Privacy Policy

Privacy Policy for Aspire Steps CIC

Effective Date: 25 May 2025
Next Review Date: 25 May 2026

1. Introduction

This Privacy Policy explains how Aspire Steps CIC ("we," "our," "us") collects, uses, shares, and protects your personal data. We are the Data Controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Aspire Steps CIC is committed to safeguarding your privacy. This policy outlines our data practices and your rights when you interact with our website, services, and communications.

2. What Data We Collect

2.1 Personal Data

  • Name

  • Email address

  • Postal address

  • Telephone number

  • Date of birth (if required for age verification)

  • Payment information

2.2 Technical Data

  • IP address

  • Browser type and version

  • Operating system

  • Device identifiers

  • Cookies and analytics data

2.3 Special Category Data

We do not intentionally collect special category data (e.g., health, ethnicity, political views). If such data is ever collected (e.g., for safeguarding), we will obtain your explicit consent and provide a clear lawful basis.

3. How and Why We Collect Data

3.1 Sources of Data Collection

  • Website forms (e.g., contact, registration, feedback)

  • Email communications

  • Workshop/event registrations

  • Newsletter subscriptions

  • Cookies and analytics tools (e.g., Google Analytics)

3.2 Purposes for Data Use

  • To provide and manage educational services

  • To process payments and purchases

  • To send newsletters, updates, and service-related communication

  • To analyse user interaction and improve our services

  • To meet legal and safeguarding obligations

4. Lawful Bases for Processing

Under Article 6 of the UK GDPR, we process personal data based on:

  • Consent: e.g., for email newsletters or surveys

  • Contract: e.g., to deliver services or resources you’ve requested

  • Legal Obligation: e.g., safeguarding, financial compliance

  • Legitimate Interests: e.g., to enhance services, prevent fraud

Each data use is matched with the appropriate lawful basis, ensuring compliance and transparency.

5. How Data is Used

  • To deliver and personalise our services

  • To provide customer support

  • For service performance analysis

  • To send transactional and promotional communications (if opted in)

  • To comply with legal duties or resolve disputes

6. Data Sharing and Third Parties

We do not sell your personal data. We share data only with trusted third parties who help us deliver our services:

  • Paypal/Stripe: Payment processing

  • Brevo: Email marketing and newsletter distribution

  • Google Meets: Live online sessions and events

  • Google Analytics: Website usage analytics

All third-party processors are bound by data protection agreements and comply with relevant data protection laws.

7. Cookies and Tracking Technologies

We use cookies to:

  • Enable essential site features

  • Analyse website traffic and user behaviour

  • Improve website performance and user experience

Cookies are managed via a cookie consent banner. You can manage or disable cookies through your browser settings.

8. Data Retention

We retain your personal data only for as long as necessary. Criteria include:

  • Duration of your engagement with us

  • Legal and regulatory requirements

  • Type and sensitivity of data

  • Consent preferences

After the retention period, data is securely deleted or anonymised.

9. Data Security

We implement a range of security measures to protect your data:

  • SSL encryption for all web forms

  • Secure login and authentication protocols

  • Role-based access controls for staff

  • Regular security reviews and staff training

10. Your Data Rights

Under the UK GDPR, you have the right to:

  • Access the data we hold about you

  • Request corrections to inaccurate data

  • Request deletion of your data (right to be forgotten)

  • Restrict or object to certain types of processing

  • Receive your data in a portable format

  • Withdraw consent at any time (where applicable)

To exercise your rights, contact us at support@aspiresteps.com.

11. International Data Transfers

Some data may be stored or processed outside the UK by our third-party processors. Safeguards include:

  • Standard Contractual Clauses (SCCs)

  • Providers operating under UK or EU adequacy decisions

Services involved may include companies like Brevo.

12. Children’s Privacy

Our services are primarily intended for users aged 16 and over. For users under 18, parental or guardian consent is required. We do not knowingly collect personal data from children without proper consent.

13. Changes to This Policy

We may update this Privacy Policy to reflect legal, technical, or service changes. The updated version will include a new effective date. Significant changes will be communicated directly via email or website notice.

14. Contact & Complaints

If you have questions or concerns about this Privacy Policy or your data rights, contact us at:

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):


Version: 1.0
Last Updated: 25 May 2025