Skip to content

1 Introduction

1.1 About Us

Within this Privacy Policy, any reference to ‘the company’, ‘we’, ‘our’, or ‘us’ refers specifically to Illuminated Path, a company incorporated in Scotland under company number SC716685 and registered at the address:

1.2 What Does This Policy Cover?

This Privacy Policy applies to your use of our website and participation in programmes and services provided by the company. Our website may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites. We advise you to check the privacy policies of any website before providing any data to them.

2 What Information We Collect

2.1 Registering with us

We currently collect and process the following information:

  1. Name, email address, phone number, age (required)
  2. Home address, country of nationality (optional)
  3. Information shared with us during surveys.
  4. Information provided from third party sources, such as our Partners, who connect you to our service.
  5. Data relating to your use of our website.
  6. Payment information is processed through Stripe. We do not store this sensitive information ourselves.

2.2 Using Our Website

We want to process as little personal information as possible when you use our website. That’s why we’ve chosen Fathom Analytics for our website analytics, which doesn’t use cookies and complies with the GDPR, ePrivacy (including PECR), COPPA and CCPA. Using this privacy-friendly website analytics software, your IP address is only briefly processed, and we (running this website) have no way of identifying you. As per the CCPA, your personal information is de-identified. You can read more about this on Fathom Analytics’ website. The purpose of us using this software is to understand our website traffic in the most privacy-friendly way possible so that we can continually improve our website and business. The lawful basis as per the GDPR is “Article 6(1)(f); where our legitimate interests are to improve our website and business continually.” As per the explanation, no personal data is stored over time.

3 How We Get Personal Information

Most of the personal information we process is provided to us directly by you through the following interactions:

  1. Registering for an account on our website
  2. Making a purchase from us
  3. Signing up for an event
  4. Filling out a contact form on our website
  5. Sending us an email
  6. Contacting us by phone
  7. To allow us to contact you for the execution of our services.
  8. To allow us to mail you materials (as appropriate).
  9. To enable us to analyse the success of our services.

4 How We Use Your Information

By providing our online digital services to you, we and third parties we partner and work with will collect, store, and use your personal information for the following reasons:

  1. To provide you with technical support when requested;
  2. To send you email notifications and updates related to your account on our website;
  3. To enable us to carry out the services we provide;
  4. To contact you for mandatory and/or optional feedback opportunities to enable us to analyse and improve our services;
  5. For marketing purposes, where you give consent to receive marketing communications, which includes emails with information and news about our services;
  6. To use your information in an aggregated format to identify trends on our website.
  7. To share general user data with our partners for research on how to improve our services;
  8. To mail you materials (as appropriate);

4.1 Legal Basis for Processing Your Information

We have multiple legal bases for collecting and utilising the personal information described above.

  1. Where the use of your personal information is necessary to perform our obligations under any contract with you (including executing any of our services and/or providing you with access to our online shop website, for which you have registered);
  2. Where we have your explicit consent to collect, store, and use your information for particular purposes, including where you consent to receiving email newsletters and updates about our company or services;
  3. Where use of your personal information is necessary for purposes of pursuing our legitimate interests as long as these interests are not outweighed by your own interests, fundamental rights, or freedoms. For example, ensuring that any case involving your personal information is reasonable, and any information used has a minimal impact on your personal privacy. Such legitimate interests are:
    1. Conducting our day-to-day business, including keeping our website fully functional and offering our services;
    2. To test and release new services which we believe benefit our customers;
    3. To ensure we deliver a high level of satisfaction and service to all those who are involved with the execution of our services through continuous communication and responses to inquiries;
    4. To track and ensure we complete contractual obligations;
    5. To carry out market research and develop our company;
    6. To operate our website;
    7. In some limited cases, we may have legal obligations to collect personal information from you.

5 Whom we may share your information with

For the purposes listed above, we may share your information with the following third parties. Please note that any third parties’ use of your personal data will be governed by their own privacy policies and may have separate obligations under applicable data protection laws. We suggest that you review any third party privacy policies that may apply to you carefully. Where we share any of your information with third parties, we will always ensure there are adequate technical and organisational protections in place. If there is any international transfer of your personal data, we will only do so where there is an appropriate adequacy finding for the country in which the third party is based or through appropriate contract with the relevant third party.

5.1 Third parties that can potentially receive your information include:

  1. Our payment service provider Stripe, Inc; and
  2. Customer relationship management service providers such as services which allow us to send personalised emails to you;
  3. Our file storage and management service providers;
  4. Any entity which we are under a duty to disclose or share your information to comply with any legal obligation, or in order to enforce or apply our Terms and other legal requirements, to protect our rights, property, safety of our users or others; including the exchanging of information with companies or organisations to enable fraud protection and reduce credit risk;
  5. Where we are looking at selling or merging our business or company, we will share information with any third party to whom we may choose to sell, transfer or merge parts of our business or our assets. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.

If you have any questions or want more details on how we share your personal data, please contact us.

7 Storage and Security of Information

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Upon registering, we will ask you to choose a password which enables you to access our online shop. You are responsible for ensuring this password remains confidential. We request that you do not share this password with any person or entity.

8 Data Retention

We keep personal information we collect from you where we have an ongoing and legitimate business need to do so (such as providing you with a service you have registered for, or to comply with applicable legal, tax, or accounting requirements). When we no longer have an ongoing legitimate business need to process your personal information, we will either delete or anonymise it, or if this remains impossible, then we will secure and store your personal information and isolate it from any further processing until we can delete the information.

9 Your Rights

Under UK Data Protection Legislation, you have the following rights, which we will always work to uphold:

  • The right to be informed about our collection and use of your personal data.
  • The right to access the personal data we hold about you.
  • The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
  • The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold. Please contact us to find out more.
  • The right to restrict (i.e. prevent) the processing of your personal data.
  • The right to object to us using your personal data for a particular purpose or purposes.
  • The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
  • The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and where that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
  • Rights relating to automated decision-making and profiling. We do not use your personal data in this way.

In most cases, you are not required to pay any charge for exercising your rights. If your request is unfounded, repetitive or excessive, we may charge you a reasonable fee.   If you make a request, we have one month to respond to you. Occasionally we may take up to three months if your request is particularly complex or you have made a number of requests but we will always try to respond as quickly as possible.

10 Children

We take our legal obligation to protect the privacy of children very seriously. Therefore, we do not knowingly collect or maintain personal information from persons under thirteen (13) years of age, and no part of our Site is directed to persons under thirteen (13) years of age. If you are under thirteen (13) years of age, then please do not use or access our Site at any time or in any manner. We will take appropriate steps to delete any personal information of persons less than thirteen (13) years of age.

11 Cookies

There is no legal requirement to disclose use of, or to gain consent to use any cookie that is “strictly necessary” for the operation of the website. This website only uses cookies that are strictly necessary to functionality of our website, such as keeping you logged into your account.

12 Contact Details

Illuminated Path

+44 (0) 1292 372336 [email protected]

13 Updating the Privacy Policy

We retain the right to edit this Privacy Policy when necessary to comply with the law and in accordance with the best practices in our industry or to meet any changing business requirements. Any updates or amendments will be posted on our website so you should regularly check this to keep up to date with how we use your data. If there are any key changes, we will also email out a copy of our privacy policy to you.

14 How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at [email protected]. You can also complain to the ICO if you are unhappy with how we have used your data. The ICO’s address: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Helpline number: 0303 123 1113 ICO website: https://www.ico.org.uk