Last updated Aug 2021
documents referred to in it) describes the type of information that we collect from
you ("you/your") through the use of our coaching services ("Services"), or the use of
our website or learning platform ("Website"), how that information may be used or
disclosed by us and the safeguards we use to protect it.
Our Website and Services may contain links to third party websites that are not cov
statements of other websites and applications to understand their information prac-
Please read it carefully to understand our policies regarding your information and
how we will treat it. By using or accessing our Website or Services, you agree to the
collection, use and disclosure of information in accordance with this Privacy and
continued use of the Website or Services is deemed to be acceptance of such
changes, so please check periodically for updates.
Please check back regularly to keep informed of updates to this Privacy and Cookie
upon your first use of our Website. If you do not accept and agree with this Privacy
2. Who We Are
2.1 Here are the details that the Regulation (EU) 2016/679 of the European Par-
liament and of the Council of 27 April 2016 on the protection of natural per-
sons with regards to the processing of personal data and on the free move-
ment of such data, known as General Data Protection Regulation (GDPR) says
we have to give you as a 'data controller':
- Our company name is Fika Limited, trading as Ivy Malik
- Our registered office at Castle House, Castle Street, Guildford, GU1
- Our nominated representative is Ivy Malik and she can be contacted at
2.2 We respect your right to privacy and will only process personal information
about you in accordance with GDPR, and any successor legislation to the GDPR
and other applicable privacy laws. We also comply with all other applicable
data protection law and regulation.
3. What we may collect
3.1 Personal data, or personal information, means any information about an indi-
vidual from which that person can be identified. It does not include data
where the identity has been removed (anonymous data).
3.2 We may collect, use, store and transfer different kinds of personal data about
you which we have grouped together as follows:
- Identity Data includes first name, last name, username or similar
identifier. When you email, phone, live chat or otherwise, we may col-
lect information such as your first name, last name, email address and
- Contact Data includes billing address, invoicing address, email address
and telephone numbers.
- Health and Lifestyle Data.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments and other details of
our Services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data,
browser type and version, time zone setting and location, browser
plug-in types and versions, operating system and platform and other
technology on the devices you use to access this Website.
- Profile Data includes your username and password, reservations made
by you, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our Website and
- Marketing and Communications Data includes your preferences in
receiving marketing from us and our third parties and your communica-
- Interaction Data includes any information that you might provide to
any discussion forums on the Website.
- Cookies Data. Like many websites, we use "cookies" to enhance your
experience and gather information about visitors and visits to our web-
sites. Please refer to the "Do we use 'cookies'?" section below for in-
formation about cookies and how we use them and what kind.
- Third Parties and Information we receive from other sources. We may
receive information about you if you use any of the other websites we
operate or through the Services we provide, including but not limited
to our platform provider (which is currently Kajabi). In this case we
will have informed you when we collected that data that it may be
shared internally and combined with data collected on our Website.
We are also working closely with third parties (including, for example,
business partners, suppliers, sub-contractors, advertising networks,
analytics providers, and search information providers) and may receive
information about you from them.
- Analytics includes third-party analytics Programme (such as Google
Analytics) to evaluate your use of the Website, compile reports on ac-
tivity, collect demographic data, analyse performance metrics, and
collect and evaluate other information relating to our Website and in-
help analyse and provide us the data. By accessing and using the Web-
site, you consent to the processing of data about you by these analyt-
ics providers in the manner and for the purposes set out in this Privacy
3.3 We also collect, use and share Aggregated Data such as statistical or demo-
graphic data for any purpose. Aggregated Data may be derived from your per-
sonal data but is not considered personal data in law as this data does not di-
rectly or indirectly reveal your identity. For example, we may aggregate your
Usage Data to calculate the percentage of users accessing a specific website
feature. However, if we combine or connect Aggregated Data with your per-
sonal data so that it can directly or indirectly identify you, we treat the com-
bined data as personal data which will be used in accordance with this Privacy
3.4 Where we collect Special Categories of Personal Data about you (this includes
details about your race or ethnicity, religious or philosophical beliefs, sex life,
sexual orientation, political opinions, trade union membership, information
about your health and genetic and biometric data) and it is necessary to do so
for our business, we will obtain your specific consent, unless we have another
lawful basis to do so.
3.5 Under GDPR we will ensure that your personal data is processed lawfully, fair-
ly, and transparently, without adversely affecting your rights. We will only
process your personal data if at least one of the following bases applies:
a) you have given consent to the processing of your personal data for one
or more specific purposes;
b) processing is necessary for the performance of a contract to which you
are a party or in order to take steps at the request of you prior to en-
tering into a contract;
c) processing is necessary for compliance with a legal obligation to which
we are subject;
d) processing is necessary to protect the vital interests of you or of
another natural person;
e) processing is necessary for the performance of a task carried out in the
public interest or in the exercise of official authority vested in the
f) processing is necessary for the purposes of the legitimate interests
pursued by us or by a third party such as our financial payments, ex-
cept where such interests are overridden by the fundamental rights
and freedoms of the data subject.
3.6 If we receive personal information in the course of providing our Services to
you from another data subject, we expect you to have complete responsibility
their attention and you have obtained their consent in the process.
3.7 In some instances, it may be appropriate for us to combine your information
with other information that we may be holding about you, such as combining
your name with your geographic location or your browsing or purchasing histo-
3.8 We do not collect any personal information for any person under the age of 16.
4. How we may collect and use your data
4.1 We (or third party data processors, agents and sub-contractors acting on our
behalf) may collect, store and use your personal information by way of differ-
ent methods to collect data from and about you including through:
Direct interactions. You may give us your information by filling in forms via
our Website or by corresponding with us by post, phone, email or otherwise.
This includes personal data you provide when you:
a) present Website content;
b) use any of our Services;
c) create an account on our Website;
d) subscribe to our Services or publications;
e) request marketing to be sent to you;
f) enter a competition, promotion or survey; or
g) give us some feedback.
4.2 In addition to the above, we may use the information in the following ways:
a) To personalise your experience and to allow us to deliver the type of
content and product offerings in which you are most interested.
b) To administer a contest, promotion, survey or other site feature.
c) If you have opted-in to receive our e-mail newsletter, we may send you
periodic e-mails. If you would no longer like to receive promotional e-
mail from us, please refer to section 4.9 below. If you have not opted-
in to receive e-mail newsletters, you will not receive these e-mails.
Visitors who register or participate in other site features such as mar-
keting programs and 'members-only' content will be given a choice
whether they would like to be on our e-mail list and receive e-mail
communications from us.
d) Present Website content effectively to you.
e) Provide information, and services that you request, or (with your
consent) which we think may interest you.
f) Carry out our contracts with you.
g) Provide the relevant Service to you
h) Tell you our charges.
4.3 If you are already our customer, we will only contact you electronically about
things similar to what was previously sold to you.
4.4 If you are a new customer, you will only be contacted if you agree to it.
4.5 We may keep a record of those links which are used the most to enable us to
provide the most helpful information but we agree to keep such information
confidential and you will not be identified from this information.
4.6 In addition, if you don't want us to use your personal data for any of the other
reasons set out in this section 4, you can let us know at any time by contact-
ing us at firstname.lastname@example.org, and we will delete your data from our sys-
tems. However, you acknowledge this will limit our ability to provide the best
possible Services to you.
4.7 In some cases, the collection of personal data may be a statutory or contrac-
tual requirement, and we will be limited in the Services we can provide you if
you don't provide your personal data in these cases.
4.8 We will only use your personal data when the law allows us to. Most common-
ly, we will use your personal data in the following circumstances:
a) Where we need to perform the contract we are about to enter into or
have entered into with you.
b) Where it is necessary for our legitimate interests (or those of a third
party) and your interests and fundamental rights do not override those
c) Where we need to comply with a legal or regulatory obligation
4.9 Generally we do not rely on consent as a legal basis for processing your per-
sonal data other than in relation to our marketing communications or sending
third party direct marketing communications to you via email or text mes-
sage. You have the right to withdraw consent email@example.com, and we
will either delete your data from our systems or move your data to our "un-
subscribe list". However, you acknowledge this will limit our ability to provide
the best possible Services to you.
4.10 As already indicated above, with your permission and/or where permitted by
law, we may also use your data for marketing purposes which may lead to us
contacting you by email and/or telephone with information, news and offers
on our services. We agree that we will not do anything that we have not
unsolicited marketing or spam. We will take all reasonable steps to ensure
that we fully protect your rights and comply with our obligations under the
GDPR and the Privacy and Electronic Communications (EC Directive) Regula-
tions 2003, as amended in 2004, 2011 and 2015.
4.11 Specifically, we use the following third party service providers, who may have
access to some of your personal data:
4.11.1 Stripe, through which we may accept payments;
4.11.2 PayPal, through which we may accept payments;
4.11.3 Notion, our client portal; and
4.11.3 Facebook, through which we host our learning and support community
We have undertaken due diligence in respect of the above service providers to
ensure your personal data is adequately protected.
5.1 All Cookies used by and on our Website are used in accordance with current
English and EU Cookie Law.
5.3 Cookies are small text files placed on your device when you visit our site and
are used to make the users experience more efficient. We are able to store
cookies on your computer where they are necessary for the operation of the
site however, for non-essential cookies we need your permission.
cookies to recognise you and your preferences, improve our site's performance
and collect analytical information for ourselves and our business partners.
Without the knowledge gained we would not be able to provide the service we
5.5 'Session cookies' allow us to track your actions during a single browsing ses-
sion, but they do not remain on your device afterwards.
5.6 'Persistent cookies' remain on your device between sessions. We use them to
authenticate you and to remember your preferences. We can also use them to
balance the load on our servers and improve your experience on our site.
5.7 Session and persistent cookies can be either first or third party cookies. A
first-party cookie is set by the Website being visited; a third-party cookie is
set by a different website. Both types of cookie may be used by us or our
5.8 Third Party Cookies we use include: Google Analytics, which is a web analytics
service provided by Google, Inc. The cookies used by Google Analytics help us
to analyse how users use the site and to count the number of people who use
the site. Google Analytics stores your IP address anonymously and neither us
or Google associate your IP address with any personally identifiable informa-
5.9 All our cookies are categorised by the role they fulfil on our Website:
a. Strictly Necessary: these are essential to enable you to move around our
Website and use features such as secure services. Without these cookies such
services could not be provided;
b. Functionality: allow the website to remember your choices and to personal
certain features. These cookies may be anonymised and cannot track your
browsing activity on other websites; and
c. Performance: collect information as to how users use the Website. These
cookies don't collect information that identifies a visitor. The information col-
lected is aggregated and used to improve our Website.
d. None of the cookies employed are classified as Behavioural Targeting.
If at any time you wish to disable our cookies, you may do so through the set-
tings on your browser. However, if you choose to disable or delete our cookies
that will prevent certain important areas and features of our service from
functioning properly. (but if you do so you will not be able to use certain im-
portant features of our service). You can find additional information at About-
Notwithstanding, the audit undertaken regarding our cookies, it is possible we
may have missed one from our list above. If you happen to find one that is
being set on our site, please let us know.
6. Where we store your data and security
6.1 We may transfer your collected data to storage outside the European Econom-
ic Area (EEA). It may be processed outside the EEA to fulfil your order and to
receive our services and deal with payment. If we do store or transfer data
outside the EEA, we will take all reasonable steps to ensure that your data is
treated as safely and securely as it would be within the EEA and under the
GDPR. Such steps may include, but not be limited to, the use of legally bind-
ing contractual terms between us and any third parties we engage with and
the use of the EU-approved Model Contractual Arrangements. Your acceptance
or transfer data outside the EEA if it is necessary for us to do so.
6.2 Where we use providers based in the US, we may transfer data to them if they
are part of the Privacy Shield which requires them to provide similar protec-
tion to personal data shared between the Europe and the US. For further de-
tails, see the European Commission: EU-US Privacy Shield.
6.3 Data security is of great importance to us, and to protect your data we have
put in place suitable physical, electronic and managerial procedures to safe-
guard and secure data collected through our Website. In addition, we limit
access to your personal data to those employees, agents, contractors and
other third parties who have a business need to know. They will only process
your personal data on our instructions and they are subject to a duty of confi-
6.4 We have put in place procedures to deal with any suspected personal data
breach and will notify you and any applicable regulator of a breach where we
are legally required to do so.
6.5 By giving us your personal data, you agree to this arrangement. We will do
what we reasonably can to keep your data secure.
6.6 Any payments made by you, will be encrypted.
6.7 We have implemented security measures such as a firewall to protect any
data and maintain a high level of security.
6.8 Notwithstanding the security measures that we take, it is important to re-
member that the transmission of data via the internet may not be completely
secure and that you are advised to take suitable precautions when transmit-
ting to us data via the internet and you take the risk that any sending of that
data turns out to be not secure despite our efforts.
6.9 If we give you a password upon registration on our Website, you must keep it
confidential. Please don't share it.
6.10 We will keep personal data for as long as is necessary which is usually the life
of our relationship and up to a period of seven years after our relationship
have ended. We may however be required to retain personal data for a longer
period of time to ensure we comply with our legislative and regulatory re-
quirements. We review our data retention obligations to ensure we are not
retaining data for longer than we are legally obliged to.
7. Disclosing your information
7.1 We are allowed to disclose your information in the following cases:
7.1.1 If we want to sell our business, or our company, we can disclose it to
the potential buyer;
7.1.2 We can disclose it to other businesses in our group, as defined in the
Companies Act 2006;
7.1.3 We can disclose it if we have a legal obligation to do so, or in order to
protect other people's property, safety or rights; or
7.1.4 We can exchange information with others to protect against fraud or
7.2 We may contract with third parties to supply services to you on our behalf.
These may include payment processing, search engine facilities, advertising
and marketing. In some cases, the third parties may require access to some or
all of your data. For details of the third parties that have access to your data,
please contact us at firstname.lastname@example.org
7.3 Where any of your data is required for such a purpose, we will take all rea-
sonable steps to ensure that your data will be handled safely, securely, and in
accordance with your rights, our obligations, and the obligations of the third
party under GDPR and the law.
8. Your rights
8.1 When you submit information via our Website, you may be given options to
restrict our use of your data. We aim to give you strong controls on our use of
your data (including the ability to opt-out of receiving emails from us which
you may do by unsubscribing using the links provided above in this Privacy and
8.2 Under the GDPR, you have the right to:
- request access to, deletion of or correction of, your personal data held
by us at no cost to you;
- request that your personal data be transferred to another person (data
- be informed of what data processing is taking place;
- restrict processing;
- to object to processing of your personal data; and
- complain to a supervisory authority.
8.3 You also have rights with respect to automated decision-making and profiling
as set out in section 11 below.
8.4 You have the right to ask us not to process your personal data for marketing
purposes. We will usually inform you (before collecting your data) if we intend
to use your data for such purposes or if we intend to disclose your information
to any third party for such purposes.
8.5 To enforce any of the foregoing rights or if you have any other questions about
9. Links to other sites
9.1 Please note that our terms and conditions and our policies will not apply to
other websites that you get to via a link from our Website. We have no control
over how your data is collected, stored or used by other websites and we ad-
vise you to check the privacy policies of any such websites before providing
any data to them.
page. If we decide to, we may also email you.
11. Automated Decision-Making and Profiling
11.1 In the event that we use personal data for the purposes of automated deci-
sion-making and those decisions have a legal (or similarly significant effect)
on you, you have the right to challenge to such decisions under GDPR, re-
questing human intervention, expressing their own point of view, and obtain-
ing an explanation of the decision from us.
11.2 The right described in section 11.1 does not apply in the following circum-
a) the decision is necessary for the entry into, or performance of, a
contract between the you and us;
b) the decision is authorised by law; or
c) you have given you explicit consent.
11.3 Where we use your personal data for profiling purposes, the following shall
a) Clear information explaining the profiling will be provided, including
its significance and the likely consequences;
b) Appropriate mathematical or statistical procedures will be used;
c) Technical and organisational measures necessary to minimise the risk
of errors and to enable such errors to be easily corrected shall be im-
d) All personal data processed for profiling purposes shall be secured in
order to prevent discriminatory effects arising out of profiling.
12. Your Consent
12.1 By using our Website and by way of acknowledgment, you consent to our Pri-
13. Dispute Resolution
13.1 The parties will use their best efforts to negotiate in good faith and settle any
breach of it.
13.2 Any dispute shall not affect the parties' ongoing obligations under this Privacy
13.3 The English courts have the only right to hear claims related to this Privacy
tractual obligations) by English law.