Privacy Notice

Who we are as a data controller

CVL Enterprise Limited, trading as The What-If Strategist, is the data controller for personal data collected and processed in connection with this programme. Our contact details for data protection purposes are admin@cvlenterpriselimited.com.

What data we collect

In delivering this programme we collect and process the following categories of personal data:

Contact and account data - your name, email address, and any other contact information you provide at the point of purchase or enrolment.

Payment data - transaction records processed through Stripe or Wise. We do not store payment card details directly.

Programme participation data - information you share in the pre-session form, your Exposure Audit responses if shared with us, your community posts and interactions, and notes from your one-to-one session.

Business data - information about your business that you voluntarily share in programme exercises, community posts, or session discussions.

Technical data - standard platform usage data collected by our programme platforms and our email provider for the purposes of delivering and improving the programme.

Why we process your data and the legal basis

We process your data for the following purposes:

To deliver the programme and fulfil our contractual obligations to you - legal basis: contract performance.

To communicate with you about your programme participation, schedule, and progress - legal basis: contract performance and legitimate interests.

To process your payment - legal basis: contract performance.

To maintain the security and integrity of the community platform - legal basis: legitimate interests.

To improve our programme design and methodology using aggregated, anonymised insights - legal basis: legitimate interests.

To comply with our legal obligations - legal basis: legal obligation.

We will not use your data for unsolicited marketing without your separate consent. We will not sell your data to third parties. We will not share your data with third parties except as described in this section.

How long we keep your data

Contact and payment data: Retained for seven years from the date of your last transaction in accordance with standard accounting and legal requirements.

Programme participation data including session notes: Retained for two years from the end of your programme cohort then securely deleted unless you have given consent for longer retention.

Community posts: Retained for the duration of your community access. If you request removal from the community your posts will be anonymised or deleted within 30 days of your request.

Your rights

Under UK GDPR and applicable data protection law you have the following rights in relation to your personal data:

The right to access - you may request a copy of the personal data we hold about you.

The right to rectification - you may request correction of inaccurate data we hold about you.

The right to erasure - you may request deletion of your personal data in certain circumstances.

The right to restriction - you may request that we restrict processing of your data in certain circumstances.

The right to portability - you may request your data in a portable format in certain circumstances.

The right to object - you may object to processing based on legitimate interests.

To exercise any of these rights please contact us at admin@cvlenterpriselimited.com. We will respond to all requests within 30 days. We will not charge for reasonable requests.

If you are unsatisfied with how we handle your data you have the right to complain to the Information Commissioner's Office at ico.org.uk.

Third party platforms

The programme is delivered using third party platforms, each of which processes participant data as a data processor on our behalf:

We have data processing agreements in place with each platform provider. We have selected platforms that comply with UK GDPR requirements. Where data is transferred outside the UK we ensure appropriate safeguards are in place.

Security

We take the security of your data seriously, particularly given the nature of the information participants share in this programme. We implement the following measures:

Access to participant data is restricted to the programme facilitator and any authorised platform administrators. Community content is accessible only to enrolled participants and not publicly visible or indexed. Session recordings are stored in password-protected, access-controlled storage. We maintain our own security posture in accordance with the standards we recommend to participants.

No method of electronic storage or transmission is completely secure. We cannot guarantee absolute security but we will notify you promptly in the event of a data breach that is likely to result in a risk to your rights and freedoms.

Legal disclosure

We will disclose any information we collect, use or receive if required or permitted by law, such as to comply with a subpoena or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Contact information:

If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to individual rights and your Personal Information, you may send an email to admin@cvlenterpriselimited.com.