Data Protection Policy

Last Updated: 18 Nov 2024

1. Introduction

Pioneer Leadership Ltd ("we", "us", "our", or "Company") is committed to safeguarding the privacy and personal data of our users, customers, and employees. This Data Protection Policy outlines our practices and principles for protecting personal information in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), and other relevant regulations.

This policy applies to all employees, contractors, and third parties who process personal data on our behalf.

2. Scope and Purpose

The purpose of this Data Protection Policy is to:

  • Ensure the privacy, security, and confidentiality of personal data.

  • Comply with applicable data protection laws.

  • Define the responsibilities of Pioneer Leadership Ltd in collecting, processing, storing, and protecting personal data.

  • Outline procedures to handle data breaches and protect data subjects' rights.

This policy applies to all data processed by Pioneer Leadership Ltd, including but not limited to data collected via our website, social media platforms, email communications, and payment systems.

3. Definitions

  • Personal Data: Any information that relates to an identified or identifiable individual (e.g., name, email, address, payment information).

  • Data Subject: The individual whose personal data is being processed.

  • Data Controller: The organization that determines the purposes and means of processing personal data.

  • Data Processor: Any third party that processes personal data on behalf of the Data Controller.

  • Processing: Any operation performed on personal data (e.g., collection, storage, use, sharing, deletion).

4. Data Collection and Processing

We collect and process the following types of personal data:

a. Types of Data Collected

  • Contact Information: Names, email addresses, phone numbers, and physical addresses.

  • Payment Data: Credit card details and billing information (processed securely via Stripe).

  • Usage Data: Information related to website activity, cookies, and tracking via the Facebook Pixel.

  • Marketing Data: Email addresses used for newsletters and promotional communications.

b. Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Consent: Obtained when users sign up for newsletters or opt-in to cookies.

  • Contractual Necessity: For processing orders and payments via Stripe.

  • Legitimate Interests: For analytics, marketing, and improving our website using the Facebook Pixel.

  • Legal Obligations: To comply with applicable laws and regulations.

5. Data Protection Principles

We adhere to the following principles when processing personal data:

  1. Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner.

  2. Purpose Limitation: Data is collected for specific, legitimate purposes and not further processed in an incompatible manner.

  3. Data Minimization: We collect only the data necessary for the specified purposes.

  4. Accuracy: Personal data is kept accurate and up-to-date.

  5. Storage Limitation: Data is retained only as long as necessary for its intended purpose.

  6. Integrity and Confidentiality: Data is protected using appropriate technical and organizational measures to prevent unauthorized access or loss.

6. Security Measures

We implement appropriate security measures to protect personal data, including:

  • Encryption: Use of SSL/TLS encryption for data transmission.

  • Access Control: Restricting access to personal data to authorized personnel only.

  • Secure Payment Processing: Payments are handled via Stripe, which complies with PCI DSS standards.

  • Data Anonymization and Pseudonymization: Where feasible, we anonymize or pseudonymize data to reduce risks.

7. Data Subject Rights

Data subjects have the following rights regarding their personal data:

  • Right to Access: Request a copy of the personal data we hold.

  • Right to Rectification: Correct any inaccurate or incomplete data.

  • Right to Erasure: Request deletion of personal data, subject to legal and contractual restrictions.

  • Right to Restrict Processing: Request limited use of their data.

  • Right to Data Portability: Receive their data in a structured, machine-readable format.

  • Right to Object: Object to data processing for direct marketing or other legitimate interests.

  • Right to Withdraw Consent: Withdraw consent for data processing where consent was the basis.

To exercise any of these rights, contact us at [Your Contact Email].

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Data that is no longer needed is securely deleted or anonymized.

9. Data Breach Notification

In the event of a data breach, we will:

  1. Assess the impact: Determine the nature and extent of the breach.

  2. Contain the breach: Take immediate action to prevent further unauthorized access.

  3. Notify the Authorities: Inform data protection authorities within 72 hours if the breach poses a risk to data subjects' rights.

  4. Notify Affected Individuals: Inform impacted individuals if the breach is likely to result in significant harm.

  5. Implement Corrective Measures: Review our security measures and make necessary improvements.

10. Third-Party Processors

We use third-party service providers to process personal data on our behalf, including:

  • Stripe: For secure payment processing.

  • Facebook: For analytics and advertising using the Facebook Pixel.

  • Email Service Providers: For managing newsletters and marketing emails.

  • Zapier: For porting data between applications.

We ensure that all third-party processors comply with data protection regulations and implement adequate security measures.

11. Employee Responsibilities

All employees and contractors are required to:

  • Adhere to this Data Protection Policy.

  • Complete data protection training.

  • Report any data breaches or security incidents immediately.

12. Changes to This Policy

We may update this Data Protection Policy from time to time to reflect changes in our practices or legal obligations. We will notify you of significant changes by posting the updated policy on our website.

13. Contact Information

If you have any questions, concerns, or complaints about this Data Protection Policy, please contact us:

  • Email: [email protected]

  • Address: Pioneer Leadership Ltd. PA103 Technology Centre, University of Wolverhampton Science Park, Glaisher Drive, WV10 9RU