Data Privacy Policy

    Effective Date: 01.10.2025

    Next Review Date: 01.10.2026

    1. Introduction

    Kaizen Summit Ltd (“we,” “us,” or “our”) is committed to protecting and respecting your privacy in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

    This policy explains how we collect, use, share, and safeguard your personal information. By engaging with our services, you acknowledge and agree to the practices described in this policy.

    2. Data Controller

    Kaizen Summit Ltd is the data controller for personal data we process.

    Registered Office: Level One, Basecamp Liverpool, 49 Jamaica Street, Liverpool, Merseyside, United Kingdom, L1 0AH

    Data Protection Contact: dan.iles@kaizen-summit.com

    3. What Personal Data We Collect

    We may collect, store, and process:

    • Identity Data: Name, title, date of birth, gender
    • Contact Data: Email address, telephone number, physical address
    • Financial Data: Bank account details and payment information (for billing)
    • Technical Data: IP address, browser type/version, time zone, cookie identifiers, device data
    • Health Data (Special Category): Only where relevant to coaching or mentoring services, with explicit consent
    • Communication Data: Emails, feedback, queries, complaints, or survey responses

    4. How We Use Your Personal Data

    We use personal data for the following purposes:

    • Delivering coaching, mentoring, and leadership training services
    • Administering onboarding processes for clients and mentors
    • Processing payments and fulfilling financial obligations
    • Communicating service updates, scheduling, and account information
    • Collecting and analysing feedback to improve services
    • Marketing (only with your explicit opt-in consent)
    • Meeting legal and regulatory obligations

    We will never sell your data and will not share it with third parties for marketing purposes without explicit consent.

    5. Legal Basis for Processing

    We rely on:

    • Contract: Processing necessary to provide services you have requested
    • Legitimate Interest: Operating and improving our business, balanced against your rights
    • Consent: Required for health data and marketing communications
    • Legal Obligation: Compliance with UK law, including tax, accounting, and reporting

    6. How We Share Your Data

    We may share your personal data with:

    • Service Providers: e.g., accountants, IT systems, payment processors (subject to GDPR-compliant contracts)
    • Regulators and Authorities: When legally required
    • Business Transfers: In mergers, acquisitions, or restructuring events

    We ensure all third parties maintain appropriate safeguards to protect your personal data.

    7. Data Security

    We apply appropriate technical and organisational measures, including:

    • Encryption of sensitive data
    • Role-based access controls
    • Regular audits and penetration testing
    • Staff training on data protection

    In the event of a data breach, we will notify the Information Commissioner’s Office (ICO) within 72 hours where legally required and inform affected individuals without undue delay.

    8. Your Rights

    Under UK GDPR, you have the right to:

    • Access your personal data
    • Rectify inaccurate or incomplete data
    • Request erasure (“right to be forgotten”) under certain conditions
    • Restrict or object to processing in specific cases
    • Obtain and reuse your personal data (“data portability”)

    To exercise these rights, contact us at: dan.iles@kaizen-summit.com. We will respond within one month of your request.

    9. Data Retention

    We only retain personal data for as long as necessary for the purposes set out in this policy, including legal, tax, and regulatory requirements. Data is securely deleted or anonymised once no longer required.

    10. Cookies

    Our website uses cookies to improve user experience and analyse site traffic. You can manage or disable cookies via your browser settings.

    For full details, see our separate Cookie Policy, which complies with ICO cookie consent standards.

    11. Policy Updates

    We may revise this policy periodically to reflect legal or operational changes. Updated versions will always carry a new “Effective Date” at the top. We will notify you of any material changes.

    12. Contact Information

    Data Protection Officer (DPO): Dan Iles

    Email: dan.iles@kaizen-summit.com

    Postal Address: Level One, Basecamp Liverpool, 49 Jamaica Street, Liverpool, Merseyside, United Kingdom, L1 0AH

    If you believe your rights are not being upheld, you may lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk