Slaxyronyrdlox
Privacy & data

As of

Privacy Policy

This notice explains how Slaxyronyrdlox collects and uses personal information when you visit slaxyronyrdlox.world, correspond with us, or purchase educational materials and non-medical services. We wrote it to align with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and sensible international practice where visitors access the site from outside the United Kingdom.

1. Who controls your data

The data controller is Slaxyronyrdlox, with its principal contact address at 5 Market St, Manchester M1 1WR, United Kingdom. You may reach our privacy inbox at touch@slaxyronyrdlox.world or call +44 161 832 5000 during reasonable UK business hours. When you send a request, include enough detail for us to verify your identity proportionately to the risk involved; we may ask follow-up questions before disclosing or deleting records.

We do not attempt to act as your clinician, therapist, or emergency contact. Privacy correspondence relates to administrative and legal obligations around informational websites, consulting, and educational products only.

2. What this policy covers

This policy applies to personal data processed through the public website, email threads initiated via our published addresses, telephone enquiries logged for follow-up, and contractual relationships such as programme enrolment or consulting agreements. It does not govern third-party platforms that we merely link to; their operators publish separate notices.

Our content discusses movement in everyday life in a general, non-medical way. That editorial choice affects what we collect: we should not need special-category health data to answer a routine question about workshop dates, and we instruct staff not to request clinical records through informal channels.

If you volunteer sensitive health information without a separate lawful pathway, we will minimise retention and, where appropriate, delete it or direct you to a qualified professional instead of storing clinical detail.

3. Categories of personal data

Depending on your journey, processing may involve:

  • Identity and contact details such as name, email address, telephone number, billing address, and organisation name when you identify yourself to receive invoices or join a cohort.
  • Relationship context such as notes you freely provide about your schedule, movement preferences, or learning goals. These notes support educational planning, not diagnosis.
  • Transaction metadata including product identifiers, amounts, currency, timestamps, and payment references supplied by payment processors. We avoid storing full payment card numbers on infrastructure we operate directly.
  • Technical identifiers such as IP address, user agent string, approximate location at city level, device category, and referring URL when our hosting or security tools log server activity.
  • Cookie and pixel identifiers when you consent to optional analytics or marketing technologies described in the Cookie Policy.
  • Communications content including the body of emails, contact form messages, and call summaries prepared for continuity when you ask us to return to a prior conversation.

3.1 Voluntary richness

You choose how much narrative to include. Shorter messages reduce the volume of personal data we hold. Longer messages may help us route you to the right colleague but increase what we must protect; we encourage proportionality.

4. Lawful bases under UK GDPR

We rely on one or more of the following legal bases, documented internally per processing activity:

  • Contract where processing is necessary to prepare, perform, or wind down an agreement you enter with us, including delivering downloads, hosting sessions, or issuing refunds in line with published policies.
  • Legitimate interests for securing systems, understanding aggregated readership patterns, improving navigation and copy, training staff on typical enquiries, and preventing fraud, provided we balance those interests against your rights and offer opt-outs where appropriate.
  • Consent for optional cookies, some marketing emails, or experimental features clearly labelled as voluntary. Consent can be withdrawn through the same interface or by emailing us, without retroactive invalidation of earlier lawful processing.
  • Legal obligation where accounting, tax, or regulatory duties require us to retain certain records or disclose information after receipt of a lawful order subject to review.

4.1 When we decline processing

If no lawful basis applies and you have not consented, we will not process the data beyond minimal storage needed to explain the refusal. That stance protects both parties.

5. Purposes in plain language

Concrete purposes include: operating HTTPS endpoints; filtering abusive traffic; responding to questions about programmes; maintaining waiting lists; issuing receipts; honouring warranty-like commitments on digital goods where described; internal analytics on read times when consented; and defending legal claims. We do not build hidden profiles for unrelated industries, and we do not sell mailing lists.

Where we benchmark content performance, we prefer aggregate dashboards over individual dossiers. Staff access follows least-privilege rules reviewed when roles change.

6. How long we keep information

Retention balances continuity against storage risk. Indicative schedules, subject to statutory overrides:

  • Routine marketing or informational email threads: up to twenty-four months after the last substantive message unless you remain an active client.
  • Consulting engagements with financial records: up to seven UK financial years after the tax year in which the engagement ended, unless a shorter period is agreed and still lawful.
  • Server access logs: thirty to ninety days, extended only during security investigations.
  • Consent logs for cookies: up to twenty-four months from the consent event or last modification.
  • Superseded policy versions: archived in a restricted repository for evidential purposes, not for active marketing.

When timelines expire, we delete, anonymise, or aggregate data so it no longer identifies you. Backup tapes may lag live systems briefly; destruction cycles align with infrastructure vendor capabilities.

7. Recipients and processors

We share personal data only with parties that help us deliver the site and services, under contracts requiring confidentiality and appropriate security. Categories include:

  • Hosting providers and content delivery networks that store files and terminate TLS.
  • Email and calendar providers that transport messages and schedule sessions.
  • Payment gateways that tokenise or authorise card payments.
  • Professional advisers such as accountants, insurers, or law firms bound by duties of confidence.
  • Public authorities when a narrowly drawn legal demand leaves us no lawful alternative after internal triage.

We vet subprocessors for location, certification posture, and breach notification practices. A current list is available on request for enterprise clients; consumers may ask whether a named vendor processes their data.

8. International transfers

Our default posture is to process within the United Kingdom or jurisdictions granted adequacy. If a processor stores data elsewhere, we implement Standard Contractual Clauses, UK addenda, or other Article 46 UK GDPR mechanisms, supplemented by transfer impact assessments where regulators expect them.

You may request a redacted summary of safeguards; we will honour the request unless disclosure would reveal trade secrets or undermine security.

9. Security measures

We combine organisational and technical controls: role-based permissions, multi-factor authentication for administrative consoles where supported, encryption in transit, segregated environments for production versus staging, patching cadence aligned with severity ratings, and incident response playbooks that include ICO notification analysis when legally required.

No control eliminates risk entirely. You should also protect your devices, use unique passwords, and avoid submitting confidential attachments over unsecured public Wi-Fi without a VPN.

10. Your rights

Subject to conditions in UK law, you may have rights to access, rectify, erase, restrict processing, object to certain processing, obtain portability for data you supplied in structured machine-readable form, and withdraw consent without affecting prior lawful processing. You may also object to direct marketing absolutely.

Submit requests to touch@slaxyronyrdlox.world with subject “Data subject request”. We typically respond within one calendar month and may extend by two further months for complex cases, notifying you with reasons.

10.1 Identity verification

We may request proof of identity to prevent disclosure to impersonators. If you authorise an agent, we require evidence of authority unless the agent is a lawyer or other professional bound by regulation.

11. Supervisory authority

You may lodge a complaint with the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom, or via ico.org.uk. We welcome the chance to resolve concerns directly before escalation when feasible.

12. Automated decision-making

We do not make decisions based solely on automated processing that produce legal or similarly significant effects concerning you. If that stance changes in a future product, we will publish an update and, where required, obtain consent or offer human review.

13. Children

The site targets adults interested in movement education. We do not knowingly solicit data from anyone under sixteen without parental authority. If you believe we received a child’s data in error, contact us for prompt review and deletion where appropriate.

14. Changes to this notice

We revise this policy when features, law, or regulator guidance evolves. The hero section date reflects the current edition for quick orientation. Material changes may also be summarised through an on-site banner or email to active clients when proportionate.

Related documents: Cookie Policy, Terms of Use, Refund Policy.