Privacy Policy
Last Updated: 11 April 2026
Decoded Ltd (“Decoded”, “we”, “us”, “our”) is committed to protecting your privacy and handling your personal data responsibly and transparently. This Privacy Policy explains how we collect, use, store, and share your personal data when you interact with us, including through our website (getdecoded.co.uk), memberships, events, and community channels.
Decoded Ltd is registered in England and Wales (Company Number: 17145909) with its registered office at North West, UK.
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Decoded Ltd is the data controller.
Personal Data We Collect
1.1 Information You Provide Directly
- Full name
- Email address
- Phone number
- Postal address (where required for invoicing)
- Payment information (processed securely via Stripe — we do not store your card details)
- Dietary requirements and accessibility needs (for events)
- Any information you share in community channels (e.g., WhatsApp group messages)
- Communications you send to us (emails, messages, enquiries)
1.2 Information Collected Automatically
- IP address
- Browser type and version
- Pages visited on our website and time spent
- Referring website
- Device information
1.3 Information from Third Parties
- Payment confirmation data from Stripe
- Information from event booking platforms (if applicable)
How We Use Your Data
We use your personal data for the following purposes:
- To fulfil membership agreements and provide services you’ve requested
- To process payments and handle billing
- To arrange and manage event bookings, including health and safety requirements
- To communicate with you about memberships, events, and updates
- To respond to your enquiries and support requests
- To improve our website and services
- To comply with legal obligations
- To maintain community safety and prevent fraud
Who We Share Your Data With
We do not sell your personal data to third parties. We may share your data with:
- Stripe (payment processor)
- Event venues (for health, safety, and access information)
- WhatsApp/Meta (community groups — shared at your discretion)
- Website hosting and analytics providers
- Professional advisers (accountants, legal advisers)
- Law enforcement or regulatory authorities (where required by law)
Data Processing Agreements: We have data processing agreements in place with all third parties who process your data on our behalf, ensuring they handle your information securely and in compliance with UK GDPR.
How Long We Keep Your Data
- Membership data: Duration of membership + 6 years (for accounts and tax purposes)
- Event booking data: 6 years after event (for liability and compliance)
- Marketing consent records: Until withdrawal + ongoing record of withdrawal
- Website analytics data: Up to 26 months
- Communication records: 3 years after last interaction
When data is no longer needed, we securely delete or anonymise it.
Your Rights (UK GDPR)
You have the following rights regarding your personal data:
- Right to access: Request a copy of your data
- Right to rectification: Request we correct inaccurate data
- Right to erasure: Request deletion of your data (with exceptions)
- Right to restrict processing: Request we limit how we use your data
- Right to data portability: Request your data in a portable format
- Right to object: Object to processing for certain purposes
- Right to withdraw consent: Withdraw consent at any time
To exercise any of these rights, please contact us at nicky@getdecoded.co.uk. We will respond to your request within one month of receipt.
If you’re unhappy with our response, you can lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.
Data Security
We take data security seriously and implement the following measures:
- Payment data is processed via Stripe, which holds PCI-DSS certification
- Our website uses HTTPS encryption
- Access to personal data is restricted to authorised staff only
- We regularly review and update our security practices
While we implement robust security measures, no system is entirely risk-free. We cannot guarantee absolute security, but we are committed to protecting your information.
Cookies
Our website uses cookies in the following categories:
- Essential cookies: Required for core website functionality
- Analytics cookies: Google Analytics (with your consent)
- Marketing cookies: Used with your explicit consent for targeted content
You can manage cookie preferences through your browser settings. You may refuse non-essential cookies, though this may limit website functionality.
International Data Transfers
Some of our service providers (such as Stripe and WhatsApp/Meta) may process your data outside the UK. We ensure that any transfers are protected through Standard Contractual Clauses, as permitted under UK GDPR.
Children’s Data
Decoded is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will delete it immediately.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, and other factors. We will notify you of any material changes by updating the “Last Updated” date and, where appropriate, by sending you a notice via email. Your continued use of our services following such updates constitutes your acceptance of the revised Privacy Policy.
Contact Us
If you have any questions about this Privacy Policy or how we handle your personal data, please get in touch:
- Email: nicky@getdecoded.co.uk
- Website: getdecoded.co.uk
- Address: North West, UK
- Company Number: 17145909
- ICO Registration Number: [INSERT WHEN REGISTERED]