Legal Document

Privacy Policy

Dealwise Advisory Last updated: January 2025 UK GDPR compliant

This policy has been drafted to reflect Dealwise Advisory's operations. It should be reviewed by a UK-qualified solicitor before publication to ensure full UK GDPR compliance for your specific circumstances. Update the company registration details, DPO information, and any third-party processor names before going live.

The short version

We only collect information you give us directly — through forms, emails, or calls
We use it to provide our services, respond to enquiries, and send communications you've opted into
We never sell your data to anyone
We never add you to marketing lists without your explicit consent
You can ask us to delete your data at any time and we will
We use GoHighLevel (GHL) as our CRM — your data is stored there

1. Who we are

This Privacy Policy applies to Dealwise Advisory, operated by Steve Rooms through [Company Legal Name] (Company No. [XXXXXXXX]), registered in England and Wales.

Our registered address is: [Registered Address]

We are the data controller for the personal information we collect about you. This means we are responsible for deciding how and why your personal data is used.

If you have any questions about this policy or how we handle your data, contact us at [email protected].

2. What personal data we collect

We collect personal data in the following ways:

Information you give us directly

Your name, email address, and phone number when you complete a contact form, book a discovery call, or register for a webinar or course
Information about your business situation and enquiry that you choose to include in contact forms or messages
Your email address when you subscribe to the Dealwise Briefing newsletter or download a free resource
Payment information when you purchase a course or advisory service (processed by our payment provider — we do not store card details)

Information collected automatically

Basic technical data when you visit our website — including your IP address, browser type, pages visited, and time spent on each page (via cookies — see Section 8)
Email interaction data when we send you emails — whether you opened the email or clicked a link (via our email platform)

Information from third parties

We may receive your contact details if someone refers you to us. We will only use that information to make initial contact with you.

3. How we use your data

Purpose	What we use
Responding to your enquiry	Name, email, phone, message content
Booking and managing discovery calls	Name, email, phone, situation context
Delivering advisory or coaching services	All information relevant to the engagement
Sending you resources you requested	Email address
Sending the Dealwise Briefing newsletter	Name, email address (consent-based only)
Providing access to courses you've purchased	Name, email, payment confirmation
Improving our website and content	Anonymised analytics data
Complying with legal obligations	As required by applicable law

We will never: sell your personal data to third parties, share it with advertisers, or add you to any mailing list without your explicit consent.

4. Our legal basis for processing your data

Under UK GDPR, we must have a lawful basis to process your personal data. We rely on the following:

Contractual necessity — to deliver the advisory services, courses, or other products you have engaged us for
Legitimate interests — to respond to enquiries, maintain business records, and improve our website. We have assessed that our legitimate interests do not override your rights in these cases
Consent — for marketing communications, newsletters, and non-essential cookies. You can withdraw your consent at any time
Legal obligation — to comply with applicable laws, such as financial record-keeping requirements

5. Who we share your data with

We do not sell or rent your personal data. We share it only with the following third-party service providers who process it on our behalf:

Provider	Purpose	Location
GoHighLevel (GHL)	CRM, calendar booking, email communications, landing pages	USA (SCCs in place)
Stripe / [Payment provider]	Payment processing for courses and services	USA (SCCs in place)
Google Analytics	Anonymised website analytics	USA (SCCs in place)
Zoom / Google Meet	Video calls and discovery call delivery	USA (SCCs in place)
[Course platform, if applicable]	Course hosting and delivery	[Location]

All third-party processors are required to handle your data in accordance with UK GDPR. Where data is transferred outside the UK, appropriate safeguards are in place (Standard Contractual Clauses or equivalent).

We may also disclose your personal data if required by law, regulation, or court order.

6. How long we keep your data

Enquiry and contact records — retained for 2 years from the date of last contact, unless you become a client
Client records and advisory files — retained for 7 years following the end of the engagement, in line with standard accounting and legal requirements
Newsletter subscribers — retained until you unsubscribe
Course purchasers — retained for the duration of course access plus 3 years for records purposes
Website analytics — anonymised and aggregated; no personal retention period applies

We review our data holdings annually and delete or anonymise personal data that is no longer needed.

7. Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

Right of access — you can request a copy of the personal data we hold about you
Right to rectification — you can ask us to correct inaccurate or incomplete data
Right to erasure — you can ask us to delete your personal data in certain circumstances
Right to restrict processing — you can ask us to pause processing of your data in certain circumstances
Right to data portability — you can request your data in a structured, commonly used format
Right to object — you can object to processing based on legitimate interests or for direct marketing
Right to withdraw consent — where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, contact us at [email protected]. We will respond within one month.

If you are unhappy with how we have handled your data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

8. Cookies

Our website uses cookies — small text files placed on your device when you visit. We use the following types:

Type	Purpose	Consent required?
Strictly necessary	Essential for the website to function — session management, security	No
Analytics	Understand how visitors use the site (Google Analytics — anonymised)	Yes
Marketing / tracking	Track conversions from paid campaigns (if applicable)	Yes

When you first visit our website, you will be asked for your cookie preferences. You can change your preferences at any time by clearing your browser cookies and revisiting the site, or by contacting us.

You can also control cookies through your browser settings. For more information, visit allaboutcookies.org.

9. Security

We take the security of your personal data seriously. We use industry-standard measures to protect it, including:

HTTPS encryption on all pages of our website
Secure, access-controlled storage of client files and communications
Limited access to personal data — only those who need it to deliver services can access it
Regular review of our data handling practices

No method of transmission over the internet is 100% secure. If you have concerns about the security of information you have shared with us, please contact us immediately at [email protected].

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO within 72 hours of becoming aware of it, as required by UK GDPR.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will:

Update the "last updated" date at the top of this page
Notify active newsletter subscribers by email if the change is significant

We encourage you to review this page periodically. Continued use of our website or services after changes are published constitutes acceptance of the updated policy.

11. Contact us

For any questions, requests, or concerns about this Privacy Policy or how we handle your personal data:

Dealwise Advisory — Data Enquiries

Email: [email protected]

Post: [Company Legal Name], [Registered Address]

We aim to respond to all data-related requests within 5 working days and to resolve them within one month as required by UK GDPR.

If you are not satisfied with our response, you have the right to raise a complaint with the Information Commissioner's Office (ICO).