This document discloses the privacy practices for www.mandylehto.com (“the Site”), a website owned and operated by Mandy Lehto Ltd. (“we” or “us”).
As part of the normal running of the Site’s services, we collect and, in some cases, disclose information about you. We are committed to safeguarding your personal data (i.e. data relating to an identified or identifiable individual, either on its own or together with other information).
The Site is not intended for children under 18 years of age. If you are a minor (under the age of 18), please do not submit any personal information to the Site. We do not intentionally collect or use any information from children.
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.
Our full details are:
Full name of legal entity: Mandy Lehto Ltd.
Name or title of data privacy manager: Mandy Lehto Ltd.
Email address: email@example.com
Postal address: 5 Rowan Terrace, Courthope Villas, London, SW19 4TF, United Kingdom
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
The Site may include links to third-party websites, plug-ins and applications. Clicking on those links, or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites, and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
If you are a visitor to www.mandylehto.com (“the Site”) our policy is as follows:
- We only collect information you provide for the purposes of signing up to our website (including Newsletter/blog, podcast, and if you’ve opted in, The Daily Moxie). We will only use it to deliver items and updates that you have requested.
- The Site does not automatically capture or store personal data, other than logging your IP address and session information (such as how long you visited the Site, browser used, pages visited). This data is recognised by the web server and is only used for system administration and to provide statistics, which we use to understand and evaluate how the Site is used.
Categories of data, why we collect it and the lawful basis for processing:
Customer Data – If you are a business contact (such as a client, potential client, supplier, potential supplier, actual or potential collaborator, or a sub-contractor):
- We collect your personal data that relates to any purchase of goods and/or services, including title, name, email, phone numbers, contact and/or billing address and other personal data that you provide directly to us.
- We process this data to supply goods and/or services you have purchased, to keep records of such transactions, and to manage our business.
- Our lawful ground for this processing is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract.
Communication Data – If you contact us:
- Communication data includes any communication that you send us, whether through contact forms on the Site, or via email, text messaging, social media posting, any form of social media messaging, or any other communication that you send us. This may contain personal information, such as name, title, email address, telephone numbers and any other personal information you might disclose.
- We will collect this information where we believe that we have a legitimate interest to continue to communicate with you on the matter at hand, and on other related matters, as per the above. We also process this data for record keeping and for the establishment, pursuance or defence of legal claims.
- Our lawful basis for processing is our legitimate interests, which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.
User Data – if you choose to subscribe to our newsletter/blog/podcast:
- This is where you have given us explicit permission to process your personal information for a given purpose, such as to receive our Newsletter/blog and the Daily Moxie, if you have opted in.
- We only collect information you provide for the purposes of signing up to our website newsletter. We will only use your information to deliver items and updates that you have requested. We also process this data to operate our website (i.e. to ensure the security of our website, to maintain back-ups of our website and/or databases) and to enable publication and administration of our website, other online services and business. You may withdraw your consent to receive these Newsletters by clicking the ‘Unsubscribe’ link visible on every covering email.
- Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business.
Technical Data – If you visit our website:
- This includes your IP address, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings that you use to access our website. The source of this data is from our analytics tracking system.
- We process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and marketing to you and to understand the effectiveness of our advertising.
- That includes data about your preferences in receiving marketing from us and our third parties and your communication preferences.
- We process this data to enable you to participate in promotions such as competitions, prize draws and free give-aways, to deliver relevant website content and marketing/advertising to you and measure or understand the effectiveness of this advertising.
- Our lawful ground for this processing is our legitimate interests which in this case are to study how customers use our products/services, to develop them, to grow our business and to decide our marketing strategy.
Aggregated Data. We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data, but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be used in accordance with this privacy notice.
Our lawful ground for this processing is legitimate interests, which is to grow our business. We may also use such data to send other marketing communications to you. Our lawful ground for this processing is either consent or legitimate interests (namely to grow our business).
Sensitive Data. We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
If you fail to provide personal data. Where we need to collect personal data by law (or under the terms of a contract we have with you), and you fail to provide that data when requested, we may be unable to perform the contract we have, or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case.
How is your personal data collected?
We use different methods to collect data from and about you, including through:
Direct interactions. You may give us your identity and contact data by filling in forms at training events or presentations, or by corresponding with us by post, phone, e-mail, social media (including social media messaging) or otherwise.
This includes personal data you provide when you:
- apply for our products or services
- request a discovery meeting, in person, by phone, or online
- subscribe to our service or publications (including our newsletter/blog and podcast)
- request marketing to be sent to you
- enter a competition, promotion or survey
- give us some feedback
Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
Technical Data from the following parties:
- analytics providers, such as Google based outside the EU
- advertising networks such as Facebook, based outside the EU
- search information providers such as Google based outside the EU
- Identity and Contact Data from publicly available sources, such as Companies House and the Electoral Register based inside the EU
- Providers of technical, payment and delivery services, such as data brokers or aggregators
We will only process personal information when the law allows us to. This may include the following:
- Contractual necessity: Where we need to perform the contract we are about to enter into, or have entered into with you
- Legitimate business purposes: Where it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests
- Legal obligation: Where we need to process and retain client invoice information to comply with a legal or regulatory obligation
- User consent: This is where you have given us permission to process personal data for a given purpose. For instance, you’ve filled in an enquiry or feedback form. You are legally entitled to withdraw this consent at any time
How we use your personal information
- To provide and deliver our service or goods. We require some of your personal details to register you as a client to deliver coaching, for instance (or if goods are involved, to be able to deliver them to you). We collect identity and contact data, the lawful basis of which is performance of a contract with you.
- To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). The type of personal data used includes identity, contact and technical. The lawful basis: Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business re-organisation or group restructuring exercise); and necessary to comply with a legal obligation.
- Dispute Resolution.We may use information about you, and other information we obtain from your current and past activities on the Site to resolve disputes, troubleshoot problems, and enforce our Terms and Conditions and copyright policies.
- To improve and maintain performance: We use data analytics to improve our website, products/services, marketing, customer relationships and experiences to provide you with the best possible user experience. Using personal experience helps us to understand how you use our Site, so we can optimise it for ease of use. Personal data used is technical and usage, the lawful basis of which is: Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).
You can ask us (or third parties) to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you.
If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as purchases.
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at firstname.lastname@example.org
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis, which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Disclosures of your personal data
- Legal processes: We may disclose your information to comply with applicable law, regulation, legal process or governmental request. We reserve the right to fully cooperate with legal authorities in this regard.
- Advertisers:We disclose aggregate information about our users to advertisers and for other marketing and promotional purposes. We do not disclose any personally identifying information to these entities.
- Third-Party Suppliers: We may use third party suppliers to assist us in providing the services available on an outside website. We impose contractual restrictions on the use by our third party suppliers of information concerning you, and do not permit third party suppliers to sell your information to other third parties.
- Service Providers:We may share your personal data with outside service providers who provide IT and system administration services, or general administrative and/or design services, or specialised services to support our business and/or clients.
- Professional Advisors: We may also share data with professional advisors, including lawyers, bankers, auditors and insurers.
- In the event that we sell any, or all, of our business to a buyer.
All third parties to whom we transfer your data are required to respect the security of your personal data, and to handle it in accordance with the law.
We do not sell or rent your personally identifiable information to any third party. We use practices that are consistent with standards in our industry to protect your privacy. We cannot promise that your personally identifiable information or private communications will remain private. For example, third parties may unlawfully intercept or access transmissions or private communications on our website.
Security of personal data
We have measures in place to prevent your personal data from being accidentally accessed, used, lost, altered or disclosed without authorisation. We also allow access to your personal data only to those employees and partners who have a business reason to access such data.
These measures are reviewed to ensure their continuing appropriateness to keep your data secure.
Retaining your personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
In some circumstances we may anonymise your personal data for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Under data protection laws, you have rights as an individual in relation to the personal data that we hold about you. Specifically:
- You have the right to know what personal information we maintain about you
- If your personal data is incorrect/incomplete, you have the right to ask us to update it
- The right to withdraw your consent (for example, to unsubscribe)
- The right to access personal data that we process about you
- The right to request the deletion of your personal data
You can see more about these rights at:
If you wish to exercise any of the rights set out above, please email us at email@example.com
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or we may refuse to comply with your request in these circumstances.
If you are not happy with any aspect of how we collect and use your data, you have the right to file a complaint. We should be grateful if you would contact us first so that we can try to resolve it.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex, or you have made a number of requests. In this case, we will notify you and keep you updated.