outside the UK, we rely on mechanisms such as the UK extension to the EU-US Data Privacy Framework, UK adequacy regulations, the UK International Data Transfer Agreement (IDTA) / Addendum, or Standard Contractual Clauses—depending on the service and what the provider offers.

9. Retention

We retain personal data only as long as reasonably necessary for the purposes in section 4, including resolving disputes and enforcing agreements. Indicative examples: enquiry records may be kept for a limited period unless a longer period is justified; student and payment records may be kept longer where required for training administration, accounting, tax, or legal claims. When retention ends, we delete or anonymise data where feasible.

10. Security

We implement appropriate technical and organisational measures appropriate to the risk (for example access controls, secure communications where available, and careful selection of processors). No online transmission or storage is completely secure; we cannot guarantee absolute security.

11. Your rights

If UK GDPR applies, you may have rights to: access your personal data; request rectification; request erasure in certain circumstances; request restriction of processing; object to processing based on legitimate interests (including direct marketing); request data portability where applicable; and withdraw consent where processing is consent-based.

To exercise rights, email support@ivytrainingconsulting.com. We may need to verify your identity before responding. You may also lodge a complaint with the UK Information Commissioner’s Office (ICO). We encourage you to contact us first so we can try to resolve your concern.

If you are in certain US states, you may have additional rights (for example access, deletion, correction, or opt-out of certain “sales/sharing”) depending on local law. Contact us using the email above and include your state of residence.

12. Intellectual property and permitted use of the Website

Unless otherwise stated, Ivy Training owns or licenses the content on the Website (including text, graphics, logos, and course descriptions). You may not copy, scrape, redistribute, or exploit Website content for commercial purposes without our prior written consent, except as allowed by applicable law.

13. Disclaimers and limitation of liability (Website use)

The Website and its content are provided for general information about Ivy Training’s services. Training descriptions, outcomes, timelines, and career guidance are illustrative and not a guarantee of employment, certification, income, or results. Decisions you make based on Website information are your responsibility.

To the fullest extent permitted by applicable law, Ivy Training is not liable for any indirect, consequential, special, incidental, or punitive damages arising from your use of the Website, inability to use the Website, or reliance on Website content—except where liability cannot be excluded by law (for example death or personal injury caused by negligence, or fraud).

Nothing in this Policy limits any mandatory consumer rights you have under the law that governs your relationship with us.

14. Changes to this Privacy Policy

We may update this Policy to reflect changes in law, services, or technology. The “Last updated” date at the top of this page will change when we publish a revision. Material changes may also be communicated by email or a notice on the Website where appropriate.