SHECOMMERCE LTD

Privacy Policy

Last updated: May 2025

 

1. Who We Are

SHECOMMERCE LTD ('SheCommerce', 'we', 'us', 'our') is a company registered in England and Wales. Our registered office is at BusinessLodge Widnes, Widnes, England.

We operate the SheCommerce mentorship programme and associated digital products and community, accessible at shecom.co.uk and through the Thinkific platform.

For all data protection enquiries, please contact us at:

Email: [email protected]

We are the data controller for personal data processed under this policy. We are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

You have the right to make a complaint to the Information Commissioner's Office (ICO) at www.ico.org.uk. We would appreciate the opportunity to address your concerns first — please contact us at [email protected] before approaching the ICO.

 

2. What This Policy Covers

This policy explains how we collect, use, store and share your personal data when you:

This policy should be read alongside our Terms and Conditions, Membership Agreement, and any specific notices provided at the point of data collection.

 

3. The Data We Collect About You

We collect and process the following categories of personal data:

3.1 Identity and Contact Data

3.2 Account and Membership Data

3.3 Financial and Transaction Data

3.4 Technical and Usage Data

3.5 Communications Data

3.6 Marketing and Preferences Data

3.7 Data We Do Not Collect

We do not knowingly collect Special Category data (including health, race, religion, sexual orientation, biometric or genetic data) or data relating to criminal convictions, unless you choose to provide such information voluntarily in open-text fields.

We do not collect phone numbers as standard. If you choose to provide a phone number in any form or communication, it will be treated as personal data under this policy.

 

4. How We Collect Your Data

4.1 Direct Interactions

You provide data directly when you:

4.2 Automated Technologies

When you interact with our website and platform, we automatically collect Technical and Usage Data through cookies, server logs, session tracking, and similar technologies.

4.3 Third-Party Sources

We may receive data from:

 

5. How We Use Your Personal Data

We use your personal data only where we have a lawful basis to do so under UK GDPR. The primary lawful bases we rely on are:

Specifically, we use your data to:

 

6. Call Recordings

Where calls are conducted in connection with SheCommerce — including but not limited to pre-screening calls, onboarding calls, coaching calls, and sales consultations — calls may be recorded.

We will inform you at the start of any recorded call. Recordings are retained for the purposes of:

The lawful basis for this processing is our legitimate interests in maintaining accurate records, delivering our programme effectively, and protecting our business from fraudulent or unfounded claims.

Recordings are stored securely and are not shared externally except where required by law or as part of a legitimate dispute or legal process.

 

7. Fraud Prevention, Payment Verification and Legal Defence

We process and retain certain data specifically to protect our business and our legitimate members from fraud, abuse, and unfounded payment disputes. This includes:

This data may be used in connection with:

The lawful basis for this processing is our legitimate interests in preventing fraud, recovering debts lawfully owed, and defending our legal position. Where required by law, we will also rely on legal obligation as a lawful basis.

 

8. Who We Share Your Data With

We do not sell your personal data. We may share it with the following categories of recipients, strictly for the purposes described in this policy:

8.1 Platform and Technology Providers

8.2 Professional Advisers

  • Legal advisers, accountants, auditors, and insurers — where necessary for compliance, dispute resolution, or professional advice

8.3 Payment and Fraud Bodies

8.4 Business Succession

If SheCommerce LTD is acquired, merged, or undergoes a business restructure, your data may be transferred to the relevant successor entity. You will be notified of any material changes to how your data is processed as a result.

All third parties are required to handle your data in accordance with UK GDPR and our data processing requirements. We do not permit third parties to use your data for their own purposes beyond the scope of services provided to us.

 

9. Cookies and Tracking Technologies

Our website (shecom.co.uk) and the Thinkific platform use cookies and similar tracking technologies. These may include:

We do not currently operate a cookie consent banner. Where we rely on legitimate interests for non-essential tracking, you have the right to object to that processing (see Section 11). If a cookie consent mechanism is introduced, this policy will be updated accordingly.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the platform.

 

10. International Data Transfers

Some of our service providers are based outside the United Kingdom, including in the United States and Canada. As a result, your personal data may be transferred to and processed in countries outside the UK.

Providers that may process your data outside the UK include:

Where data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR. These safeguards include, where applicable:

If you require further information about the specific safeguards in place for any particular transfer, please contact us at [email protected].

 

11. Data Retention

We retain your personal data only for as long as is necessary for the purposes for which it was collected, and in accordance with applicable legal, regulatory, and business requirements.

Our standard retention periods are as follows:

In certain circumstances, we may anonymise your personal data for analytical or research purposes, in which case it may be retained indefinitely in anonymised form.

To request deletion of your data, see Section 12 below.

 

12. Your Rights Under UK GDPR

Under UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

Please note that some rights are subject to exemptions. For example, we may retain certain data notwithstanding a deletion request where we have a legal obligation or legitimate interest in retention (e.g. for dispute defence or tax compliance).

To exercise any of your rights, please contact us at:

Email: [email protected]

We will respond to all legitimate requests within one calendar month. Where a request is complex or numerous, we may extend this period by a further two months, in which case we will notify you.

We may need to verify your identity before processing your request. We will not charge a fee for reasonable requests; however, we reserve the right to charge a reasonable fee or refuse manifestly unfounded, excessive, or repetitive requests.

 

13. Children and Minors

SheCommerce is a general-audience platform. We do not knowingly collect personal data from children under the age of 13 without verifiable parental consent. If you are under 13, please do not use our platform or submit any personal data.

Where persons under the age of 18 use our platform, we encourage parental or guardian awareness. If we become aware that we have collected personal data from a child under 13 without appropriate consent, we will take steps to delete that data promptly.

If you believe we have inadvertently collected data from a child, please contact us at [email protected].

 

14. Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, alteration, disclosure, or destruction. These include:

No data transmission over the internet is completely secure. While we work to protect your data, we cannot guarantee absolute security. In the event of a data breach, we will notify affected individuals and the ICO in accordance with our legal obligations.

 

15. Third-Party Links and Platforms

Our website and communications may contain links to third-party websites, tools, or platforms (including social media platforms such as Instagram and TikTok). We are not responsible for the privacy practices of those third parties, and their use of your data is governed by their own privacy policies.

We encourage you to review the privacy policy of any third-party site you visit.

 

16. Changes to This Privacy Policy

We review this policy regularly and will update it as our business, technology, or legal obligations change. The date at the top of this document reflects the most recent revision.

Where changes are material, we will notify active members via email or a platform notice. Continued use of SheCommerce following notification of an updated policy constitutes acceptance of the revised terms.

We recommend you review this policy periodically.

 

17. Contact Us

For all privacy-related queries, data subject requests, or concerns regarding this policy, please contact:

SHECOMMERCE LTD

Email: [email protected]

Website: shecom.co.uk

Registered office: BusinessLodge Widnes, Widnes, England

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk or by calling 0303 123 1113.

 

Glossary

UK GDPR

The UK General Data Protection Regulation, as retained in UK law by the European Union (Withdrawal) Act 2018, supplemented by the Data Protection Act 2018.

Data Controller

The entity that determines the purposes and means of processing personal data. SHECOMMERCE LTD is the data controller for data processed under this policy.

Data Processor

A third party that processes personal data on behalf of the data controller (e.g. Thinkific, Stripe, Kit).

Legitimate Interests

A lawful basis under UK GDPR permitting processing that is necessary for the genuine and proportionate interests of the data controller, provided those interests are not overridden by the rights and interests of the data subject.

Clickwrap

A method of obtaining consent or acceptance of terms through an active user action (such as checking a box or clicking a button confirming agreement), typically accompanied by a timestamp and IP address log for evidential purposes.

Chargeback

A reversal of a payment transaction initiated by a cardholder through their bank or card provider, typically following a dispute. We may retain relevant data to contest chargebacks where they are unfounded.