Privacy Policy

This Privacy Policy explains how Taldeo Holdings Ltd ("Taldeo", "we", "us", or "our") collects, uses, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Taldeo Holdings Ltd is the data controller for personal data collected through this website (taldeo.com) and our associated services. If you have any questions about this policy or your data, please contact us at hello@taldeo.com.

2. What Data We Collect

We may collect the following categories of personal data:

• Identity data: first name, last name, age range, profession
• Contact data: email address, phone number
• Academic data: university, academic year, course of study (where relevant)
• Assessment data: responses to our Cognitive Performance Index questionnaire
• Health & neurodiverse data: information about neurodevelopmental conditions (collected voluntarily and processed under Article 9(2)(a) UK GDPR — explicit consent)
• Transaction data: details of payments made for our programmes and services
• Usage data: information about how you use our website
• Marketing preferences: your preferences for receiving communications from us

3. How We Collect Your Data

We collect data through:

• Sign-up and enquiry forms on our website
• The Cognitive Performance Index assessment
• Programme registration and booking forms
• Direct correspondence by email or phone
• Automated technologies including cookies (see our Cookie Policy)

4. How We Use Your Data

We use your personal data to:

• Deliver and manage the programmes and services you have registered for
• Process payments and send booking confirmations
• Send you information relevant to your enrolment, including session details and materials
• Send marketing communications (only where you have given your consent or where we have a legitimate interest, and you can opt out at any time)
• Improve and personalise our services
• Comply with our legal obligations

5. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

• Contract: where processing is necessary to fulfil a contract with you
• Consent: where you have given explicit consent (e.g. marketing emails, sensitive health data)
• Legitimate interests: where we have a legitimate business interest and it does not override your rights
• Legal obligation: where we are required to process data to comply with law

6. Sharing Your Data

We do not sell your personal data. We may share it with:

• Kit (ConvertKit): our email marketing platform, used to manage communications and community subscriptions
• Stripe: our payment processor, for handling transactions securely
• Google: for calendar booking and analytics
• Any other service providers who assist us in operating our business, all of whom are required to process your data only on our instructions and in accordance with UK GDPR

We may also disclose data where required by law or to protect our legal rights.

7. International Transfers

Some of our service providers are based outside the UK. Where we transfer data internationally, we ensure appropriate safeguards are in place in accordance with UK GDPR, including Standard Contractual Clauses or adequacy decisions.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. Marketing data is retained until you withdraw consent. Assessment and programme data is typically retained for up to 3 years.

9. Your Rights

Under UK GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — request we correct inaccurate or incomplete data
• Erasure — request we delete your data ("right to be forgotten"), subject to legal obligations
• Restriction — request we restrict processing of your data in certain circumstances
• Portability — request a machine-readable copy of your data
• Objection — object to processing based on legitimate interests or for direct marketing
• Withdraw consent — at any time where processing is based on consent, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at hello@taldeo.com. We will respond within one calendar month.

10. Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk | 0303 123 1113.

11. Security

We take appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, disclosure, or destruction. All payment transactions are processed via Stripe's secure, PCI-DSS compliant infrastructure.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or by email. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact Us

For any privacy-related queries:
Email: hello@taldeo.com
Website: taldeo.com