NONVERBAL ACES LTD
PRIVACY POLICY

1.1 This Privacy Policy explains how Nonverbal ACEs Ltd ("Nonverbal ACEs", "we", "us", "our") collects, uses, stores, and protects personal data when you visit nonverbalaces.com (the "Website"), enrol on our courses, download our materials, sign up for our communications, or otherwise interact with us.

1.2 We are the data controller responsible for your personal data.

1.3 We are committed to processing your personal data in accordance with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.

1.4 Please read this policy alongside our Cookies Policy and our Terms and Conditions.

3.1 We collect and process the following categories of personal data:

3.2 Special category data. We do not actively collect special category data (such as health, religion, or sexual orientation). However, if Participants choose to share such information during live calls or in written submissions, we will process it for the purposes of delivering the Course. By participating, you consent to such processing in this context (UK GDPR Article 9(2)(a)).

4.1 We collect personal data when you:

• visit our Website (via cookies and similar technologies);
• enquire about or enrol on a Course;
• download our ebook The Disruptive Counsellor or other lead-magnet content;
• subscribe to our mailing list or podcast updates;
• attend live group calls;
• communicate with us by email, contact form, or social media;
• interact with us on professional platforms (e.g. LinkedIn);
• are referred to us by a third party with your permission.

5.1 We process your personal data on one or more of the following lawful bases under UK GDPR Article 6:

5.2 You have the right to object to processing carried out on the basis of legitimate interests (see Section 8).

6.1 We share personal data only where necessary, and always under appropriate contractual safeguards. The categories of recipients are:

• Payment Processors: PayFunnels, Stripe.
• IT & Cloud Services: Hosting providers, course portal platforms, CRM systems.
• Communication Tools: Email service providers, webinar platforms.
• Professional Advisors: Accountants, lawyers, insurers.
• Regulatory Bodies: Where required by law.

6.2 We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.

6.3 We will never sell your personal data.

7.1 Some of our service providers are based outside the UK, including in the United States (for example, Google services, Zoom, and several SaaS tools).

7.2 Where we transfer personal data outside the UK, we ensure a similar degree of protection by using one or more of the following safeguards:

• transfer to a country that the UK Government has determined to provide an adequate level of protection;
• the UK International Data Transfer Agreement or Addendum to the EU Standard Contractual Clauses; or
• other lawful transfer mechanisms approved under the UK GDPR.

7.3 You may request further information about our international transfer safeguards by contacting us at info@nonverbalaces.com.

8.1 Under the UK GDPR, you have the following rights:

• Access: The right to request a copy of the personal data we hold about you.
• Correction: The right to request correction of inaccurate data.
• Erasure: The right to request deletion of your data in certain circumstances.
• Restriction: The right to request that we restrict processing of your data.
• Portability: The right to request transfer of your data to another organization.
• Objection: The right to object to processing based on legitimate interests or marketing.

8.2 To exercise any of these rights, email info@nonverbalaces.com. We will respond within one month, unless the request is complex, in which case we may extend by a further two months and notify you.

8.3 You will not have to pay a fee in most cases. We may charge a reasonable fee or refuse the request if it is manifestly unfounded or excessive.

9.1 We will only send you marketing communications where you have either (a) given consent, or (b) are an existing customer and have not opted out (the PECR "soft opt-in").

9.2 You can unsubscribe at any time by clicking the unsubscribe link in any marketing email, or by emailing info@nonverbalaces.com.

9.3 Even if you unsubscribe from marketing, we will continue to send you transactional and administrative messages relating to courses you have enrolled on.

10.1 Our Website uses cookies and similar technologies to:

• enable essential functionality;
• understand how visitors use the Website (analytics);
• deliver and measure advertising (where you consent).

10.2 You can manage cookie preferences via our cookie banner.

10.3 For full details, please see our Cookies Policy at nonverbalaces.com/cookies-policy.

11.1 We retain personal data only for as long as necessary for the purposes for which it was collected, including for legal, accounting, or reporting requirements:

• Customer Records: Up to 7 years after the end of the customer relationship.
• Marketing Data: Until you unsubscribe or withdraw consent.
• Recordings: For the duration of the cohort access period (usually 12 months).

11.2 We may retain anonymised data indefinitely for statistical and research purposes.

12.1 We use reasonable technical and organisational measures to protect personal data, including:

• access controls and authentication;
• encryption in transit (HTTPS / TLS);
• use of reputable third-party processors with appropriate security standards;
• staff awareness and training.

12.2 No method of transmission over the internet is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

12.3 In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, inform you without undue delay.

Our courses and services are intended for professionals and are not directed to individuals under the age of 18. We do not knowingly collect personal data from children.

We may update this Privacy Policy from time to time. The latest version will always be published on nonverbalaces.com with the effective date. Material changes will be notified by email where appropriate.

15.1 Contact us first. For any privacy-related question or request, please email info@nonverbalaces.com or write to us at our registered office.

15.2 Right to complain to the ICO. If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

We would, however, appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.