1. Data Controller
Hiplife, 26 High Street, Windsor, Berkshire SL4 1LH, United Kingdom, is the data controller responsible for your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Privacy enquiries: callme@hiplife.world or +44 1753 621786.
2. Personal Data We Collect
- Identity and contact data: name, email address, telephone number when you enquire or book a programme.
- Communication data: messages sent via our contact form, email, or telephone notes where relevant.
- Booking data: programme selection, dates, payment references, and reasonable adjustment requirements.
- Technical data: IP address, browser type, device information, and pages visited.
- Cookie preference data: your choices regarding analytics and marketing cookies, stored in localStorage.
3. How We Use Your Data and Legal Bases
- Contract (Article 6(1)(b)): to respond to enquiries, administer bookings, and deliver programmes.
- Legitimate interests (Article 6(1)(f)): to maintain website security, improve services, and handle complaints — balanced against your rights.
- Consent (Article 6(1)(a)): for non-essential cookies and optional marketing where required.
- Legal obligation (Article 6(1)(c)): tax, accounting, and regulatory compliance.
4. Marketing Communications
We do not send unsolicited marketing emails or text messages. Programme updates are sent only where you have opted in or where they relate to an existing enquiry or booking. You may withdraw consent at any time.
5. Data Sharing and Processors
We do not sell personal data. Processors (e.g. hosting, email, payment providers) act only on our instructions under UK GDPR-compliant contracts. Where data is transferred outside the UK, we use appropriate safeguards such as UK International Data Transfer Agreements or adequacy regulations.
6. Retention Periods
- Enquiry records: up to 24 months unless a booking proceeds.
- Customer records: duration of service plus six years for accounting and legal purposes.
- Technical logs: up to 12 months.
- Cookie preferences: until cleared in your browser.
7. Security
We use HTTPS, access controls, and proportionate organisational measures. No internet transmission is completely secure; please protect your own devices and credentials.
8. Your Rights Under UK GDPR
You have the right to access, rectify, erase, restrict processing, object, and data portability where applicable. You may withdraw consent without affecting prior lawful processing. To exercise rights, contact us using the details above. We respond within one month.
9. Complaints to the ICO
You may lodge a complaint with the Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom. Website: ico.org.uk.
10. Children's Data
Our services are intended for adults aged 18 and over. We do not knowingly collect data from children. Contact us for prompt deletion if you believe we have done so.
11. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal or similarly significant effects.
12. Changes
We may update this policy to reflect legal or operational changes. The date above will be revised accordingly.