Privacy Policy

Privacy Policy

Effective Date: 1 March 2026

Who we are: Vogue Boost Ltd (“Vogue Boost,” “we,” “us,” “our”), registered in England & Wales at 71-75, Shelton Street, London, WC2H 9JQ, company number 16446529.

Our services: B2B FinTech upskilling productised services, digital content/products, and subscriptions for SMBs.

Contact us: support@vogueboost.com.

UK supervisory authority: Information Commissioner’s Office (ICO) — see Complaints below.

1) Scope

This Policy explains how we collect, use, disclose, and safeguard personal data when you or your organization interacts with us—via vogueboost.com, our learning portals, checkout, events, email, or when we provide professional services. It applies to:

  • Business contacts and Users of client organizations (B2B).
  • Prospects and subscribers to marketing.
  • Website visitors and community/Signal Room participants.

Where we process personal data on behalf of a client (e.g., limited learner data in a managed enablement engagement), we do so under a Data Processing Addendum (DPA) with the client. In those cases the client is the controller, and we are the processor. Otherwise, we act as controller.

2) The Data We Collect

2.1 Data you provide to us

  • Identity & contact: name, business email, phone, role/title, company, country.
  • Account & auth: username, password (hashed), seat assignments, access logs.
  • Billing: invoicing details, VAT numbers, billing contacts, transaction metadata.
  • Training context: team/role mapping, learning goals, assessment inputs (if applicable).
  • Communications: emails, support tickets, call notes, survey responses, testimonials.
  • UGC: questions, posts, and content you share in forums/Signal Rooms (subject to community rules).

2.2 Data collected automatically

  • Usage & device: IP address, device type, OS, browser, language, time zone, referring URLs, pages viewed, session duration, clicks, events, error logs.
  • Cookies & similar tech: see Cookies & Similar Technologies.

2.3 Data from third parties

  • Payment processors: payment status, limited card metadata (no full card numbers).
  • Identity/SSO (if enabled): name, email, org ID from SSO provider.
  • CRM/Enrichment (B2B marketing): firmographics (industry, size), professional profiles consistent with privacy law.
  • Referrals/Partners: contact details shared with lawful basis.

We do not intentionally collect special category data or children’s data (see Children).

3) Purposes & Legal Bases (UK GDPR)

We process personal data only where we have a lawful basis:

PurposeLawful basis
Provide Sites, accounts, access control, content delivery, and subscriptionsContract (Art. 6(1)(b)); Legitimate interests (service operation)
Process payments, invoicing, and collectionsContract; Legal obligation (tax records); Legitimate interests (debt recovery)
Deliver productised/professional services; manage SOWsContract
Security, fraud prevention, license abuse detection (including automated/AI-assisted IP monitoring and trace identification), and service integrity.Legitimate interests; may be Legal obligation
Product analytics (aggregated/limited) & service improvementLegitimate interests (quality, reliability); where required, Consent
B2B marketing (email/LinkedIn, webinars), with opt-outLegitimate interests; for certain channels/regions, Consent
Compliance (tax, accounting, sanctions/export controls)Legal obligation
Publicity with logo use (if not opted out)Legitimate interests / Consent (where required)
Customer support & incident responseContract; Legitimate interests
Publishing User-Generated Content (e.g., reviews, testimonials, or forum artifacts) for promotional and marketing purposes.Legitimate interests (marketing and social proof) / Consent (where explicitly requested for formal testimonials).

Legitimate interests assessments (LIAs) are conducted to balance interests and rights. You may object to processing based on legitimate interests—see Your Rights.

4) Cookies & Similar Technologies

We use:

  • Strictly necessary cookies (login, session, security, load balancing).
  • Functional cookies (preferences, localized settings).
  • Analytics (e.g., privacy-centric first-party analytics or configured third-party with IP masking & data retention limits).
  • Marketing (B2B remarketing—disabled by default unless consented where required).

You can manage preferences through our Cookie Banner/Manager and your browser settings. For details (names, purposes, lifetimes), see our Cookie Policy.

5) Disclosures & Recipients

We share personal data with:

  • Service providers / Sub-processors (hosting, LMS, video streaming, email, analytics, payment processing, CRM, customer support).
  • Partners/Resellers (when fulfilling a deal you engage through them).
  • Professional advisors (legal, tax, audit), insurers.
  • Corporate transactions (merger, acquisition, asset sale—subject to confidentiality).
  • Legal authorities, courts, and external platforms (where required by law, to respond to legal process, to enforce our Terms and Conditions and Copyright Notice, or to protect our intellectual property, rights, and security).

We require recipients to implement appropriate security and process data only for instructed purposes.

6) International Data Transfers

We primarily host in UK. Where data is transferred outside the UK/EEA (e.g., to the U.S. or other countries), we use appropriate safeguards such as:

  • UK International Data Transfer Agreement (IDTA) or
  • EU Standard Contractual Clauses (SCCs) with UK Addendum, and
  • Supplementary measures where appropriate (encryption in transit/at rest, access controls, minimisation).

7) Security

We maintain technical and organizational measures appropriate to the risk, including (as applicable): TLS encryption in transit, encryption at rest for core data stores, access controls and role-based permissions, MFA for admin accounts, least-privilege principles, logging/monitoring, secure development practices, vulnerability management, regular backups, and incident response procedures.

No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

8) Retention

We retain personal data only as long as necessary for the purposes collected, including to satisfy legal, accounting, or reporting requirements. Typical periods (subject to your specific stack and statutory rules):

  • Account data: for the subscription term + 24 months, or until deletion request if earlier (unless necessary to retain).
  • Contract & billing records: 6–7 years (statute/tax).
  • Support tickets: 24 months after closure.
  • Marketing data: until you opt out or after 24 months of inactivity, then minimised or deleted.
  • Logs/analytics: 6 months, aggregated thereafter.

We may anonymise data for statistical purposes; anonymised data is not personal data.

9) Your Rights (UK/EU/EEA)

Subject to conditions and exemptions, you may have the right to:

  • Access your personal data and obtain a copy.
  • Rectify inaccurate or incomplete data.
  • Erase data (“right to be forgotten”) in certain circumstances.
  • Restrict processing in certain circumstances.
  • Object to processing based on legitimate interests or direct marketing (including profiling).
  • Data portability for data you provided, processed by automated means under consent or contract.
  • Withdraw consent at any time where processing relies on consent (without affecting prior processing).

To exercise rights, contact support@vogueboost.com. We may verify identity and respond within one month (extendable by two months for complex requests).

10) Marketing Preferences

We send B2B marketing where permitted (e.g., soft opt-in, legitimate interests) and always provide an unsubscribe link. You can opt out of marketing at any time; transactional/service emails are unaffected.

11) Children

Our Services are not directed to children and are intended for business users. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided data, contact us and we will delete it.

12) Acting as Processor (DPA)

For professional/productised services where we process personal data on your behalf (e.g., learner identity, attendance, assessment scores as specified), the Data Processing Addendum (DPA) applies and governs:

  • Subject matter & duration,
  • Nature & purpose, types of data, categories of data subjects,
  • Security measures, sub-processor approvals,
  • Data transfers and safeguards,
  • Assistance with data subject requests and incident notifications,
  • Return/Deletion of data upon termination.

Where a conflict exists between this Policy and the DPA for processor activities, the DPA prevails.

13) Community & UGC

If you post content in forums, Signal Rooms, or community areas:

  • Content may be visible to other members.
  • Avoid sharing confidential or personal data you don’t want disclosed.
  • We may moderate or remove content violating our Acceptable Use Policy or community rules.

14) Automated Decision-Making

We do not conduct automated decision-making producing legal or similarly significant effects on individuals. We may use limited scoring, tagging, or automated scanning to monitor for copyright infringement, unauthorized sharing of credentials, and license abuse. You can object to profiling for direct marketing at any time.

15) Third-Party Links

Our Site may link to third-party services. Their privacy practices are governed by their policies. We are not responsible for third-party content or privacy practices.

16) Changes to this Policy

We may update this Policy from time to time. We will post the updated version with a new Effective Date and, where material changes occur, provide additional notice (e.g., email or banner). Continued use after changes indicates acceptance.

17) Contact & Complaints

Privacy Contact

Vogue Boost Ltd

71-75, Shelton Street, London, WC2H 9JQ

Email: support@vogueboost.com

Supervisory Authority (UK)

Information Commissioner’s Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom

ico.org.uk / +44 303 123 1113

If you are in the EEA, you may have the right to complain to your local supervisory authority.

18) Key Definitions

  • “Personal data”: any information relating to an identified or identifiable person.
  • “Controller/Processor”: as defined by UK GDPR.
  • “UK GDPR”: UK General Data Protection Regulation and the Data Protection Act 2018.
  • “Services”: Vogue Boost’s FinTech upskilling productised services, digital products, and subscriptions.
  • “Terms” and “Copyright Notice”: refer to the Vogue Boost B2B Terms and Conditions and our official Copyright Notice, available on the Site.

Annex A — Overview of Sub-Processors

We will maintain an up-to-date list on our website or provide upon request. Typical categories include:

  • Cloud hosting & CDN (in-region where feasible),
  • Learning platform / video streaming,
  • Email & CRM (transactional and marketing),
  • Payment processing,
  • Support ticketing,
  • Analytics (privacy-centric configurations).

You may subscribe to sub-processor change notifications (Enterprise/regulated clients).