PRIVACY POLICY - H27 CONSULTING LTD

Last Updated: 1/07/2026

1. INTRODUCTION

This Privacy Policy outlines how H27 Consulting Ltd (we, us, or our), operating as the International Company providing the CLUB27 training protocol, collects, uses, and protects your personal data. We operate in strict accordance with the Data Protection Act 2018 (DPA 2018), the UK GDPR, and, where applicable for international students, the General Data Protection Regulation (EU) 2016/679 (GDPR).

2. SUPERVISORY AUTHORITY

The data controller is registered with the Information Commissioner’s Office (ICO), the UK’s independent authority set up to uphold information rights. In compliance with English law, we commit to processing data lawfully, fairly, and transparently.

3. LEGAL BASIS FOR PROCESSING

We adhere to a strict policy of data minimization. We process personal data exclusively under the following legal bases: Contractual Necessity: To register your unique identifier, monitor required study times (minimum 32 days), verify system access, deliver the educational materials, and issue your unique PASSKEY. Legal Obligation: For mandatory commercial invoice issuance and tax compliance with HMRC (HM Revenue and Customs). Legitimate Interest: For secure transaction monitoring and fraud prevention during the checkout process. Pre-contractual Measures: To handle, manage, and respond to your voluntary requests for information or to book a free introductory call sent directly to our support email.

4. EXCLUSIVE DATA COLLECTION AND THIRD-PARTY SERVICES

We collect only the data strictly necessary to complete your purchase, respond to your inquiries, and activate your training protocol. The personal data collected is limited to: 1. First Name and Surname (Identification) 2. Email Address (Acting as your unique USER-ID for tracking, verification, and communication) 3. Tax ID / Codice Fiscale (Mandatory for commercial invoicing) Third-Party Infrastructure and Retention: Stripe Payment Infrastructure: The collection of the data listed above occurs entirely within Stripe's secure native form for payment processing and fraud prevention. Data Retention: In compliance with UK tax law (HMRC), billing data (Name, Surname, Email, and Tax ID) will be securely retained for a mandatory period of 6 years.

5. DATA MINIMISATION AND PROTOCOL TRACKING

We maintain a strict Zero-Data policy regarding sensitive operational infrastructure: We do not request, store, or have access to your private keys, external platform passwords, or corporate operational systems. Your USER-ID (Email) is utilized internally by our computer system for the sole purpose of verifying the mandatory minimum study period of 32 days before initiating the Passkey Unlocking Procedure.

6. YOUR RIGHTS (DATA SUBJECT RIGHTS)

Under the DPA 2018 and UK GDPR, you hold the following rights regarding your data: 1. Access: Request a copy of the specific personal data we hold about you. 2. Rectification: Correct or update inaccurate data (e.g., misspelled Name or Email). 3. Erasure (Right to be Forgotten): Request deletion of your data, subject to the mandatory 6-year HMRC tax retention requirements. 4. Portability: Receive your structured data in a machine-readable format. 5. Complain: You have the right to lodge a complaint with the ICO (www.ico.org.uk) if you believe our processing violates applicable law. For any queries or to exercise your rights, you can contact our support team at support@passkeystrategy.com.

7. INTERNATIONAL TRANSFERS

As our checkout operates through the global Stripe infrastructure, data may be processed outside the UK/EEA. Such transfers are structurally protected by Standard Contractual Clauses (SCCs) or adequacy decisions to ensure an equivalent, high level of data protection.


CONTACT INFORMATION
For any privacy-related matters, please contact:

H27 Consulting Ltd hello@h27consulting.com Registered Office: Brentford, UK.

Client support: support@passkeystrategy.com

Search