Privacy Policy for The AI Goldprint

 

Introduction

The AI Goldprint (operated by DWA Training Limited, Company No. 16202473) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you visit www.theaigoldprint.co.uk, sign up for an account, or purchase our digital products. It also outlines the legal bases for processing your data under the UK General Data Protection Regulation (UK GDPR) and your rights. By using our website or services, you agree to the practices described in this policy.

If you have any questions about this Privacy Policy or how we handle your data, please contact us using the details in the Contact Us section below.

Data We Collect

We collect both personal information you provide to us and data collected automatically as you use our site:

  • Personal Information: When you create an account or make a purchase, we collect information such as your name, email address, and contact details. If a mailing address or phone number is needed for billing or support, we may collect those as well. This information is provided directly by you.

  • Account Credentials: If you register on our site, we collect login credentials (e.g. your email address and a password). Passwords are stored in an encrypted form and not visible to us.

  • Payment Information: When you make a purchase, payment details (e.g. credit or debit card information) are collected by our payment processor Stripe. We do not store full payment card details on our servers. Stripe may collect your billing name, card details, and other necessary information to process the transaction securely. (See the Third-Party Data Processors section for more on Stripe.)

  • Usage Data: We automatically collect certain data when you use our website. This includes your IP address, browser type, device information, pages visited, referring website, and timestamps. We gather usage data through cookies and similar tracking technologies (explained in Cookies and Tracking below) to help us understand how our site is used and improve your experience.

  • Communication Data: If you contact us via email or through a contact form, or if you submit any inquiries/feedback, we will collect the information you provide (such as your name, email address, and the content of your message).

We do not intentionally collect any special categories of personal data (such as sensitive health information, etc.), nor do we knowingly collect data from children under 13. Our services are intended for adults. If we discover we have inadvertently collected personal information from a child, we will delete it.

How We Use Your Data

We use your personal data for the following purposes:

  • To Provide Services and Fulfill Orders: We use your information to create and manage your user account, to process your orders/purchases, and to deliver the digital products or services you have requested. For example, we use your name and email to register your account and grant you access to purchased content.

  • To Process Payments: Your payment details are used to collect payments for our products. This includes transmitting your information to Stripe to complete transactions and handle billing.

  • To Communicate with You: We use your contact details to send you confirmations, invoices/receipts, and important notices about your purchases or account (for instance, purchase confirmations or password reset emails).

  • To Send Marketing Emails: If you have bought a product from us, we may send you promotional emails about related products, new courses, or updates that might interest you. We only send marketing communications to customers or to individuals who have given explicit consent (such as by subscribing to a newsletter). You can opt out of these emails at any time by clicking the unsubscribe link provided in the message or contacting us. We do not spam and will respect your choice if you opt out.

  • To Provide Customer Support: If you reach out with questions, feedback, or support requests, we will use your information to respond and resolve issues.

  • To Improve Our Website and Services: We analyze usage data (including via Google Analytics) to understand how users navigate our site, which pages or content are most popular, and how we can improve site functionality, content, and user experience. This helps us make informed decisions about new features or content.

  • To Ensure Security and Prevent Fraud: We may use data (like IP addresses or transaction information) to monitor for fraudulent transactions, protect against abuse of our services, and ensure the security of our website and user accounts.

  • To Comply with Legal Obligations: In certain cases we need to process and retain personal data to fulfill our legal and regulatory obligations. For example, we keep transaction records for accounting/tax purposes and may use personal data to comply with lawful requests from authorities or to meet financial reporting requirements.

We will not use your personal information for purposes that are incompatible with those listed above. If we need to use your data for a new purpose, we will update this Privacy Policy and, if required, seek your consent.

Legal Basis for Processing

Under the UK GDPR, we must have a valid legal basis to process your personal data. We rely on the following legal bases:

  • Performance of a Contract: Many data uses are necessary for us to provide our services and fulfill our contract with you. When you create an account or make a purchase, we must process your personal and payment information to deliver the product or service you requested. This is done under Article 6(1)(b) UK GDPR (processing necessary for the performance of a contract).

  • Consent: We will rely on your consent in situations where a legal basis is required for processing. For example, if you are not yet a customer and you sign up to receive our newsletter or marketing emails, we process your email address based on your consent. Likewise, we obtain your consent before using non-essential cookies or similar technologies (see Cookies and Tracking). You have the right to withdraw your consent at any time.

  • Legitimate Interests: We process certain data under the lawful basis of legitimate interests (Article 6(1)(f) UK GDPR). This includes our legitimate interest in improving our services (using analytics data to enhance the website and products), and in direct marketing to our existing customers. For example, sending promotional emails to customers who have made a purchase is in our business interest to inform them of relevant products, and we believe it does not override your privacy rights (especially since you can opt out easily). We also have a legitimate interest in preventing fraud and ensuring the security of our site. When relying on this basis, we consider and balance any potential impact on your rights.

  • Legal Obligation: We may process and retain personal data when necessary for compliance with a legal obligation (Article 6(1)(c) UK GDPR). For instance, we keep certain transaction records to meet tax and accounting laws, and we may disclose information if required by court order or law enforcement requests.

  • Other Bases: In general, we do not rely on public interest or vital interest as a basis for processing your data. If ever your data needed to be used to protect someone's vital interests (e.g., in a medical emergency) or for a task in the public interest, we would only do so in compliance with the law.

Sometimes, the same data may be processed under more than one lawful basis. For example, we might retain invoice information both to perform our contract with you and to satisfy legal record-keeping obligations.

Third-Party Data Processors

We use several trusted third-party service providers to operate our business and they may process personal data on our behalf. These third parties are data processors under UK GDPR, meaning they only process your data for the purposes we specify and under our instructions. We have agreements in place with them to protect your information. The key third-party services we use are:

  • Google Analytics: We use Google Analytics, a web analytics service provided by Google, to track and report on how visitors use our site. Google Analytics uses cookies and similar identifiers to collect information such as your IP address (which we have set to be anonymized where possible), browser type, pages visited, and time spent on the site. This information helps us analyze website traffic and user behavior. Google may process this data on servers outside the UK (including in the United States). However, Google is certified under appropriate data protection frameworks and we have measures in place (such as standard contractual clauses) to ensure an adequate level of protection for your data. You can opt out of Google Analytics by using the Google Analytics Opt-Out Browser Add-on or by rejecting analytics cookies (see Cookies and Tracking below). For more details on how Google handles data, you can review Google’s Privacy Policy.

  • Stripe (Payment Processing): We use Stripe to handle all payment transactions on our site. When you purchase a product, the payment information you provide (such as card number, expiration date, CVV, billing address) is transmitted directly to Stripe via a secure, encrypted connection. Stripe processes your payment details securely in accordance with PCI-DSS standards. We do not have access to full card numbers or security codes; we receive transaction confirmations or tokens. Stripe may store and use your payment data for fraud prevention and to process future payments (for example, if you save your card or for subscription billing, if applicable). Stripe is a global company, so your data may be transferred outside the UK/EEA, but Stripe is committed to GDPR compliance and uses appropriate safeguards for data transfers. For more information, see Stripe’s Privacy Policy.

  • Kajabi (Website & Product Platform): Our website and digital products are hosted and delivered through the Kajabi platform. Kajabi provides the infrastructure for our site, including managing user accounts, course content delivery, and some email communications. When you sign up or purchase through our site, your account information (name, email, encrypted password, purchase history, etc.) is stored on Kajabi’s servers. Kajabi may also collect data such as your log-in times, IP address, and other usage metrics related to your access of the digital products. Kajabi acts as a data processor, meaning it only processes your data to enable our service (e.g., creating accounts, delivering content, sending necessary emails on our behalf). Kajabi is a U.S.-based company, so personal data may be transferred to or stored in the United States. Kajabi has a Data Processing Addendum and adheres to privacy laws to ensure your data is protected (e.g., via standard contractual clauses for EU/UK data transfers). You can read more in Kajabi’s Privacy Policy.

  • Email Service Provider: [Optional: If applicable] For sending email newsletters or updates, we may use an email service provider. (For example, some businesses use services like MailChimp, ConvertKit, or Kajabi’s built-in email system for marketing emails.) This would involve storing your name and email with that provider to facilitate our email communications. Any such provider would only use your data to send emails on our behalf and not for their own purposes. (Note: If Kajabi’s email features are used exclusively, this bullet may not apply or can be merged with Kajabi above.)

  • Other Service Providers: We may use additional third parties for specialised services, such as cloud storage or technical support. For instance, we might use web hosting or backup services, or analytics tools aside from Google. We only share the data necessary for them to perform their functions, and they are obligated to protect it. We do not sell or trade your personal information to third parties for their own marketing or purposes.

Each of our third-party processors is carefully selected to ensure they commit to maintaining the confidentiality and security of your data. They are only permitted to process your data for the specific purposes we've outlined, and in line with our instructions and UK data protection law.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to provide functionality and analyse performance. Cookies are small text files placed on your device that allow us or third parties to recognise you and collect certain information. When you visit our site, we may set the following types of cookies:

  • Essential Cookies: These cookies are necessary for the website to function properly. For example, they enable basic features like user login, account management, and secure checkout. Without these cookies, the services you have asked for (such as adding a product to cart or accessing your account) cannot be provided.

  • Analytics Cookies: We use cookies for analytics purposes, primarily through Google Analytics. These cookies collect information about how visitors use our site (e.g., which pages are visited, which links are clicked, what time of day visits occur). The data is aggregated and does not directly identify individual users. It helps us improve website functionality and understand user interests. We have configured Google Analytics to anonymize IP addresses where applicable to enhance your privacy.

  • Functionality Cookies: These cookies remember your preferences and choices to provide a more personalized experience. For example, they might remember you from a previous visit so you don't have to re-enter information, or they might keep track of your preferences such as language or region.

  • Advertising/Marketing Cookies: (Currently Not Used) We do not use third-party advertising networks or targeted advertising cookies on our site at this time. We only send marketing emails as described above, and those do not involve cookies. If this changes in the future, we will update this policy and seek any necessary consent.

Cookie Consent: When you first visit our site, you may see a cookie notice or banner. By continuing to use our site with cookies enabled in your browser, you signify your consent to the use of non-essential cookies as described. Where required by law, we will explicitly request your consent for non-essential cookies (such as analytics cookies). You can choose to decline or accept cookies via the banner (if provided) or by adjusting your browser settings.

Managing Cookies: You have the ability to control and manage cookies in various ways:

  • Browser Settings: Most web browsers allow you to refuse or delete cookies. You can usually find the settings in your browser’s “Options” or “Preferences” menu. Note that disabling certain cookies (especially essential ones) may affect the functionality of our website – for example, you might not be able to log in or use the shopping cart.

  • Analytics Opt-Out: To specifically opt out of Google Analytics tracking, you can install the Google Analytics Opt-Out add-on in your browser. This prevents Google Analytics from collecting your data on any site that uses it.

  • Do Not Track: Some browsers have a “Do Not Track” feature. While there is not yet a consistent standard for how DNT requests are handled, our analytics respect any settings or signals as far as possible.

For more detailed information about the cookies we use or to change your preferences, please refer to our Cookie Policy (if we have a separate one) or contact us for details. By using our site, you acknowledge the use of cookies as described in this section.

Data Retention

We keep your personal data only for as long as necessary to fulfill the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements. Retention periods vary depending on the type of data and purpose of processing:

  • Account Information: If you create an account with us, we retain your account data (like your name, email, login info, and purchase history) for as long as your account is active. If you decide to close your account or request deletion, we will remove or anonymize your personal information associated with your account (except for data we are required to keep for legal reasons, as noted below). Inactive accounts may be purged after a lengthy period of non-use, but we typically retain account data unless you request deletion, so that you can log in and access past purchases.

  • Purchase and Transaction Data: We retain records of purchases, transactions, and invoices to fulfill our contract and for our financial records. UK law requires us to keep certain transaction data (including personal data contained in those records, like name and billing address on receipts) for a minimum period – typically 6 years – for tax and accounting purposes. Therefore, even if you request deletion of some data, we may need to keep transaction records until the legal retention period expires. We restrict access to such data and keep it only for those purposes.

  • Marketing Emails Data: If we have your email in our marketing list (as a customer or subscriber), we will retain that information until you opt out or unsubscribe from marketing communications. Once you unsubscribe, we will stop sending you emails and will remove your contact details from the marketing list (though we may keep a record of your request to not be contacted, to ensure we honor your opt-out).

  • Analytics Data: Data collected via Google Analytics is stored by Google according to their retention settings. We have set our Google Analytics data retention to an appropriate period (for example, 14 months for user-level and event-level data associated with cookies and user IDs). Aggregated analytics reports (which do not identify individuals) may be kept longer for internal analysis.

  • Communication Records: If you contact us (for example, via email or support inquiries), we may keep those communications and our responses for a period of time. This helps us manage ongoing inquiries, address any follow-up issues, and improve our customer service. Typically, we would retain support emails for up to a few years, unless you request a deletion and we no longer need the information.

  • Backup and Archives: Please note that residual copies of your personal data might persist in routine backups. However, if we delete data from our active systems, we will also ensure that it is not restored from backups beyond what is necessary. Our backups are kept securely and are subject to deletion policies as well.

After the applicable retention period has ended, we will either delete your personal data or anonymise it (so it can no longer be associated with you) in a secure manner. If deletion or anonymisation is not possible (for example, because the data is stored in archived backups), we will securely store the data and isolate it from further use until deletion is possible.

Data Security

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your information against unauthorised access, alteration, disclosure, or destruction. These measures include, for example:

  • Encryption of sensitive data in transit (SSL/TLS) – our website is served over HTTPS to ensure that personal information (like login credentials and payment details) is encrypted between your browser and our site.

  • Payment Security: All payments are processed through Stripe, which is PCI-DSS compliant. This means your card details are handled with industry-standard security. We do not store your card numbers on our systems.

  • Access Controls: Only authorized personnel and service providers who need to process your data have access to it, and they are subject to strict confidentiality obligations. We limit access to administrative interfaces and databases, and use strong authentication methods to prevent unauthorized access.

  • Data Storage Security: Your data is stored on secure servers (including those of Kajabi and other processors), which employ their own physical and network security measures. We ensure that our providers commit to keeping data safe (for example, Kajabi and Stripe maintain high security standards).

  • Monitoring and Testing: We regularly review our security practices and may employ security tools to monitor our systems for potential vulnerabilities or breaches. Our website software and plugins are kept up-to-date to reduce security risks.

  • Data Breach Procedures: In the unlikely event of a data breach that affects your personal data, we have a process in place to identify, contain, and fix the issue. If a breach poses a significant risk to your rights and freedoms, we will notify you and the relevant supervisory authority (such as the ICO in the UK) as required by law.

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security. You can also help protect your data by keeping your account login details confidential and using a strong, unique password.

Your Rights Under UK GDPR

As a data subject under the UK GDPR, you have several rights regarding your personal data. We respect and uphold these rights. You may exercise any of these rights by contacting us (see Contact Us below). These rights include:

  • Right to Be Informed: You have the right to be informed about the collection and use of your personal data. This Privacy Policy is intended to provide you with that information.

  • Right of Access: You can request a copy of the personal data we hold about you, as well as information on how we process it (commonly known as a "Subject Access Request"). We will provide this information free of charge within one month, unless an extension is permitted by law.

  • Right to Rectification: If any personal data we have about you is incorrect or incomplete, you have the right to request that we correct or update it. For example, if you change email address or spot an error in your profile information, let us know and we will fix it.

  • Right to Erasure: You have the right to request deletion of your personal data in certain circumstances (this is also known as the "right to be forgotten"). You can ask us to erase your data if it’s no longer needed for the purpose it was collected, if you withdraw consent (where the processing was based on consent), or if you object to processing and we have no overriding legitimate grounds to continue, among other reasons. Please note we may not be able to delete data that we are required to keep by law (e.g., purchase records within the 6-year tax retention window), but we will inform you if that’s the case.

  • Right to Restrict Processing: You can ask us to restrict or pause the processing of your personal data in certain situations. For example, if you contest the accuracy of your data, you can request we restrict processing until the accuracy is verified. Or if you have objected to processing (see below), you can request restriction while we consider your objection. When processing is restricted, we can still store your data but will not use it further until the restriction is lifted.

  • Right to Data Portability: For data that you provided to us and that we process by automated means on the basis of consent or contract, you have the right to request that we provide it to you in a structured, commonly used, machine-readable format (for example, CSV file), and you have the right to transmit that data to another controller if technically feasible. In plain terms, this right allows you to take your data from us and reuse it elsewhere. (This typically applies to account data or transaction data you have given us.)

  • Right to Object: You have the right to object to our processing of your personal data when we are doing so under a legitimate interest basis or for direct marketing. Direct Marketing: You can object at any time to receiving marketing emails from us – we will then stop processing your data for marketing purposes immediately. (Each marketing email also contains an easy unsubscribe link.) Legitimate Interests: You can also object to processing based on legitimate interests (such as our analytics or security processing). In some cases, we may have compelling legitimate grounds to continue despite your objection, but we will evaluate each request individually. If you object to analytics cookies, you can also manage this via cookie controls as described above.

  • Rights in Relation to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significant effects for you. We do not engage in any fully automated decision-making without human involvement that has a significant impact on individuals. For example, we do not use algorithms to approve or reject transactions without human review, nor do we profile you in a way that would significantly affect you. If that ever changes, we will inform you and ensure your rights are protected.

  • Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. For instance, if you consented to receive newsletters, you can unsubscribe (withdrawing consent for marketing). Withdrawing consent will not affect the lawfulness of any processing we did prior to the withdrawal.

  • Right to Lodge a Complaint: If you have concerns about how we are handling your personal data, you have the right to lodge a complaint with the supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO). We encourage you to contact us first to see if we can address your concerns, but you can go directly to the ICO. The ICO’s website is www.ico.org.uk, and they can be contacted by phone at +44 303 123 1113.

We will respond to any legitimate requests to exercise these rights as soon as possible, and at most within one month, as required by law. There is generally no fee for making a request, unless it is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request (with an explanation).

International Data Transfers

Because we are based in the UK but use some services that are located outside of the UK (for example, the United States), your personal data may be transferred to and stored in countries outside the UK or the European Economic Area (EEA). Specifically, data processed by Google, Stripe, or Kajabi may be transferred to the United States or other locations.

When we transfer personal data internationally, we take steps to ensure appropriate safeguards are in place to protect your information consistent with UK data protection laws. These safeguards may include:

  • Standard Contractual Clauses: We rely on standard data protection clauses (standard contractual clauses approved by the European Commission and adopted by the UK ICO) in our agreements with service providers like Stripe, Google, and Kajabi. These clauses contractually require your data to be given the same protection it has in the UK.

  • Adequacy Decisions: If a country has been officially recognized by the UK as providing an adequate level of data protection (at present, the EU/EEA are considered adequate, among others), we may rely on that decision for transfers. (The US as a whole is not deemed fully adequate by the UK at this time, so we use other measures like the clauses mentioned above for US transfers.)

  • Other Safeguards: Our providers also implement additional measures such as encryption in transit and at rest, and secure processing practices, to further ensure your data remains protected when stored overseas. We also review their privacy practices to ensure they meet our standards.

By using our site or giving us your information, you understand that it may be transferred to our trusted third parties in other countries. However, we will always handle your data in accordance with this Privacy Policy and applicable law, wherever it is processed.

If you would like more information about international data transfers or specific safeguards in place, please contact us.

Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will revise the "Effective Date" at the top of the policy. If any material changes are made, we may also notify you by email or by placing a prominent notice on our website prior to the change becoming effective, so you have a chance to review the updated policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services after any modifications to this policy will signify your acceptance of the changes.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us. We are here to help and will respond as promptly as possible.

Contact Information for Data Protection Inquiries:
The AI Goldprint (DWA Training Limited)
Email: [email protected]
Postal Address: Data Protection Officer (or Privacy Team),
DWA Training Limited (The AI Goldprint)
1a City Gate, 185 Dyke Road,
Hove, BN3 1TL,
United Kingdom

Please feel free to reach out if you wish to exercise any of your rights or if you need clarification on any aspect of this policy. We value your privacy and will do our utmost to address your inquiries.

Thank you for reading our Privacy Policy. We appreciate your trust in The AI Goldprint and are dedicated to keeping your personal information safe and secure.