top of page

Privacy Policy

Aurea Nova Limited (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For the purposes of data protection law, Aurea Nova Limited (registered in England & Wales, company number 16595750) is the data controller of your personal data.

1. Information We Collect

We may collect and process the following types of personal data:

  • Identity Data: Name, title, date of birth.

  • Contact Data: Email address, telephone number, postal address.

  • Employment or Educational Data: Job title, organisation name, department, or student leadership role (for example, where provided as part of a workplace network, development programme, or students’ union initiative).

  • Payment Data: Billing address, payment details (processed securely by third-party payment providers).

  • Technical Data: IP address, browser type, device identifiers, and other information when you use our website.

  • Usage Data: Information about how you use our website and services.

  • Marketing & Communications Data: Your preferences for receiving marketing communications.

We do not knowingly collect personal data from individuals under the age of 18.

 

2. How We Use Your Information

We use personal data for the following purposes:

  • To provide and manage our services (Contractual necessity).

  • To process transactions and payments securely (Contractual necessity).

  • To respond to enquiries and customer support requests:

    • Members: where you already have a membership with us, this is a contractual necessity.

    • Non-member individuals (including sole traders or partnerships): where you contact us but do not yet have a membership, this is usually based on our legitimate interests.

    • Non-member business contacts: where you contact us with an enquiry in a business capacity, this is based on our legitimate interests in responding to requests.

    • Mailing list or waitlist sign-ups: if you provide consent to receive updates, we will use your data on the basis of consent.

  • To send promotional and marketing communications:

    • Members: where communications relate directly to your membership (for example, events, services, or opportunities), this may be on the basis of contractual necessity or our legitimate interests. For marketing outside of these areas, we will rely on consent.

    • Non-member individuals (including sole traders or partnerships): we will only send marketing communications where you have provided consent, unless the “soft opt-in” applies (for example, if you have asked about our services and we are contacting you about similar ones).

    • Non-member business contacts: we may send relevant marketing communications on the basis of our legitimate interests, and you will always have a clear opportunity to opt out in every message.

  • To comply with legal and regulatory obligations (Legal obligation).

  • To improve our website and user experience through analytics (Legitimate interests).

 

Corporate Clients and Development Services:
Where organisations engage Aurea Nova to deliver workplace networks, leadership programmes, or related services, we may process limited personal data about participating employees or students. This may include names, contact details, job titles, and participation records, provided either directly by the organisation or by the individuals themselves. We process this data to deliver the contracted services, track participation, and provide anonymised reporting to the organisation where agreed.

3. Legal Bases for Processing

We process personal data under the following legal bases:

  • Contractual Necessity: where processing is required to fulfil a contract with you. This includes managing your membership, providing services, processing payments, and responding to enquiries from existing members.

  • Legal Obligation: where processing is required to comply with legal or regulatory requirements (for example, record-keeping for tax purposes).

  • Legitimate Interests: where processing is necessary for our legitimate business purposes, provided your rights do not override those interests. This includes:

    • responding to enquiries from non-members (both individuals and business contacts)

    • sending relevant marketing communications to non-member business contacts (with an opt-out in every message)

    • communicating with members about relevant events, services, or opportunities connected to their membership.

  • Consent: where you have explicitly agreed, for example by joining our mailing list or waitlist, or by opting in to receive marketing communications. We will also rely on consent for marketing to non-member individuals (including sole traders or partnerships), unless the “soft opt-in” applies. You can withdraw consent at any time.

 

4. Sharing Your Information

We do not sell your personal data. However, we may share it with carefully selected third parties where necessary for the purposes described in this Policy:

  • Service Providers: such as payment processors, IT and hosting providers, email and marketing platforms, and other suppliers who support the delivery of our services. These providers are only permitted to use your personal data in accordance with our instructions.

  • Professional Advisers: including lawyers, bankers, auditors, and insurers who provide professional services to us.

  • Regulatory Authorities: where required by law, to comply with legal or regulatory obligations, or to enforce our legal rights.

  • Business Transfers: in the event of a merger, acquisition, reorganisation, or sale of assets, where your data may be transferred as part of the business.

  • International Transfers: if we transfer personal data outside the UK/EEA, we ensure appropriate safeguards are in place, such as the use of UK-approved Standard Contractual Clauses.

 

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes set out in this Policy, including to meet legal, accounting, or reporting requirements. When data is no longer needed, we will securely delete or anonymise it. Examples include:

  • Membership and transaction records: retained for up to 6 years after your membership ends (for tax and legal purposes).

  • Corporate development programme participation records: retained for up to 24 months after programme completion to allow for evaluation, impact reporting, or alumni engagement, unless otherwise agreed with the client organisation.

  • Marketing data: retained until you withdraw your consent or unsubscribe.

  • Enquiries from non-members: retained for up to 12 months after we last hear from you, unless you become a member.

  • Website analytics data: retained in aggregated or anonymised form wherever possible.

 

6. Your Rights

Under data protection law, you have a number of rights in relation to your personal data. These include the right to:

  • Access: request a copy of the personal data we hold about you.

  • Correction: request correction of inaccurate or incomplete data.

  • Deletion: request deletion of your data, subject to our legal obligations.

  • Restriction: request restriction of processing in certain circumstances.

  • Objection: object to processing based on our legitimate interests.

  • Data Portability: request transfer of your data to another provider in a commonly used format.

  • Withdraw Consent: withdraw consent for marketing communications at any time.

We will respond to all valid requests within one month. We may need to verify your identity before acting on a request.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you are concerned about how we handle your data: www.ico.org.uk.

 

7. Data Security

We use appropriate technical and organisational measures to protect personal data from unauthorised access, loss, misuse, alteration, or disclosure. These measures include encryption, secure servers, access controls, and staff training.

 

Personal data is only accessible to those who need it for their role, and any third-party service providers we use are required to maintain adequate security measures.

 

However, please note that no method of transmission over the internet, or method of electronic storage, is completely secure. While we take reasonable steps to protect your data, we cannot guarantee its absolute security.

If you believe your personal data may have been compromised in connection with Aurea Nova, please contact us immediately at hello@aureanova.co.uk, so we can investigate and take appropriate action.

 

8. Cookies and Tracking Technologies

We use cookies (small text files placed on your device) to improve website functionality, performance, and user experience.

  • Essential cookies: required for the operation of our site.

  • Analytics/marketing cookies: only used with your consent.

 

You can manage or withdraw consent for non-essential cookies at any time through your browser settings or our cookie banner.

 

9. Third-Party Links

Our website may contain links to third-party websites, plug-ins, or applications. Clicking on those links may allow third parties to collect or share data about you. We are not responsible for the privacy practices of those third parties and encourage you to read the privacy policies of any site you visit.

 

10. Automated Decision-Making

We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects on individuals (for example, decisions made solely by a computer without human involvement).

 

If we introduce any such processes in the future, we will update this Policy and inform you in advance.

11. Changes to This Policy

We may update this Privacy Policy from time to time, for example to reflect changes in the law, our services, or how we process personal data.

Any significant changes will be notified to you directly by email (where possible), as well as posted on this page. Minor updates will be reflected by updating the “last updated” date at the top of this Policy.

12. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact us at:

Unit 8 Old Forge Court,

Colchester Road,

Elmstead Market,

Essex,

United Kingdom,

CO7 7EA. 

 

Email: hello@aureanova.co.uk

 

This Privacy Policy was last updated on 13 October 2025.

Aurea Nova Limited is registered in England & Wales (Company number 16595750)

Registered office: Unit 8 Old Forge Court, Colchester Road, Elmstead Market, Essex, United Kingdom, CO7 7EA. 

Registered with the ICO under registration number: ZB981772

© Aurea Nova 2025. All rights reserved.

Privacy Policy

bottom of page