GDPR & Privacy Policy

Last Updated: August 2025

EVA & Co Solutions Ltd (Company No. 16373746), trading as EVA Solutions Agency (“EVA”, “we”, “our”), is committed to protecting your privacy and handling your data in a transparent, secure, and lawful manner. This GDPR & Privacy Policy explains how we collect, use, and protect personal data in compliance with the UK GDPR, EU GDPR, and other applicable international data protection laws.

  1. Company Details

EVA & Co Solutions Ltd
19a Singleton Court, Business Park
Monmouth, NP25 5JA
Contact Email: support@evasolutionsagency.co.uk
Website: www.evasolutionsagency.co.uk

  1. Data We Collect

– Full name, email address, postal address, and contact details
– Payment and billing information
– Training progress, quiz results, workbook submissions
– Digital product submissions and sales history
– Client application details for matchmaking purposes
– Technical data such as browser type, IP address, and usage data
– [If applicable] Special category data (e.g., health information) where explicit consent is provided

  1. How We Use Your Data

– To provide access to training, membership, and client matching services
– To process payments, commissions, and product sales
– To manage and promote digital product submissions
– To respond to enquiries and provide customer support
– To improve our services and personalise your experience
– To comply with legal and regulatory requirements

  1. Legal Basis for Processing

We process your personal data under the following lawful bases:
– Consent – where you have opted in to receive marketing communications
– Contract – where processing is necessary for the performance of a contract with you (e.g., training or membership)
– Legitimate interests – for service improvements, analytics, and fraud prevention
– Legal obligation – to comply with applicable laws and tax requirements

  1. Special Category Data

If you choose to share health or disability-related information with EVA, we will only process it with your explicit consent, and solely for the purpose of providing reasonable adjustments or relevant services. This data will be securely stored, access-restricted, and deleted when no longer necessary.

  1. How We Store and Protect Your Data

Your data is stored securely using GDPR-compliant platforms including GoHighLevel, Stripe, and Google Workspace. Access is restricted to authorised personnel only. We use encryption, secure backups, and strict access controls to protect your data.

  1. International Data Transfers

As part of our operations, your personal data may be transferred outside the UK and EEA, including to countries that may not have equivalent data protection laws. Where such transfers occur, we ensure they are protected by:
– Adequacy decisions issued by the UK or European Commission, or
– Standard Contractual Clauses and the UK International Data Transfer Addendum, or
– Other legally recognised safeguards.

  1. Third-Party Access

We never sell your data. We may share it with trusted third-party processors, including:
– Payment processors (e.g., Stripe)
– CRM and training platforms (e.g., GoHighLevel)
– Cloud storage providers (e.g., Google Workspace)
– Government or regulatory bodies where legally required
All third parties are bound by contractual obligations to keep your data secure and process it only as instructed by EVA.

  1. Marketing Communications

We will only send you marketing communications where you have provided explicit consent. You may withdraw this consent at any time by using the unsubscribe link in our emails or contacting support@evasolutionsagency.co.uk. Withdrawing consent will not affect the lawfulness of processing carried out before the withdrawal.

  1. Your Rights

Under data protection law, you have the right to:
– Access the personal data we hold about you
– Request correction of inaccurate or incomplete data
– Request deletion of your data (‘right to be forgotten’)
– Restrict or object to certain processing
– Request data portability to another service provider
– Withdraw consent for marketing
– Lodge a complaint with the ICO (UK) or your local supervisory authority

  1. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes we collected it for, including legal, accounting, or reporting requirements:
– Training and account records: Deleted or anonymised 12 months after account closure
– Financial records: Retained for 6 years as required by UK tax law
– Marketing data: Deleted upon withdrawal of consent

  1. Cookies and Tracking

Our website uses cookies for essential site functionality and anonymous analytics. Non-essential cookies will only be set with your consent. For details on the cookies we use, please see our Cookie Policy.

  1. Data Breach Notification

In the event of a personal data breach, EVA will assess the impact and notify the Information Commissioner’s Office (ICO) within 72 hours where required and inform affected individuals if the breach is likely to result in a high risk to their rights and freedoms.

  1. Changes to This Policy

We may update this policy from time to time to reflect changes in law, technology, or our practices. We encourage you to review this page periodically for the latest information.

Scroll to Top