Effective date: 12 December 2025
Last updated: 12 December 2025
This Privacy Policy explains how [Your Business Name] (referred to as “we”, “us”, “our”) collects, uses, stores, and shares personal data when you visit our website, buy our products, join our community, subscribe to our emails, or work with us.
We follow the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1) Who we are (data controller)
Controller: The Unfinished Idea LTD
Owner: The Unfinished Idea LTD
Email: theunfinishedidea@gmail.com
Address:
If you have privacy questions, contact us using the details above.
2) What personal data we collect
We may collect the following:
*Information you give us**
* Identity and contact details: name, email, phone number, address.
* Account and community details: login details, profile info, posts/comments (if you join a community platform).
* Purchase and billing details: products purchased, invoices, billing address (payment details are handled by our payment provider and are not stored by us).
* Coaching or support information: anything you share during coaching, calls, messages, forms, or support requests.
* Marketing preferences: what you opt into, and your communication preferences.
Information collected automatically
* Website usage data: IP address, device type, browser, pages visited, approximate location, and referral source (via cookies or similar technologies).
Information from third parties
* If you interact with us on social media, we may receive basic engagement data depending on your settings and theirs.
3) Special category data (sensitive information)
Sometimes people choose to share sensitive personal data (for example health-related details) in coaching, forms, or community discussions. We do not require this information unless it is genuinely needed to provide the service you asked for. Where we do process it, we do so with appropriate safeguards and only for the purposes explained in this policy.
4) How and why we use your data (purposes and lawful bases)
UK GDPR requires a lawful basis for each use of personal data. ([Information Commissioner's Office][1])
We typically use your data for:
* To provide products and services you request (for example digital products, collective membership, coaching, workshops)
**Lawful basis:** Contract (to fulfil our agreement with you)
*To manage payments, accounting, and tax records
**Lawful basis:** Legal obligation, and contract where relevant
* To respond to messages and provide customer support
**Lawful basis:** Legitimate interests (running our business and supporting our customers)
*To send newsletters and marketing (only when permitted)
**Lawful basis:** Consent, or legitimate interests where allowed by law
You can unsubscribe any time using the link in an email.
* To improve our website and offers** (analytics, troubleshooting, performance)
**Lawful basis:** Legitimate interests and, where required, consent for cookies
*To protect our business and users (security, fraud prevention, enforcing terms)
**Lawful basis:** Legitimate interests and legal obligation where applicable
Your privacy notice should include your rights (including withdrawing consent) and how to complain to the ICO. ([Information Commissioner's Office][2])
5) Cookies and similar technologies
We use cookies and similar technologies to help our website work, understand how it is used, and support marketing where you choose to allow it.
In the UK, cookie rules sit under PECR, and if cookies process personal data you must also comply with UK GDPR. ([Information Commissioner's Office][3])
You can manage cookies through:
* Our cookie banner or preference centre (if enabled)
* Your browser settings (you can block cookies, but parts of the site may not function properly)
6) Who we share your data with
We may share personal data with trusted service providers (processors) who help us run our business, such as:
* Website hosting and site tools (for example Showit, WordPress plugins, forms)
* Email marketing platform (for example MailerLite, ConvertKit)
* Payments (for example Stripe, PayPal)
* Scheduling and video calls (for example Calendly, Zoom, Google Meet)
* Community platform (for example Skool, Facebook Groups, Mighty Networks)
* Analytics (for example Google Analytics)
* File storage and productivity tools (for example Google Workspace, Dropbox)
* Accounting (for example Xero, QuickBooks)
We only share what is necessary and expect providers to protect your data.
We may also share data if required by law, to enforce our terms, or to protect rights and safety.
7) International transfers
Some of our providers may process data outside the UK. Where this happens, we use appropriate safeguards (such as adequacy regulations or approved contractual safeguards) to protect your information.
8) How long we keep your data
We keep personal data only as long as needed for the purposes above, including legal, tax, and accounting requirements. Typical retention periods may include:
*Customer purchase records: up to 6 years for tax/accounting (UK standard practice)
*Marketing subscriptions: until you unsubscribe or ask us to delete
*Support messages: as long as needed to resolve your request and keep reasonable records
9) Your rights
You have rights over your personal data, including:
* Access to your data
* Correction of inaccurate data
* Deletion (in certain situations)
* Restriction of processing (in certain situations)
* Objection to processing (including direct marketing)
* Data portability (in certain situations)
* Withdraw consent at any time (where consent is the basis)
The UK GDPR requires clear privacy information for individuals, and the ICO explains what to include in privacy notices. ([Information Commissioner's Office][1])
10) Complaints
If you are unhappy with how we handle your data, please contact us first and we will do our best to resolve it.
You also have the right to complain to the **Information Commissioner’s Office (ICO)**, the UK supervisory authority. ([Information Commissioner's Office][4])
11) Security
We take appropriate technical and organisational measures to protect your personal data and reduce risks like unauthorised access, loss, or misuse. ([Legislation.gov.uk][5])
12) Children
Our services are intended for adults. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact us and we will take appropriate steps to delete it.
(If you ever offer an online service directly to children and rely on consent, the UK age limit is 13.) ([Information Commissioner's Office][6])
13) Third-party links
Our website and emails may include links to third-party sites (for example social platforms or partner tools). We are not responsible for their privacy practices, so please review their policies.
14) Changes to this policy
We may update this Privacy Policy from time to time. The latest version will always be posted on our website with the updated date at the top.