GDPR Privacy

GDPR Privacy Policy

Last Updated: 1 June 2025

1. Introduction Nubea Media Limited (“we,” “us,” “our”) is committed to protecting the privacy and security of your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our websites, use our services, or engage with us.

2. Data Controller Nubea Media Limited is the data controller responsible for your personal data. Our registered office is 124 City Road, London EC1V 2NX, Company No. 16087498

3. Personal Data We Collect

  • Contact Data: Name, email address, postal address, telephone number.

  • Account Data: Billing address, payment details (processed securely by third-party providers), login credentials.

  • Usage Data: IP address, browser type, device identifiers, pages visited, time and date of visits, referral URLs.

  • Special Category Data: Health conditions or disability information, where voluntarily provided to tailor our services.

  • Communications Data: Enquiries, support requests, feedback, and other correspondence.

  • Coaching and meeting recordings (where sessions are recorded for quality, training, accountability, and/or legal compliance).

This includes personal data collected when an individual purchases digital training, coaching, or business services delivered under our trading brands. 

Nubea Media Ltd may deliver services under trading names or associated platforms. Personal data remains controlled by Nubea Media Ltd regardless of the brand or website through which services are accessed.
 

4. Lawful Bases for Processing We process personal data on the following bases:

  • Contractual Necessity: To perform our contract with you (e.g., deliver services, process payments).

  • Legal Obligation: To comply with laws and regulatory requirements.

  • Legitimate Interests: To operate and improve our business, maintain security, prevent fraud, and market our services (subject to your rights).

  • Consent: Where you have given clear consent (e.g., marketing communications).

  • Vital Interests: To protect your vital interests in emergency scenarios (rare).

Where we process special category data (e.g., health/disability information provided voluntarily to tailor services), we rely on Article 9(2)(a) (explicit consent) and, where necessary for legal claims, Article 9(2)(f).
 

5. How We Use Your Data We use personal data to:

  • Provide and manage our services and products.

  • Process invoices, payments, and requests for refunds.

  • Communicate with you about your account and services.

  • Personalize and improve our website, content, and marketing.

  • Comply with legal obligations and audit requirements.

  • Respond to enquiries, requests, or complaints.

6. Data Sharing and Disclosure We may share personal data with:

  • Service Providers: Payment processors, IT hosting, analytics, and marketing platforms, under confidentiality agreements.

  • Professional Advisors: Legal, accounting, or insurance advisors when necessary.

  • Regulatory Authorities: To comply with legal obligations or legitimate requests.

  • Third-Party Funding Bodies: To upload or report on invoices and grant-funded activities.

7. International Data Transfers Where we transfer personal data outside the UK/EEA, we ensure adequate safeguards such as:

  • Adequacy decisions by the UK government.

  • Standard Contractual Clauses approved by the UK Information Commissioner’s Office.

8. Data Retention We retain personal data for no longer than necessary:

  • Service Records: 6 years from last engagement (for legal, accounting, and audit purposes).

  • Special Category Data: Only as long as necessary to provide tailored services.

  • Marketing Data: Until you opt out or withdraw consent.

  • Support and Communications: 2 years from last contact.

9. Your Rights Under UK GDPR, you have the right to:

  • Access: Request copies of your personal data.

  • Rectification: Correct inaccurate or incomplete data.

  • Erasure: Request deletion of personal data (subject to legal exemptions).

  • Restrict Processing: Temporarily block processing concerning you.

  • Data Portability: Receive your data in a machine-readable format.

  • Object: Object to processing based on legitimate interests or direct marketing.

  • Withdraw Consent: At any time for processing based on consent.

  • Lodge a Complaint: With the UK Information Commissioner’s Office (ICO).

To exercise any rights, contact us at contact@nubeamedia.com. We will respond within one month.

10. Security Measures We implement appropriate technical and organizational measures:

  • Encryption in transit (HTTPS/TLS) and at rest.

  • Access controls and secure authentication.

  • Regular security audits and staff training.

11. Cookies and Tracking Our websites use cookies and similar technologies to enhance functionality and analytics. You can manage cookie preferences in your browser or via our cookie banner. For details, see our Cookie Policy at https://nubeamedia.com/cookies.

12. Children’s Data Our services are not directed at children under 16. We do not knowingly collect or process data from anyone under 16.

13. Payment-Default Data Sharing
For fraud prevention and risk management, we may share limited payment-default information (name, email, invoice number, date, and unpaid amount) with a small network of peer  providers under a Data-Sharing Agreement. We rely on our legitimate interests (Article 6(1)(f) UK GDPR) and retain such data for no longer than 12 months.

14. Changes to this Policy We may update this Privacy Policy periodically. We will notify you of significant changes via email or website notification. Continued use after changes constitutes acceptance.