Privacy Policy
Last updated: 15 March 2025
At lesovarya, we take your privacy seriously. This policy explains how we collect, use, and protect your personal information when you interact with our budget strategy services. We operate in compliance with UK data protection laws, including the UK GDPR and the Data Protection Act 2018.
Who We Are
lesovarya is a budget strategy education provider based in Manchester. Our registered address is Manchester Picadilly Station Unit 15, Manchester M1 2BN, United Kingdom. We're the data controller for the information you provide to us.
When you contact us or use our services, you're trusting us with your data. That's not something we take lightly.
Information We Collect
The type of information we gather depends on how you interact with us. Some of it you give us directly. Other bits we collect automatically when you browse our website.
Contact Information
Your name, email address, phone number, and postal address when you reach out or sign up for our programmes.
Financial Context
Budget goals, financial challenges, and business context you share during consultations or course applications.
Technical Data
IP address, browser type, device information, and how you navigate through our website.
Communication Records
Emails, phone conversations, and support tickets when you interact with our team.
Cookies and Tracking
We use cookies to understand how visitors use our site. These small files help us improve your experience and remember your preferences. You can control cookie settings through your browser, though some functionality might be limited if you disable them.
How We Use Your Information
Everything we collect serves a specific purpose. We don't gather data just for the sake of it.
- To provide our budget strategy education services and respond to your enquiries
- To send you information about upcoming webinars, courses starting in autumn 2025 or early 2026
- To improve our website and tailor content to what actually helps people
- To process payments and maintain financial records as required by law
- To send occasional updates about our services if you've opted in
- To comply with legal obligations and protect against fraud
We won't bombard you with marketing emails. When we do send updates, there's always an easy way to opt out.
Legal Basis for Processing
Under UK data protection law, we need a lawful basis to process your personal information. Here's what applies to us:
- Contractual necessity: When you sign up for a programme, we need your data to deliver that service
- Legitimate interests: We process certain data to run our business effectively and improve our services
- Consent: For marketing communications, we'll ask for your explicit permission
- Legal obligation: Sometimes we're required by law to keep certain records
Who We Share Information With
We're selective about who gets access to your data. We don't sell your information to third parties. Full stop.
Service Providers
We work with trusted companies that help us operate: email platforms, payment processors, website hosting. These providers can only use your data to deliver services on our behalf. They're contractually bound to keep your information secure.
Legal Requirements
If we're legally required to disclose information to authorities or regulators, we will. But we'll only share what's necessary and within the scope of the request.
Business Transfers
Should lesovarya ever merge with or be acquired by another organisation, your information might be transferred. You'd be notified beforehand.
Your Rights Under UK Law
UK data protection legislation gives you substantial control over your personal information. These aren't just theoretical rights. We honour them.
Your Data Protection Rights
Right to Access
Request a copy of the personal data we hold about you. We'll provide this within one month at no charge.
Right to Rectification
Ask us to correct inaccurate or incomplete information. We'll update our records promptly.
Right to Erasure
Request deletion of your personal data in certain circumstances. Note that legal obligations might prevent immediate deletion in some cases.
Right to Restrict Processing
Limit how we use your data while we investigate concerns you've raised or verify accuracy.
Right to Data Portability
Receive your data in a commonly used format or have it transferred to another provider where technically feasible.
Right to Object
Object to processing based on legitimate interests or for direct marketing purposes. We'll stop unless we have compelling grounds to continue.
To exercise any of these rights, contact us at help@lesovarya.com. We'll respond within one month, though complex requests might take up to three months. We'll let you know if that's the case.
How We Protect Your Data
Security isn't an afterthought here. We've implemented measures to prevent unauthorised access, alteration, or disclosure of your information.
Our website uses SSL encryption for data transmission. We store information on secure servers with restricted access. Staff members receive regular training on data protection, and we conduct periodic security reviews.
That said, no system is completely impenetrable. While we work hard to protect your data, we can't guarantee absolute security. If we detect a breach that poses a risk to your rights, we'll notify you and the Information Commissioner's Office within 72 hours.
Data Retention
We don't keep your information longer than necessary. Retention periods depend on the type of data and why we collected it.
| Data Type | Retention Period |
|---|---|
| Course participant records | 7 years after course completion |
| Marketing contact lists | Until you unsubscribe or 3 years of inactivity |
| Financial transaction records | 6 years for tax compliance |
| Website analytics data | 26 months |
| Email correspondence | 3 years unless part of active engagement |
When we no longer need information, we securely delete or anonymise it. Financial records are kept longer due to HMRC requirements.
International Data Transfers
Your data is primarily stored and processed within the United Kingdom. Some of our service providers operate globally, which might involve transferring data outside the UK.
When transfers occur, we ensure adequate safeguards are in place through standard contractual clauses or other approved mechanisms. Your data receives the same level of protection regardless of where it's processed.
Children's Privacy
Our services aren't directed at anyone under 18. We don't knowingly collect information from children. If you're a parent who believes we've inadvertently gathered data about your child, contact us immediately and we'll delete it.
Changes to This Policy
We review and update this policy periodically to reflect changes in our practices or legal requirements. The date at the top shows when it was last revised.
Significant changes will be communicated through email or a prominent notice on our website. Continuing to use our services after modifications means you accept the updated policy.
Complaints and Concerns
If you're unhappy with how we've handled your personal data, let us know first. We'll do our best to resolve the issue.
You also have the right to lodge a complaint with the Information Commissioner's Office, the UK's independent data protection authority. Visit ico.org.uk for more information.