PRIVACY POLICY
PRIVACY POLICY
ELEV8 MASTERMIND LTD
ELEV8 MASTERMIND LTD
Last Updated: 30 January 2026
1. Introduction
Elev8 Mastermind Ltd (referred to as "we", "us", or "our") is committed to protecting your privacy and personal data. We are registered with the Information Commissioner's Office (ICO) with registration number ZB938617.
This Privacy Policy explains how we collect, use, store, and protect your personal data when you participate in our coaching Programs (including The Freedom Code and Freedom Empire), attend our events and retreats, or otherwise interact with our company and services.
This Privacy Policy applies to all clients globally and complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data Controller Information
Company Name: Elev8 Mastermind Ltd
Company Number: 16126197
Registered Address: 128 City Road, London, EC1V 2NX, United Kingdom
Email: support@elev8.global
ICO Registration: ZB938617
3. Personal Data We Collect
We collect and process the following categories of personal data:
3.1 Information You Provide Directly
• Identity Data: Name, title, business name, company registration number, VAT number (where applicable), birthday (on entry to a coaching Program or paid service only)
• Contact Data: Email address, postal address, telephone number, business website, social media account information and URLs
• Financial Data: Payment method details, billing address, transaction history (processed securely through third-party payment processors)
• Profile Data: Business information, revenue details, goals, preferences, feedback, and survey responses
• Communication Data: Information shared in coaching sessions, emails, support requests, community forums, and feedback
• Marketing Preferences: Your preferences for receiving marketing communications and promotional materials
3.2 Information Collected Automatically
• Technical Data: IP address, browser type and version, time zone setting, browser plug-in types, operating system and platform, device identifiers
• Usage Data: Information about how you use our website, digital platforms (The Vault, The Foundation Portal), and services, including access logs, page views, session duration, modules completed, downloads accessed
• Location Data: General location information derived from your IP address
• Attendance Data: Records of attendance at The Freedom Council calls, Clarity Sessions, training workshops, events, and retreats
3.3 Session Recordings and Media
We record Clients in Program sessions (including group coaching calls, Clarity Sessions, and training workshops). Recordings are via videoconferencing platforms such as Zoom. These recordings may contain:
• Your name, image, likeness, and voice
• Business information and strategies you discuss
• Questions, comments, and participation in discussions
• Chat messages and interactions with other participants
• Screen shares and presentations
Important: You are informed before enrolment that Program sessions are routinely recorded. By participating in any session, you acknowledge and consent to being recorded as detailed in your Program Agreement.
In-Person Events and Retreats:
We also record live in-person events, retreats, workshops, and training
sessions via video and photography. These recordings may contain:
• Your name, image, likeness, and voice
• Your participation in activities, exercises, and discussions
• Your questions, comments, and interactions with other participants
• Business information and strategies you discuss during the event
Important: You are informed before registration that in-person events are routinely recorded. By attending any in-person event, you acknowledge and consent to being recorded as detailed in your Event Agreement or Terms and Conditions.
Event recordings are retained under the same retention schedule as Program session recordings (Section 7.1) and may be used for:
• Quality assurance and service improvement
• Providing replay access to event attendees
• Training and educational purposes
• Evidence of event delivery
• Marketing and promotional purposes (with separate opt-in consent)
• Legal and Dispute Records
For non-clients participating in free or paid training, webinars, challenges, workshops, or promotional events (online or in-person):
You are informed at registration (by reference to our Terms and Conditions) that these are routinely recorded. These events may be conducted via videoconferencing platforms (e.g. Zoom) or in person at event venues. By participating in any such event, you acknowledge and consent to being recorded as detailed in the Terms and Conditions referenced during registration.
These recordings may contain your name, image, voice, questions, and any business information you choose to share, and may be used for:
• Providing replay access to registered participants
• Re-purposing into digitally delivered training programs and course materials
• Marketing and promotional purposes
• Lead generation and sales activities
• Quality assurance and training
• Social media and advertising
Photography and Videography at In-Person Events:
If you do not wish to be photographed or filmed at an in-person event, please:
• Inform event staff upon arrival
• Wear the designated opt-out identifier (if provided)
• Avoid areas where photography/filming is taking place
We will use reasonable efforts to accommodate your preferences but cannot guarantee complete avoidance in group settings. For full assurance, you may need to reconsider attendance at events with extensive media coverage.
4. How We Use Your Personal Data
We use your personal data for the following purposes, based on the lawful bases described:
4.1 Contract Performance
We process your data to perform our contractual obligations under Program Agreements and other service agreements, including:
• Delivering coaching services, group sessions, and educational content
• Providing access to The Vault, The Foundation Portal, and Program community areas
• Scheduling and conducting Clarity Sessions
• Processing payments and managing billing
• Communicating with you about your Program participation
• Managing renewals and subscription changes
• Providing customer support and responding to your inquiries
4.1.1 Processing for Prospective Clients
For individuals who register for free or paid webinars, challenges, workshops,
or events but have not yet enrolled in a coaching Program, we process your data
for the following purposes:
• Delivering the training, webinar, challenge, workshop, or event you registered for
• Providing access to materials and recordings where applicable
• Responding to questions and providing support
• Evaluating your suitability for our Programs
• Marketing our Programs and services to you (with appropriate consent)
The lawful basis for this processing is:
• Performance of a contract (Terms and Conditions accepted at registration)
• Legitimate interests (event delivery and business development)
• Consent (for marketing communications, where separately obtained)
4.2 Legitimate Interests
We process your data based on our legitimate interests (or those of third parties), provided your rights do not override these interests:
• Quality Assurance and Training: Recording and reviewing sessions for quality control, coach training, and service improvement
• Record Keeping: Maintaining attendance records, usage logs, and completion tracking for evidence of Program delivery and potential disputes
• Replay Access: Providing recorded sessions to Program participants for educational purposes
• Intellectual Property Protection: Monitoring and preventing unauthorised sharing of proprietary materials
• Business Administration: Managing business operations, financial planning, and resource allocation
• Network Security: Protecting our systems, detecting fraud, and preventing unauthorised access
• Insurance and Risk Management: Maintaining records for insurance purposes and managing business risks
• Event Management: Recording in-person events for quality control, participant access, evidence of delivery, and health & safety purposes
We have conducted a Legitimate Interests Assessment (LIA) for session recording and storage, and a summary is available upon request.
4.3 Consent
Where we rely on your consent, we will process your data for:
• Marketing Communications: Sending you promotional materials, newsletters, and updates about our Programs and services (you may opt-out at any time)
• Promotional Use of Media: Using recordings, photographs, testimonials, or other materials containing your identifiable information for marketing, advertising, or promotional purposes (separate opt-in consent required as per your Program Agreement)
You can withdraw consent at any time by contacting us at support@elev8.global. Withdrawal does not affect the lawfulness of processing before withdrawal.
4.4 Legal Obligations
We may process your data to comply with legal obligations, including tax requirements, financial record-keeping, anti-money laundering regulations, and responding to lawful requests from courts or regulatory authorities.
5. Sharing Your Personal Data
We may share your personal data with the following categories of recipients:
5.1 Service Providers and Contractors
We engage third-party service providers to support our business operations. All contractors are bound by written confidentiality and data protection obligations. These include:
• Payment Processors: For processing payments, managing subscriptions, and handling refunds
• Technology Providers: Platform hosting (e.g., learning management systems), videoconferencing services (e.g., Zoom), email services, and cloud storage
• Community Platform Providers: Facebook Groups or alternative community platforms
• Professional Advisors: Lawyers, accountants, auditors, and insurance providers
• Marketing and Analytics Providers: For website analytics, email marketing, and advertising
5.2 Other Program/Event Participants
Your name, image, voice, and contributions in group sessions and community spaces are shared with other Program/Event participants. Session recordings made available to participants for replay access will contain your identifiable information. This applies to both online sessions and in-person events.
5.3 Legal Authorities and Courts
We may disclose your personal data where required by law, court order, or regulatory request, or to protect our rights, property, or safety, or that of others.
5.4 Business Transfers
In the event of a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred to the relevant third party. We will notify you of any such change and the new entity will be bound by this Privacy Policy or an equivalent.
5.5 Event Venues and Facility Providers
When we host in-person events at third-party venues (hotels, conference centers, retreat facilities), we may share your personal data with venue providers for:
• Event registration and access control
• Accommodation bookings and room allocations
• Catering and dietary requirement management
• Health and safety compliance
• Venue security
We require venues to process personal data only in accordance with our instructions and to implement appropriate security measures.
6. International Transfers of Personal Data
As we serve clients globally and may use service providers located outside the United Kingdom, your personal data may be transferred to, stored, or processed in countries outside the UK, including countries that may not offer the same level of data protection as UK law.
Safeguards for International Transfers:
Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as:
• Use of the UK International Data Transfer Agreement (IDTA)
• UK Addendum to the EU Standard Contractual Clauses (SCCs)
• Transfers to countries with adequacy decisions from the UK Government
• Binding Corporate Rules (where applicable)
You may request further information about the safeguards we use for international transfers by contacting us at support@elev8.global.
Cross-Border Operations:
As our directors, employees, and contractors may be located in various countries (including Australia, the United States, and other jurisdictions), your personal data may be accessed from these locations in the course of providing our services. We ensure all staff and contractors outside the UK who access personal data are bound by contractual data protection obligations equivalent to UK GDPR standards.
Where our staff or contractors access personal data from countries without adequacy decisions (such as Australia or the United States), we rely on:
• UK International Data Transfer Agreement (IDTA)
• UK Addendum to EU Standard Contractual Clauses
• Contractual data protection obligations in employment and service agreements
Australian Privacy Principles Compliance:
Where we process personal data of Australian residents, or where our Australian-based directors and staff access personal data, we also comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) to the extent applicable. However, our primary data protection framework is UK GDPR, and all processing is governed by UK data protection law as specified in our Program Agreements.
6.1 Countries We May Transfer Personal Data To
Your personal data may be transferred to or accessed from the following categories of countries:
• European Economic Area (EEA) countries with UK adequacy decisions
• Australia (via IDTA or UK SCCs)
• United States (via IDTA or UK SCCs, for service providers such as Zoom, payment processors, and cloud hosting providers)
• Other countries where service providers or contractors are located, always with appropriate safeguards in place
For a current list of countries and specific safeguards applied, please contact support@elev8.global.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.
7.1 Retention Periods
• Program Session Recordings: Recordings are made available to Program participants for replay for a minimum of 90 days after the session date. Archived recordings are retained for up to 36 months for operational, legal, training, and insurance purposes, after which they are deleted or irreversibly anonymised unless a legal hold or regulatory obligation applies.
• Client Account Data: Retained for the duration of your Program participation and for up to 6 years after termination or expiry of your Agreement for legal, tax, and insurance purposes.
• Financial Records: Retained for at least 6 years from the end of the financial year to which they relate, as required by UK tax law.
• Marketing Consent Records: Retained for as long as necessary to demonstrate compliance, typically up to 3 years after consent is withdrawn.
• Legal and Dispute Records: Retained for as long as necessary to defend or pursue legal claims, typically up to 6 years or longer if litigation is ongoing.
After the applicable retention period expires, we will securely delete or anonymise your personal data, unless retention is required by law or for legitimate archival purposes.
8. Your Data Protection Rights
Under UK GDPR, you have the following rights regarding your personal data:
• Right of Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can request that we correct inaccurate or incomplete personal data.
• Right to Erasure ('Right to be Forgotten'): You can request deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purpose for which it was collected or you withdraw consent (where consent is the lawful basis).
• Right to Restriction of Processing: You can request that we restrict processing of your personal data in certain circumstances, such as while we verify the accuracy of the data or assess your objection to processing.
• Right to Data Portability: Where processing is based on consent or contract performance and carried out by automated means, you can request that we provide your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your rights.
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw your consent at any time. This does not affect the lawfulness of processing before withdrawal.
8.1 How to Exercise Your Rights
To exercise any of these rights, please submit a written request to:
Email: support@elev8.global
Postal Address: Elev8 Mastermind Ltd, 128 City Road, London, EC1V 2NX, United Kingdom
We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will notify you of the extension and reasons.
We may request specific information from you to verify your identity before processing your request. We do not charge a fee for processing requests unless they are manifestly unfounded, excessive, or repetitive.
8.2 Right to ComplainIf you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
ICO Website: www.ico.org.uk
ICO Helpline: 0303 123 1113
ICO Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
9. Data SecurityWe implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:
• Encryption of data in transit and at rest where appropriate
• Access controls and authentication mechanisms
• Regular security assessments and monitoring
• Staff training on data protection and security
• Secure deletion and disposal procedures
• Contractual safeguards with third-party processors
While we take reasonable steps to protect your data, no system can be completely secure. You are responsible for maintaining the confidentiality of your login credentials and for any activity under your account.
10. Data Breach NotificationIn the event of a personal data breach affecting your personal data, we will notify you without undue delay and, where feasible, not later than 72 hours after becoming aware of the breach, where such notification is required under UK GDPR (Articles 33 and 34).
Our notification will include:
• A description of the nature of the breach
• The categories and approximate number of data subjects and records concerned
• Contact details of our data protection officer or point of contact
• The likely consequences of the breach
• Measures taken or proposed to address the breach and mitigate its effects
11. Cookies and Tracking TechnologiesWe use cookies and similar tracking technologies on our website and digital platforms to enhance user experience, analyse usage, and support marketing activities. For a detailed list of cookies we use, including cookie names, purposes, and expiry periods, please contact support@elev8.global.
You can withdraw cookie consent at any time by:
• Adjusting your browser settings
• Contacting support@elev8.global
11.1 Types of Cookies We Use• Strictly Necessary Cookies: Essential for website functionality, authentication, and security
• Performance Cookies: Collect information about how you use our website to help us improve it
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Track your activity to deliver relevant advertising and measure campaign effectiveness
You can control cookie settings through your browser preferences. However, disabling certain cookies may affect website functionality.
For more information about cookies and how to manage them, visit www.allaboutcookies.org or www.youronlinechoices.eu.
12. Third-Party LinksOur website and communications may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal data.
13. Children's PrivacyOur services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete it promptly.
14. Recording Participant ResponsibilitiesProhibition on Unauthorised Recording:
You must not record (audio or video), screenshot, photograph, or otherwise capture any Program session, chat, or materials without our prior written consent. Any such recording would violate the data protection rights of other participants and breach your Program/Event Agreement.
Third Parties in Recordings:
You must take reasonable steps to ensure that no third party (including minors) is identifiable in your camera view or audio during recorded sessions. If a third party is likely to be captured, you must switch off your camera and/or mute your audio, and you are responsible for obtaining any necessary permissions.
15. Confidentiality in Group SettingsYou must keep confidential and not disclose to any third party any non-public information relating to other Program/Event participants learned through group sessions, community forums, or recordings. This includes their business information, identity, contact details, and discussions.
16. Sensitive Personal DataWe do not normally collect special category personal data (such as health information, religious beliefs, or political opinions). However, you may voluntarily share such information in coaching sessions or community spaces.
Important: Please avoid sharing special category personal data or confidential third-party information in recorded group sessions unless strictly necessary. If you need to discuss sensitive matters, please use designated support channels (e.g., support@elev8.global) or request a private consultation.
Where you provide special category data, we process it on the basis of your explicit consent or because you have manifestly made it public through your voluntary disclosure in group settings.
Biometric Data:
We do not currently collect or process biometric data (such as facial recognition, fingerprints, or voice prints). If we introduce any technology that processes biometric data in the future, we will:
• Provide advance notice and update this Privacy Policy
• Obtain your explicit consent where required by law
• Implement enhanced security measures
17. Automated Decision-Making, Profiling, and AIWe do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. We may use artificial intelligence (AI) tools for the following limited purposes:
• Transcription or editing of session recordings for accessibility and searchability
• Analysis of usage patterns to improve our services
• Content recommendations within The Vault
• AI tools for marketing and client support services
• In AI tools we provide to you for Program content purposes such as custom GPTs that allow you to interact with them and create content, materials, plans and strategies that are based on our principles for your convenience and speed of learning and execution.
Any AI processing is subject to human review and oversight. All AI tools are selected for data protection compliance and contractual safeguards are in place with AI service providers.
18. Changes to This Privacy PolicyWe may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. When we make material changes, we will notify you by:
• Email to the address on file
• Notice on our website
• Notice in the Program platform
The updated Privacy Policy will be effective from the date specified in the notice. Your continued use of our services after the effective date constitutes acceptance of the updated Privacy Policy.
We maintain a version-controlled archive of our Privacy Policy and will provide you with a copy of the version applicable at the time of your enrolment upon request.
19. Contact UsIf you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:
Data Protection Contact: Justin Farina
Email: support@elev8.global
Postal Address: Elev8 Mastermind Ltd, 128 City Road, London, EC1V 2NX, United Kingdom
ICO Registration Number: ZB938617
20. Accessibility of This Privacy PolicyThis Privacy Policy is available on our website at https://elev8.global/PrivacyPolicy. If you require this document in an alternative format (such as large print or audio), please contact us at support@elev8.global.
***
This Privacy Policy was last updated on 30 January 2026 and is effective from the date specified.
For the version of this Privacy Policy applicable at the time of your enrolment, please contact support@elev8.global.
Last Updated: 30 January 2026
1. Introduction
Elev8 Mastermind Ltd (referred to as "we", "us", or "our") is committed to protecting your privacy and personal data. We are registered with the Information Commissioner's Office (ICO) with registration number ZB938617.
This Privacy Policy explains how we collect, use, store, and protect your personal data when you participate in our coaching Programs (including The Freedom Code and Freedom Empire), attend our events and retreats, or otherwise interact with our company and services.
This Privacy Policy applies to all clients globally and complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data Controller Information
Company Name: Elev8 Mastermind Ltd
Company Number: 16126197
Registered Address: 128 City Road, London, EC1V 2NX, United Kingdom
Email: support@elev8.global
ICO Registration: ZB938617
3. Personal Data We Collect
We collect and process the following categories of personal data:
3.1 Information You Provide Directly
• Identity Data: Name, title, business name, company registration number, VAT number (where applicable), birthday (on entry to a coaching Program or paid service only)
• Contact Data: Email address, postal address, telephone number, business website, social media account information and URLs
• Financial Data: Payment method details, billing address, transaction history (processed securely through third-party payment processors)
• Profile Data: Business information, revenue details, goals, preferences, feedback, and survey responses
• Communication Data: Information shared in coaching sessions, emails, support requests, community forums, and feedback
• Marketing Preferences: Your preferences for receiving marketing communications and promotional materials
3.2 Information Collected Automatically
• Technical Data: IP address, browser type and version, time zone setting, browser plug-in types, operating system and platform, device identifiers
• Usage Data: Information about how you use our website, digital platforms (The Vault, The Foundation Portal), and services, including access logs, page views, session duration, modules completed, downloads accessed
• Location Data: General location information derived from your IP address
• Attendance Data: Records of attendance at The Freedom Council calls, Clarity Sessions, training workshops, events, and retreats
3.3 Session Recordings and Media
We record Clients in Program sessions (including group coaching calls, Clarity Sessions, and training workshops). Recordings are via videoconferencing platforms such as Zoom. These recordings may contain:
• Your name, image, likeness, and voice
• Business information and strategies you discuss
• Questions, comments, and participation in discussions
• Chat messages and interactions with other participants
• Screen shares and presentations
Important: You are informed before enrolment that Program sessions are routinely recorded. By participating in any session, you acknowledge and consent to being recorded as detailed in your Program Agreement.
In-Person Events and Retreats:
We also record live in-person events, retreats, workshops, and training
sessions via video and photography. These recordings may contain:
• Your name, image, likeness, and voice
• Your participation in activities, exercises, and discussions
• Your questions, comments, and interactions with other participants
• Business information and strategies you discuss during the event
Important: You are informed before registration that in-person events are routinely recorded. By attending any in-person event, you acknowledge and consent to being recorded as detailed in your Event Agreement or Terms and Conditions.
Event recordings are retained under the same retention schedule as Program session recordings (Section 7.1) and may be used for:
• Quality assurance and service improvement
• Providing replay access to event attendees
• Training and educational purposes
• Evidence of event delivery
• Marketing and promotional purposes (with separate opt-in consent)
• Legal and Dispute Records
For non-clients participating in free or paid training, webinars, challenges, workshops, or promotional events (online or in-person):
You are informed at registration (by reference to our Terms and Conditions) that these are routinely recorded. These events may be conducted via videoconferencing platforms (e.g. Zoom) or in person at event venues. By participating in any such event, you acknowledge and consent to being recorded as detailed in the Terms and Conditions referenced during registration.
These recordings may contain your name, image, voice, questions, and any business information you choose to share, and may be used for:
• Providing replay access to registered participants
• Re-purposing into digitally delivered training programs and course materials
• Marketing and promotional purposes
• Lead generation and sales activities
• Quality assurance and training
• Social media and advertising
Photography and Videography at In-Person Events:
If you do not wish to be photographed or filmed at an in-person event, please:
• Inform event staff upon arrival
• Wear the designated opt-out identifier (if provided)
• Avoid areas where photography/filming is taking place
We will use reasonable efforts to accommodate your preferences but cannot guarantee complete avoidance in group settings. For full assurance, you may need to reconsider attendance at events with extensive media coverage.
4. How We Use Your Personal Data
We use your personal data for the following purposes, based on the lawful bases described:
4.1 Contract Performance
We process your data to perform our contractual obligations under Program Agreements and other service agreements, including:
• Delivering coaching services, group sessions, and educational content
• Providing access to The Vault, The Foundation Portal, and Program community areas
• Scheduling and conducting Clarity Sessions
• Processing payments and managing billing
• Communicating with you about your Program participation
• Managing renewals and subscription changes
• Providing customer support and responding to your inquiries
4.1.1 Processing for Prospective Clients
For individuals who register for free or paid webinars, challenges, workshops,
or events but have not yet enrolled in a coaching Program, we process your data
for the following purposes:
• Delivering the training, webinar, challenge, workshop, or event you registered for
• Providing access to materials and recordings where applicable
• Responding to questions and providing support
• Evaluating your suitability for our Programs
• Marketing our Programs and services to you (with appropriate consent)
The lawful basis for this processing is:
• Performance of a contract (Terms and Conditions accepted at registration)
• Legitimate interests (event delivery and business development)
• Consent (for marketing communications, where separately obtained)
4.2 Legitimate Interests
We process your data based on our legitimate interests (or those of third parties), provided your rights do not override these interests:
• Quality Assurance and Training: Recording and reviewing sessions for quality control, coach training, and service improvement
• Record Keeping: Maintaining attendance records, usage logs, and completion tracking for evidence of Program delivery and potential disputes
• Replay Access: Providing recorded sessions to Program participants for educational purposes
• Intellectual Property Protection: Monitoring and preventing unauthorised sharing of proprietary materials
• Business Administration: Managing business operations, financial planning, and resource allocation
• Network Security: Protecting our systems, detecting fraud, and preventing unauthorised access
• Insurance and Risk Management: Maintaining records for insurance purposes and managing business risks
• Event Management: Recording in-person events for quality control, participant access, evidence of delivery, and health & safety purposes
We have conducted a Legitimate Interests Assessment (LIA) for session recording and storage, and a summary is available upon request.
4.3 Consent
Where we rely on your consent, we will process your data for:
• Marketing Communications: Sending you promotional materials, newsletters, and updates about our Programs and services (you may opt-out at any time)
• Promotional Use of Media: Using recordings, photographs, testimonials, or other materials containing your identifiable information for marketing, advertising, or promotional purposes (separate opt-in consent required as per your Program Agreement)
You can withdraw consent at any time by contacting us at support@elev8.global. Withdrawal does not affect the lawfulness of processing before withdrawal.
4.4 Legal Obligations
We may process your data to comply with legal obligations, including tax requirements, financial record-keeping, anti-money laundering regulations, and responding to lawful requests from courts or regulatory authorities.
5. Sharing Your Personal Data
We may share your personal data with the following categories of recipients:
5.1 Service Providers and Contractors
We engage third-party service providers to support our business operations. All contractors are bound by written confidentiality and data protection obligations. These include:
• Payment Processors: For processing payments, managing subscriptions, and handling refunds
• Technology Providers: Platform hosting (e.g., learning management systems), videoconferencing services (e.g., Zoom), email services, and cloud storage
• Community Platform Providers: Facebook Groups or alternative community platforms
• Professional Advisors: Lawyers, accountants, auditors, and insurance providers
• Marketing and Analytics Providers: For website analytics, email marketing, and advertising
5.2 Other Program/Event Participants
Your name, image, voice, and contributions in group sessions and community spaces are shared with other Program/Event participants. Session recordings made available to participants for replay access will contain your identifiable information. This applies to both online sessions and in-person events.
5.3 Legal Authorities and Courts
We may disclose your personal data where required by law, court order, or regulatory request, or to protect our rights, property, or safety, or that of others.
5.4 Business Transfers
In the event of a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred to the relevant third party. We will notify you of any such change and the new entity will be bound by this Privacy Policy or an equivalent.
5.5 Event Venues and Facility Providers
When we host in-person events at third-party venues (hotels, conference centers, retreat facilities), we may share your personal data with venue providers for:
• Event registration and access control
• Accommodation bookings and room allocations
• Catering and dietary requirement management
• Health and safety compliance
• Venue security
We require venues to process personal data only in accordance with our instructions and to implement appropriate security measures.
6. International Transfers of Personal Data
As we serve clients globally and may use service providers located outside the United Kingdom, your personal data may be transferred to, stored, or processed in countries outside the UK, including countries that may not offer the same level of data protection as UK law.
Safeguards for International Transfers:
Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as:
• Use of the UK International Data Transfer Agreement (IDTA)
• UK Addendum to the EU Standard Contractual Clauses (SCCs)
• Transfers to countries with adequacy decisions from the UK Government
• Binding Corporate Rules (where applicable)
You may request further information about the safeguards we use for international transfers by contacting us at support@elev8.global.
Cross-Border Operations:
As our directors, employees, and contractors may be located in various countries (including Australia, the United States, and other jurisdictions), your personal data may be accessed from these locations in the course of providing our services. We ensure all staff and contractors outside the UK who access personal data are bound by contractual data protection obligations equivalent to UK GDPR standards.
Where our staff or contractors access personal data from countries without adequacy decisions (such as Australia or the United States), we rely on:
• UK International Data Transfer Agreement (IDTA)
• UK Addendum to EU Standard Contractual Clauses
• Contractual data protection obligations in employment and service agreements
Australian Privacy Principles Compliance:
Where we process personal data of Australian residents, or where our Australian-based directors and staff access personal data, we also comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) to the extent applicable. However, our primary data protection framework is UK GDPR, and all processing is governed by UK data protection law as specified in our Program Agreements.
6.1 Countries We May Transfer Personal Data To
Your personal data may be transferred to or accessed from the following categories of countries:
• European Economic Area (EEA) countries with UK adequacy decisions
• Australia (via IDTA or UK SCCs)
• United States (via IDTA or UK SCCs, for service providers such as Zoom, payment processors, and cloud hosting providers)
• Other countries where service providers or contractors are located, always with appropriate safeguards in place
For a current list of countries and specific safeguards applied, please contact support@elev8.global.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.
7.1 Retention Periods
• Program Session Recordings: Recordings are made available to Program participants for replay for a minimum of 90 days after the session date. Archived recordings are retained for up to 36 months for operational, legal, training, and insurance purposes, after which they are deleted or irreversibly anonymised unless a legal hold or regulatory obligation applies.
• Client Account Data: Retained for the duration of your Program participation and for up to 6 years after termination or expiry of your Agreement for legal, tax, and insurance purposes.
• Financial Records: Retained for at least 6 years from the end of the financial year to which they relate, as required by UK tax law.
• Marketing Consent Records: Retained for as long as necessary to demonstrate compliance, typically up to 3 years after consent is withdrawn.
• Legal and Dispute Records: Retained for as long as necessary to defend or pursue legal claims, typically up to 6 years or longer if litigation is ongoing.
After the applicable retention period expires, we will securely delete or anonymise your personal data, unless retention is required by law or for legitimate archival purposes.
8. Your Data Protection Rights
Under UK GDPR, you have the following rights regarding your personal data:
• Right of Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can request that we correct inaccurate or incomplete personal data.
• Right to Erasure ('Right to be Forgotten'): You can request deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purpose for which it was collected or you withdraw consent (where consent is the lawful basis).
• Right to Restriction of Processing: You can request that we restrict processing of your personal data in certain circumstances, such as while we verify the accuracy of the data or assess your objection to processing.
• Right to Data Portability: Where processing is based on consent or contract performance and carried out by automated means, you can request that we provide your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your rights.
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw your consent at any time. This does not affect the lawfulness of processing before withdrawal.
8.1 How to Exercise Your Rights
To exercise any of these rights, please submit a written request to:
Email: support@elev8.global
Postal Address: Elev8 Mastermind Ltd, 128 City Road, London, EC1V 2NX, United Kingdom
We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will notify you of the extension and reasons.
We may request specific information from you to verify your identity before processing your request. We do not charge a fee for processing requests unless they are manifestly unfounded, excessive, or repetitive.
8.2 Right to Complain
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):ICO Website: www.ico.org.uk
ICO Helpline: 0303 123 1113
ICO Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:• Encryption of data in transit and at rest where appropriate
• Access controls and authentication mechanisms
• Regular security assessments and monitoring
• Staff training on data protection and security
• Secure deletion and disposal procedures
• Contractual safeguards with third-party processors
While we take reasonable steps to protect your data, no system can be completely secure. You are responsible for maintaining the confidentiality of your login credentials and for any activity under your account.
10. Data Breach Notification
In the event of a personal data breach affecting your personal data, we will notify you without undue delay and, where feasible, not later than 72 hours after becoming aware of the breach, where such notification is required under UK GDPR (Articles 33 and 34).Our notification will include:
• A description of the nature of the breach
• The categories and approximate number of data subjects and records concerned
• Contact details of our data protection officer or point of contact
• The likely consequences of the breach
• Measures taken or proposed to address the breach and mitigate its effects
11. Cookies and Tracking Technologies
We use cookies and similar tracking technologies on our website and digital platforms to enhance user experience, analyse usage, and support marketing activities. For a detailed list of cookies we use, including cookie names, purposes, and expiry periods, please contact support@elev8.global.You can withdraw cookie consent at any time by:
• Adjusting your browser settings
• Contacting support@elev8.global
11.1 Types of Cookies We Use
• Strictly Necessary Cookies: Essential for website functionality, authentication, and security• Performance Cookies: Collect information about how you use our website to help us improve it
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Track your activity to deliver relevant advertising and measure campaign effectiveness
You can control cookie settings through your browser preferences. However, disabling certain cookies may affect website functionality.
For more information about cookies and how to manage them, visit www.allaboutcookies.org or www.youronlinechoices.eu.
12. Third-Party Links
Our website and communications may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal data.13. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete it promptly.14. Recording Participant Responsibilities
Prohibition on Unauthorised Recording:You must not record (audio or video), screenshot, photograph, or otherwise capture any Program session, chat, or materials without our prior written consent. Any such recording would violate the data protection rights of other participants and breach your Program/Event Agreement.
Third Parties in Recordings:
You must take reasonable steps to ensure that no third party (including minors) is identifiable in your camera view or audio during recorded sessions. If a third party is likely to be captured, you must switch off your camera and/or mute your audio, and you are responsible for obtaining any necessary permissions.
15. Confidentiality in Group Settings
You must keep confidential and not disclose to any third party any non-public information relating to other Program/Event participants learned through group sessions, community forums, or recordings. This includes their business information, identity, contact details, and discussions.16. Sensitive Personal Data
We do not normally collect special category personal data (such as health information, religious beliefs, or political opinions). However, you may voluntarily share such information in coaching sessions or community spaces.Important: Please avoid sharing special category personal data or confidential third-party information in recorded group sessions unless strictly necessary. If you need to discuss sensitive matters, please use designated support channels (e.g., support@elev8.global) or request a private consultation.
Where you provide special category data, we process it on the basis of your explicit consent or because you have manifestly made it public through your voluntary disclosure in group settings.
Biometric Data:
We do not currently collect or process biometric data (such as facial recognition, fingerprints, or voice prints). If we introduce any technology that processes biometric data in the future, we will:
• Provide advance notice and update this Privacy Policy
• Obtain your explicit consent where required by law
• Implement enhanced security measures
17. Automated Decision-Making, Profiling, and AI
We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. We may use artificial intelligence (AI) tools for the following limited purposes:• Transcription or editing of session recordings for accessibility and searchability
• Analysis of usage patterns to improve our services
• Content recommendations within The Vault
• AI tools for marketing and client support services
• In AI tools we provide to you for Program content purposes such as custom GPTs that allow you to interact with them and create content, materials, plans and strategies that are based on our principles for your convenience and speed of learning and execution.
Any AI processing is subject to human review and oversight. All AI tools are selected for data protection compliance and contractual safeguards are in place with AI service providers.
18. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. When we make material changes, we will notify you by:• Email to the address on file
• Notice on our website
• Notice in the Program platform
The updated Privacy Policy will be effective from the date specified in the notice. Your continued use of our services after the effective date constitutes acceptance of the updated Privacy Policy.
We maintain a version-controlled archive of our Privacy Policy and will provide you with a copy of the version applicable at the time of your enrolment upon request.
19. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:Data Protection Contact: Justin Farina
Email: support@elev8.global
Postal Address: Elev8 Mastermind Ltd, 128 City Road, London, EC1V 2NX, United Kingdom
ICO Registration Number: ZB938617
20. Accessibility of This Privacy Policy
This Privacy Policy is available on our website at https://elev8.global/PrivacyPolicy. If you require this document in an alternative format (such as large print or audio), please contact us at support@elev8.global.***
This Privacy Policy was last updated on 30 January 2026 and is effective from the date specified.
For the version of this Privacy Policy applicable at the time of your enrolment, please contact support@elev8.global.
This Privacy Policy was last updated on 30 January 2026 and is effective from the date specified.
For the version of this Privacy Policy applicable at the time of your enrolment, please contact support@elev8.global.
arrow_drop_down_circle
Divider Text
Copyright © 2025 Elev8 Mastermind Ltd. All Rights Reserved.
128 City Road, London, EC1V 2NX, UNITED KINGDOM.
PRIVACY POLICY
128 City Road, London, EC1V 2NX, UNITED KINGDOM.
PRIVACY POLICY