She Closes AcademyBack to home

Privacy Policy

1. Who We Are

She Closes Academy ("we", "us", "our") is operated by Lilia De Matteis, an independent sole trader based in the United Kingdom.

For the purposes of UK GDPR and, where applicable, EU GDPR, Lilia De Matteis is the data controller responsible for your personal data.

If you have any questions about this Privacy Policy, how we process your personal data, or wish to exercise any of your data protection rights, please contact us at:

Email: movewithlilia@gmail.com

2. What Information We Collect

We may collect and process the following categories of personal data:

  • Full name
  • Email address
  • Telephone number
  • Information you voluntarily provide through applications, forms, surveys, bookings, enquiries, coaching sessions, or communications with us
  • Payment and transaction information (processed securely through third-party payment providers)
  • Technical information including IP address, browser type, operating system, device information, and website usage data
  • Marketing and communication preferences

3. How We Collect Your Information

We collect personal data when you:

  • Submit an application
  • Book a call or consultation
  • Purchase a programme, course, service, or product
  • Complete a form on our website
  • Subscribe to our mailing list
  • Contact us by email, social media, telephone, or other communication channels
  • Interact with our website through cookies and similar technologies

4. How We Use Your Information

We use your personal data for the following purposes:

  • To respond to enquiries and applications
  • To assess applications for our programmes
  • To schedule and conduct calls, consultations, coaching sessions, and training
  • To provide purchased services and fulfil contractual obligations
  • To process payments and maintain financial records
  • To send administrative communications relating to your account or services
  • To send marketing communications where permitted by law or where consent has been obtained
  • To improve our website, programmes, and customer experience
  • To protect our business against fraud, abuse, or legal claims
  • To comply with legal and regulatory obligations

5. Lawful Bases for Processing

Under UK GDPR and EU GDPR, we rely on the following lawful bases:

Contract

We process personal data where necessary to perform a contract with you or to take steps at your request before entering into a contract.

Examples include:

  • Delivering purchased programmes and services
  • Managing applications
  • Processing payments
  • Providing customer support

Legitimate Interests

We may process personal data where necessary for our legitimate business interests, provided those interests do not override your rights and freedoms.

Examples include:

  • Responding to enquiries
  • Following up on applications
  • Improving our services and website
  • Managing business operations
  • Preventing fraud and misuse

Consent

We rely on consent where required by law, including:

  • Sending marketing emails where consent is required
  • Using non-essential cookies and tracking technologies

You may withdraw your consent at any time.

Legal Obligation

We may process personal data where necessary to comply with legal obligations, including accounting, tax, regulatory, and legal requirements.

6. Marketing Communications

Where you have expressly consented, we may send you marketing communications regarding our programmes, services, events, educational content, offers, and business updates.

You can withdraw your consent or unsubscribe at any time by:

Withdrawing consent will not affect the lawfulness of processing carried out before consent was withdrawn.

7. How We Store and Protect Your Information

We use appropriate technical and organisational security measures to protect personal data from unauthorised access, disclosure, alteration, loss, or destruction.

Your information may be stored using trusted third-party service providers including:

  • Customer relationship management (CRM) systems
  • Email marketing platforms
  • Booking and scheduling software
  • Payment processors
  • Cloud storage providers

Access to personal data is restricted to authorised persons who require it for legitimate business purposes.

8. International Data Transfers

Some of our service providers may process personal data outside the United Kingdom and/or European Economic Area (EEA).

Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including:

  • UK International Data Transfer Agreements (IDTAs)
  • UK Addendums to Standard Contractual Clauses
  • European Commission Standard Contractual Clauses (SCCs)
  • Transfers to countries recognised as providing an adequate level of data protection

We take reasonable steps to ensure your personal data remains protected regardless of where it is processed.

9. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy and to satisfy legal, regulatory, accounting, or reporting obligations.

As a general guide:

  • Enquiry and application records may be retained for up to 24 months
  • Customer records may be retained for up to 6 years after the end of the business relationship
  • Financial and transaction records may be retained for up to 6 years or longer where required by law
  • Marketing data will be retained until consent is withdrawn or the information is no longer required

When retention is no longer necessary, personal data will be securely deleted or anonymised.

10. Sharing Your Information

We do not sell your personal data.

We may share personal data with trusted third-party service providers who assist us in operating our business, including:

  • Payment processors
  • Email marketing providers
  • CRM providers
  • Booking and scheduling platforms
  • Website hosting providers
  • Analytics providers
  • Professional advisers, accountants, and legal advisers

We may also disclose personal data where required by law, regulation, court order, or governmental authority.

All third parties are required to process personal data securely and in accordance with applicable data protection laws.

11. Your Data Protection Rights

Under UK GDPR and, where applicable, EU GDPR, you have the right to:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data in certain circumstances.

Right to Restrict Processing

Request that we limit how we process your personal data.

Right to Object

Object to processing based on legitimate interests and object to direct marketing at any time.

Right to Data Portability

Request a copy of your personal data in a structured, commonly used, machine-readable format.

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at movewithlilia@gmail.com.

12. Right to Lodge a Complaint

If you are dissatisfied with how we process your personal data, you have the right to lodge a complaint with the relevant supervisory authority.

For individuals in the United Kingdom:

Information Commissioner's Office (ICO)

Website: https://ico.org.uk

We would appreciate the opportunity to address your concerns before you contact a regulator.

13. Cookies

Our website uses cookies and similar technologies to improve functionality, analyse website traffic, and enhance user experience.

Essential cookies are necessary for the operation of our website.

Non-essential cookies, including analytics, performance, and advertising cookies, will only be placed on your device where you have provided your consent through our cookie banner or cookie preference centre.

You may change your cookie preferences at any time through your browser settings or our cookie management tools.

For further information, please refer to our Cookie Policy.

14. Children's Privacy

Our services are intended for individuals aged 18 years and over.

We do not knowingly collect personal data from children. If we become aware that personal data relating to a child has been collected without appropriate authorisation, we will take steps to delete that information promptly.

15. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

16. Third-Party Links

Our website may contain links to third-party websites, applications, or services.

We are not responsible for the privacy practices, content, or security of third-party websites and encourage you to review their privacy policies before providing any personal information.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, business practices, or services.

Any updates will be published on this page together with the revised "Last Updated" date.

We encourage you to review this Privacy Policy periodically.

Last Updated: 31/05/26

She Closes Academy. All rights reserved.