Privacy
Policy
Privacy Policy – codevelo.org
Last updated: January 2026
This Privacy Policy explains how Codevelo collects, uses, and protects personal data when you visit https://codevelo.org or engage with our services.
⸻
1. Data Controller
Codevelo is the data controller for personal data collected through this website.
Controller details:
Organisation: Codevelo
Website: https://codevelo.org
Learning platform: https://codevelo.cloud
Data Protection contact: dpo@codevelo.org
ICO Registration Number: ZB377606
⸻
2. Scope of this policy
This policy applies to personal data collected when you:
• visit or browse codevelo.org
• make an enquiry or contact us
• sign up to newsletters or updates
• register interest in training or consultancy
• purchase services or products
• interact with embedded content (e.g. videos, forms)
This policy does not replace the platform-specific Privacy Policy for codevelo.cloud, which governs personal data processed within our Moodle learning environment.
⸻
3. Who we work with
Codevelo provides services primarily to adults working in education, including schools, trusts, local authorities, and education professionals.
We do not (knowingly or otherwise) collect personal data directly from children through this website.
Where our work relates to children, this is in a professional, indirect capacity, and safeguarding responsibilities remain with the commissioning organisation.
⸻
4. Personal data we collect
4.1 Data you provide directly
• Name
• Email address
• Organisation and role
• Enquiry or message content
• Newsletter preferences
• Booking or service-related information
4.2 Payment data
Payments are processed securely by Stripe.
Codevelo does not store full card details.
4.3 Data collected automatically
• IP address
• Browser and device information
• Pages visited and interactions
• Referral source
• Cookie and tracking identifiers (see Cookie Policy)
⸻
5. How we use your data
We use personal data to:
• respond to enquiries
• provide training, consultancy, and professional support
• manage bookings and service delivery
• communicate updates and relevant content (with consent)
• administer payments and records
• improve our website and services
• maintain security and prevent misuse
⸻
6. Lawful bases for processing
Under UK GDPR, we rely on the following lawful bases:
|
Purpose |
Lawful basis |
|---|---|
|
Responding to enquiries |
Legitimate interests |
|
Delivering services |
Contract |
|
Managing bookings and records |
Contract |
|
Marketing communications |
Consent |
|
Website analytics |
Consent |
|
Security and fraud prevention |
Legitimate interests |
|
Financial and legal records |
Legal obligation |
⸻
7. Marketing communications
We will only send marketing or newsletter communications where:
• you have actively opted in, or
• we have a legitimate professional relationship and lawful basis
You can unsubscribe at any time using the link provided in emails or by contacting dpo@codevelo.org.
⸻
8. Use of third-party services
We use trusted third-party providers where necessary, including:
• HubSpot / GoHighLevel – CRM, forms, communications
• Stripe – payment processing
• YouTube – embedded video content
• Google Analytics – website usage analysis (enabled only with consent)
These providers act as data processors and are required to comply with UK GDPR or equivalent standards.
⸻
9. International data transfers
Some providers may process data outside the UK.
Where this occurs, appropriate safeguards are in place, including adequacy decisions or Standard Contractual Clauses.
⸻
10. Data retention
Personal data is retained only for as long as necessary:
|
Data type |
Retention |
|---|---|
|
Enquiry data |
Up to 24 months |
|
Marketing data |
Until consent is withdrawn |
|
Service and contract records |
In line with contractual and audit requirements |
|
Financial records |
As required by UK law |
⸻
11. Your rights
Under UK GDPR, you have the right to:
• access your personal data
• request correction of inaccurate data
• request erasure (where applicable)
• restrict or object to processing
• withdraw consent at any time
• request data portability (where relevant)
• lodge a complaint with the Information Commissioner’s Office (ICO)
Requests should be sent to dpo@codevelo.org.
⸻
12. Data security
We take appropriate technical and organisational measures to protect personal data, including:
• access controls
• secure platforms and hosting
• data minimisation
• regular system updates
⸻
13. Changes to this policy
This Privacy Policy is reviewed regularly and updated when required.
The most current version will always be published on codevelo.org.