Privacy Policy
This Privacy Policy represents how our company handles personal and other data, what we do with it. Your visit to and use of lindseysharratt.com and identityacademy.lindseysharratt.com means you are consenting to our Privacy Policy terms. Our company, formed as Ravenoak Enterprises Ltd T/A Identity Academy, (hereafter “Identity Academy”, “Company”, “Business, “We”, “Us”, “Our”), aims to protect your personal information and data. Read through our Privacy Policy to make sure you understand all the clauses contained herein.
The purpose of this Privacy Policy is to describe how we collect data, what data we collect, and how we use that data. Moreover, this Privacy Policy will tell you about your rights as to the data and what you can do. If you read our Privacy Policy and disagree with any terms in it, then please refrain from using our business site at www.lindseysharratt.com and identityacademy.lindseysharratt.com. This privacy policy applies to all the information collected through your use of our Website and services and other third-party tools. By using our Website and/or services, or by clicking “Agree” or “Accept” to the Terms of Use when this option is explicitly made available to you, you acknowledge, accept and agree to be bound by the Privacy Policy terms and to abide by them.
1. WHAT INFORMATION DO WE COLLECT?
Personal Information You Disclose to Us When you visit us at identityacademy.lindseysharratt.com and purchase a product, you provide us with certain data and personal information that we collect to be able to serve you better. The data that is collected during these transactions is necessary for us to be able to give you access to your product, to keep track of how the business is run for functionality purposes, to provide you with excellent customer service. We generally collect information such as first name, last name, email address. We host our online training courses through Membervault (www.membervault.co) and collect payment via Stripe (www.stripe.com).
2. OUTSIDE OF THE EUROPEAN UNION (“EU”)
If you are outside of the EU and enter your information to receive a free resource (also called freebie, lead magnet), make a purchase, respond to survey, register for a free training, or participate in a webinar, you will be automatically added to our newsletter and will receive emails and updates from us. We do not send SPAM and our goal and purpose is to keep our emails relevant and valuable. However, if you do not wish to receive any communications from us, you can opt out by clicking on the unsubscribe link located at the bottom of the emails.
3. PEOPLE IN THE EUROPEAN UNION
If you are in the EU and opt-in to get a free resource or sign up for a paid product, your email address will not be automatically added to the email list to receive our newsletter and updates unless you affirmatively consent to it. Being a person who is located within the European Union, you are subject to the General Data Protection Regulation (“GDPR”). This means you will need to give us express and clear consent before we will add you to our email list for marketing and promotional emails. You also have all the rights and protections that are afforded to you under the GDPR as we will discuss in detail further below. Remember, that you always have the ability to unsubscribe even after giving your consent by simply clicking on the Unsubscribe link present on the footer of every email. Alternatively, you can also email us at info@lindseysharratt.com and request to be unsubscribed or deleted from our account.
4. GENERAL DATA PROTECTION ACT (GDPR)
Every business in the world that gets any traffic or buyers from the European Union must comply with the GDPR rules, even if the business is located outside of the EU. GDPR is a data privacy and security law that intends to give power back to individuals to be in a position to control what happens to their data, how it is used, and how it is not used. The regulation went into effect on May 25, 2018. GDPR gave rise to several new and expanded rights, as well as defined several phrases that are essential for understanding this regulation. If you operate within the European Economic Area or are an EU Resident, you can view and download our Data Processing Agreement here.
5. DEFINITIONS UNDER GDPR
Personal data — any information that will make the individual directly or indirectly identifiable. Information such as the individual’s name, last name, phone number, date of birth, social security number are all considered personal data because they can easily identify the individual in question. Other information, such as geographic location, IP address, web cookies, can also be considered personal data if they can help to identify the individual either by themselves or as part of a whole. Moreover, even data that is pseudonymous can be considered personal data if identifying the person is relatively easy.
Data controller — Data controller is the person or individual who makes decisions about the collected data-specifically how and why the personal data will be processed. MemberVault is a SAAS business, and as such is both a data controller and a data processor.
Data processor —Data processor is a third-party individual or business that actually processes the collected personal data on behalf of a data controller. The GDPR has special rules for these individuals and organizations. Data processors can be email service providers, cloud based storage softwares or services, and many others.
Data subject — The person whose data is processed. Our data subjects are our customers and clients, website visitors, and potential clients who visit lindseysharratt.com or identityacademy.lindseysharratt.com
6. VISITORS’ RIGHTS UNDER GDPR
As someone who resides in the European Union, you are entitled to exercise certain rights that you are given under the General Data Protection Regulation (GDPR). Any information or data that you chose to provide us will be kept with Identity Academy until one of these happens: (1) you ask Identity Academy to DELETE the information and/or data; (2) Identity Academy decides to STOP USING the existing data processors, or (3) Identity Academy decides that the cost of retaining the data outweighs the value in retaining it. As a consumer and/or visitor on our Site who is located in the European Union region, you have the right to request access to your data that Identity Academy collected on you and stores it. You are within your rights to demand to know exactly what data and information Identity Academy has collected on you. Keep in mind that some parts of this data was provided by you personally, while others were gathered through cookies and pixels. You have the right to withdraw consent on a data that you previously gave us consent to collect and process. The right to withdraw consent applies to any future processing of that data. However, any data that has been collected and processed previously based on valid consent is lawful and not subject to liability based on any legal grounds. You also have the right to request erasure of your data and all your information from Identity Academy data storage. Once you request that your data be erased from Identity Academy’s databases, we have thirty (30) days to comply with your request. If it’s impossible to comply within 30 days, then Identity Academy will respond to the Member’s request and let them know about the issue and also give them a reasonable time as to when their request for deletion will be honored. Aside from rights such as request to access, request to delete and rectify, an EU user also has the right to place restrictions on the data processing itself. This means a user can limit certain things that Identity Academy can and cannot do with their data. You can choose to limit transfer of your data to third-party businesses (unless it’s essential for Identity Academy’s basic functions). You further have the right to file a complaint with a supervisory authority who oversees and handles issues related to the GDPR. Lastly, it’s Identity Academy’s duty to inform you that we only require information that is reasonably necessary to enter into a contract with you. We do not collect any unnecessary data, and any information we acquire is used for legitimate business purposes such as growing and scaling our business, or being able to provide satisfactory customer service to you and other users.
7. BRAZILIAN DATA PROTECTION LAW (LGPD)
The Brazilian Data Protection Law (hereafter, “LGPD”) is Brazil’s law on online privacy requirements and certain rights and privileges given to data subjects. Under the LGPD, “processing” is defined as collection, production, reproduction, transmission, receipt, use, classification, filing, storage, control or evaluation of data, deletion, dissemination, extraction, modification, and communication. The LGPD applies to “personal data” that is defined as any information related to an identified or identifiable natural person. Moreover, sensitive data such as political opinion, racial or ethnic origin, religion, health, sex and more as they relate to a natural person. Under the LGDP, the data subjects are given the following rights relating to their personal data: • Awareness and confirmation of the existence of data processing; • Anonymization or pseudonymization or removal of pieces of data that have been collected or processed without compliance with the LGPD; • Access to personal data; • Correction of inaccurate data; • Right to request deletion; • Portability; • Right to revocation of consent; • Right to request disclosure of any third parties with whom personal data is shared; • Access to the customer policy information and consent revocation terms and conditions. The data subject has the right to exercise these rights by getting in touch with us, Identity Academy, anytime free of charge. As a business, we can only process personal data if there is any legal basis for processing that data. The LGPD provides approximately ten (10) legal basis for processing data. The ten grounds are: 1. The data subject gives express consent to process the data. 2. Data processing is necessary to comply with a legal obligation. 3. Processing is essential to protect the life or physical safety of the data subject or another third party. 4. Necessary to execute a contract or contract related procedures that the data subject is a party of at the request of the data subject. 5. Necessary to process to fulfill the legitimate interests of the controller or of the third-party, except when data subject’s fundamental rights prevail. 6. Necessary to process in order to protect credit (refers to a credit score). 7. You need to process to protect the health in relation to activities of health professionals or health entities. 8. Necessary to process to carry out studies by research entities that ensure, when possible, the anonymization of personal data. 9. Necessary to process to exercise rights in judicial, arbitration and administrative procedures. 10. Necessary to process to execute public policies provided in laws or regulations, or those that are based on contracts, policies, agreements or similar binding instruments. Identity Academy mostly uses legal basis #1, #4, and #5 above, which are that the data subject gives express consent to process the data; that processing is necessary to execute a contract or contract related procedures that the data subject is a party of at the request of the data subject; and that processing is necessary to to fulfill the legitimate interests of the controller or of the third-party, except when data subject’s fundamental rights prevail to process personal and sensitive data collected from you, respectively.
8. WE USE THIRD PARTY SOFTWARE AND COMPANIES
We find it necessary to use some third-party platforms to operate and run certain aspects of our business. We carefully vet and evaluate our options before committing to these companies. Identity Academy uses MemberVault (www.membervault.co) to host its online training platform, Kit (www.kit.com) to manage its email communications, and Stripe (www.stripe.com) to collect payment. Identity Academy reserves the exclusive right, without giving notification to anyone, to change or add to any of the third-party platforms. This Privacy Policy will be updated accordingly.
9. INFORMATION AND DATA WE SHARE WITH OR TRANSFER TO THIRD-PARTY BUSINESSES
Identity Academy shares information and personal data with Kit, which is the email service provider that Identity Academy chose to work with. Whenever someone purchases a product, the following information is transferred to Kit: First name surname, email address. Kit then uses the first name and email address of the subscriber to send them information about their account and purchased products. We use Kit to keep in touch with our customers to give them account updates, news, and send valuable content. Stripe is the payment gateway that we use for our subscribers to purchase products. All the payment details such as credit card or debit card numbers, security numbers, expiration codes are all stored by the payment gateways, in this case Stripe. Identity Academy does not itself collect or store any kind of payment information such as credit card, debit card or bank account number for its customers and potential customers. If the site visitor or customer has an issue with payment connected matters, the first place to look for answers would be to talk to Stripe. The Identity Academy training site is hosted by the company MemberVault (membervault.co) whose platform is built upon the Amazon S3 server. The Amazon S3 server is where all the SAAS data is stored in. The main company website, lindseysharratt.com, is built in a self-hosted WordPress and does not collect customer data. The website has Google Analytics installed. The collected information is essential for us to operate and provide the service our customers expect from us.
10. OTHER MEANS THAT DATA IS COLLECTED
There are other methods during which data and personal information is collected from our site visitors. During the time you visit and use our Site, certain limited data are collected from public databases, marketing partners, social media platforms, and analytics sources. The types of data collected about you from other sources are your location, your computer system, which pages you have visited on our Site, how long you spend on each page, your IP address, your country, and possibly even your social media profiles and referrals.
11. CHILDREN’S ONLINE PRIVACY PROTECTION ACT (“COPPA”) COMPLIANCE
www.lindseysharratt.com and the Identity Academy platform are not intended for children under the age of thirteen (13). We and MemberVault.co do not knowingly and intentionally collect any personally identifiable information from children under the age of 13. If you are under 13 years of age, please do not use or provide any information on this Website. Do not use any third parties that might have links present on this Website. Do not provide your name, address, phone number or any payment information. If a parent or guardian believes that this Website unknowingly collected personally identifiable information from a child under the age of 13 in its database, please contact us at once at info@lindseysharratt.com, and we will do our best to immediately remove any and all such information from our database.
12. HOW DO WE USE THE INFORMATION WE COLLECT FROM YOU?
Keep Business Operational and Functional Some of the information that you willingly provided to us, and others that might have been collected through cookies and other pixels, such as Google Analytics, Facebook, or site tracking pixels, are used to ensure that the Identity Academy platform is kept in operational and functional state. Some of the data is necessary so that the member can actually gain access to their account, receive account notifications and emails, to get customer support, help with system troubleshooting, and more. Marketing and Advertising The information we collected from you may be used to send you targeted marketing and advertising campaigns. These email and ad campaigns will introduce you to our products and services, or let you know of important updates. The legal basis for processing your information in this case can be based on both your valid consent or legitimate business interest. If you do not wish to receive any marketing emails from us at any point (even if you gave your consent previously), then simply click on the “unsubscribe” link present at the footer of our emails. You may also email us at info@lindseysharratt.com to remove you from the list so you won’t receive any marketing emails. The information that we collected from you may also be used to show you targeted ads. Those ads can be Facebook ads, Google ads, Instagram ads, Pinterest Ads, etc. These particular ads will be tailored to you based on your interest through the data that we collected. The legal basis for processing and using your data in this manner is our legitimate business interest to grow our business and operate it as well as can be. Information Collected from Third-Party Apps and Tools Any information collected from third-party tools such as Facebook pixel and Google Analytics, is used for statistical and analytical purposes and for evaluating and making improvements to operate and grow our business. This automatically collected information will not include personal information data.
13. SHARING YOUR PERSONAL INFORMATION AND DATA
lindseysharratt.com and Identity Academy only share your personal information and data collected by you and third-party software with the third-party companies listed above, which are essential to run our business. These third-party companies will keep your information secure and safe. They will not disclose it to others. The third-party companies that we share your information with are all GDPR compliant and respect your rights to your data. We do not share, disclose, sell, lease or rent your information to any unrelated third-party business that is not associated with Identity Academy and with running our business. Only under limited circumstances will necessary information be shared with third-parties that are not associated with Identity Academy business. Here are the situations in which we will share your information: 1. You gave us express consent to do so; 2. You entered into a contract for recurring payments—for this reason, your information will be processed on an as-needed basis to uphold the agreement; 3. Performance of a contract—if you are obligated to pay or perform an action, and you fail, we reserve the right to share necessary information with a third-party company, such as a collection agency or an attorney; and 4. Mandated by law—if legal proceedings are initiated, and there is a subpoena (unlikely, but better to be prepared than surprised).
14. WE USE COOKIES ON OUR BUSINESS WEBSITE
We may use Cookies and other tracking technologies, such as Facebook Pixel, to collect data while you browse and use our website and platform to improve our quality of service, to show you ads that you will potentially be interested in. Cookies are considered data, and as such must also be GDPR compliant. We have a cookie notice banner on our MemberVault.co website where you will be required to either consent to the cookies or reject them. Under the privacy laws, we can store strictly necessary cookies on your device for the operation and maintenance of this site. However, we do need your permission for all other types of cookies. You will find different types of cookies on our site. Some of those are placed by third party services that are necessary for our business to operate.
15. EMAIL COMMUNICATIONS & CAN-SPAM COMPLIANCE
If you decide to contact us through email, we reserve the right to retain the content of your email messages, your email address, and our responses. We do this because it helps us with growing our business and keeping our records organized. In compliance with the CAN-SPAM Act, any and all communications sent from our Company or Website will clearly state who the email is from, who the email is for, and how to contact the sender. Furthermore, should you wish to not receive any more emails, you can click on the “Unsubscribe” link located at the bottom of the email.
16. CONTACT US
If you have any questions, concerns, or comments regarding our Privacy Policy, please feel free to reach out to us: Ravenoak Enterprises Ltd T/A Identity Academy info@lindseysharratt.com
Our GDPR Representative
Lindsey Sharratt will act as the GDPR Representative who will address your issues connected with GDPR. If you wish to exercise your rights, then contact the individual listed below:
NAME: Lindsey Sharratt EMAIL: info@lindseysharratt.com Updated – February 10th, 2025