top of page
Screenshot 2025-06-19 225511.png

PRIVACY POLICY

About this policy

This privacy policy and general privacy notice applies to Revelwood Ltd (“Revelwood”, “we”, “our”, “us”). We take your privacy seriously and comply with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

This notice explains:

  • what personal data we collect;

  • how and why we process it;

  • your privacy rights; and

  • how the law protects you.

It supplements any shorter privacy notices we may give you at the point of data collection.

Who we are

Legal entity / data controller: Revelwood Ltd

Company number: 07309285 (registered in England & Wales)

Registered office: Willicote Pastures, Campden Road, CV37 8LN

E-mail: privacy@revelwood.org.uk

By using www.revelwood.org.uk (“the Website”) you consent to the practices described in this policy. Revelwood is registered with the Information Commissioner’s Office (ICO) as a data controller.

Personal data we collect

Category                                       Examples

Identity Data                                name, title, date of birth, gender

Contact Data                               postal address, e-mail, telephone, job title, organisation

Financial Data                              bank details, payment-card information (when you pay us)

Special-Category Data            health information or psychometric results that you choose to give                                                                us during coaching

Transaction Data                        records of products/services you purchase or we supply

Technical Data                             IP address, browser type/version, time-zone, operating system

Profile & Usage Data                 enquiries, survey responses, how you use our site and services

Marketing Preferences             opt-in choices for newsletters or event updates

Personal data we collect

How we collect your data

  • Direct interactions – you give us data by phone, e-mail, post, web-form or in person.

  • Automated technologies – cookies and similar tools collect Technical and Usage Data when you browse our Website.

  • Third-party sources – such as payment processors or publicly available registers.

We ask you to keep your information accurate and up to date; please tell us if anything changes.

Why we use your data and legal bases

  • Enquiries and services. When you contact us for information—or when we coach or consult for you—we use the details that identify you (like your name and job title), your contact information, and anything connected to the work we’re doing together. We handle this data because it’s necessary to carry out the contract (or to take steps at your request before entering into one).

  • Invoices and accounts. To raise invoices, meet tax rules and keep proper accounts we process your identity and contact details, any payment information you give us and a record of each transaction. The law obliges us to keep and use this data.

  • Updates and marketing. If you choose to receive leadership insights, event invitations or other news from us, we’ll use your identity and contact details together with your marketing preferences. We only do this with your clear consent, and you can withdraw that consent whenever you like.

  • Site improvement and security. When you visit our website, we automatically collect technical information—such as your IP address, browser type and how you move around the site. We analyse this to improve performance, understand what content works and keep everything secure. We rely on our legitimate interest in running and protecting the business for this processing.

We will not process your data for a new, incompatible purpose without informing you first. 

Disclosure of your information

We may share data:

  • with regulators or law-enforcement bodies to comply with the law;

  • with trusted service providers (e.g. cloud hosting, CRM, payment processors) under data-processing agreements;

  • with professional partners (associate coaches/consultants) bound by confidentiality;

  • in connection with a business sale or restructure where the buyer is bound by this policy;

  • with third-party marketers only if you have given explicit opt-in consent.

We never sell your personal data.

International transfers

Where suppliers are outside the UK/EEA, we rely on UK adequacy regulations or Standard Contractual Clauses plus the UK Addendum to safeguard your information.

Data security

  • TLS encryption protects data in transit.

  • Role-based access controls and MFA protect data at rest.

  • Annual penetration testing and patch management minimise risk.


Despite our efforts, no method of transmission over the Internet is completely secure; you transmit data at your own risk. 

Data retention

  • Enquiry emails. Messages you send us with questions or requests stay in our system for up to two years after our last exchange.

  • Client engagement files. Materials from coaching or consulting engagements—such as contracts, session notes and reports—are stored for seven years after the engagement ends. That length is required so we’re covered by professional-indemnity rules.

  • Marketing records. If you’ve signed up for newsletters or event updates, we’ll keep your subscription details until you unsubscribe or we notice three years of complete inactivity, whichever comes first.

  • Financial records. Anything we need for accounting and tax—like invoices and payment logs—is retained for six years, as HMRC regulations demand.

Once any of these time-limits run out, we either remove personal identifiers to anonymise the data or delete it securely.

Cookies

We use cookies to:

  • remember choices you make on the Website;

  • measure how people use the site so we can improve it;

  • support marketing (only if you consent).

For full details see our separate Cookie Policy.

 

You can manage cookies via the banner or your browser settings. Blocking cookies may impair site functionality.

Your rights

Under the UK GDPR you have rights to:

  1. Access the data we hold about you.

  2. Rectify inaccurate or incomplete data.

  3. Erase data (“right to be forgotten”).

  4. Restrict or object to processing.

  5. Port data to another provider.

  6. Withdraw consent at any time where we rely on consent.

To exercise these rights, e-mail privacy@revelwood.org.uk. We may need proof of identity and will respond within one month.

Third-party links

Our Website may contain links to external sites. We are not responsible for their privacy practices; please read their own policies.

Complaints

If you are unhappy with how we handle your data, please contact us first. You also have the right to lodge a complaint with the Information Commissioner’s Office: www.ico.org.uk

Changes to this policy

We may update this notice from time to time. Any significant changes will be highlighted on this page.

 

Last reviewed 6 July 2025.

bottom of page