Privacy Policy
Last Updated: June 2026
At The You Co ("we", "us", or "our"), your privacy and trust are of the utmost importance. We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We do not sell, rent, or trade email lists or personal information to third parties for marketing purposes.
We are registered as a data controller with the Information Commissioner’s Office (ICO) under registration reference ZB698768.
1. Personal Data We Collect
We may collect and process the following categories of personal data:
-
Identity and Contact Data: Name and email address (e.g., when you contact us).
-
Technical Data: IP address, browser type and version, time zone setting, operating system, and device information.
-
Usage Data: Information about how you use our website, such as pages visited and time spent on the site.
2. How and Why We Use Your Data (Lawful Basis)
Under the UK GDPR, we must have a valid lawful basis to process your personal data. We use your data for the following purposes and under the following legal grounds:
-
To respond to your enquiries: When you email us, we process your contact details to deliver the information or services you requested.
-
Lawful Basis: Performance of a Contract (taking steps at your request before entering into an agreement) or Consent.
-
-
To monitor and improve our website: We analyse how visitors interact with our site to improve user experience, site performance, and security.
-
Lawful Basis: Legitimate Interests (to properly manage, optimise, and secure our business and website).
-
-
To comply with the law:To fulfill any legal or regulatory obligations.
-
Lawful Basis: Legal Obligation
-
3. Cookies
We use cookies to enhance your experience and ensure the website functions correctly.
-
Cookies help us understand how our website is used and keep the site secure.
-
You can manage, block, or delete cookies through your browser settings at any time, though some parts of our website may cease to function correctly if cookies are disabled.
4. Google Analytics
We use Google Analytics to collect data on website traffic and user behavior. This helps us improve the site and understand visitor interests. We have configured Google Analytics to anonymize/mask IP addresses. Google does not identify individual users or associate your IP address with any other data held by them.
5. Data Sharing with Third Parties
We may share limited technical data (such as your IP address and browser type) with trusted third-party service providers who help us host and operate our website or manage communications.
We do not allow these third parties to use your personal data for their own purposes. They are only permitted to process your data for specified purposes and in accordance with our strict instructions.
6. International Data Transfers
Some of our external third-party service providers (such as Google Analytics) are located outside the United Kingdom, meaning their processing of your personal data will involve a transfer of data outside the UK.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
-
We transfer data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government.
-
We use specific contracts approved for use in the UK (the International Data Transfer Agreement or Standard Contractual Clauses), which give personal data the same protection it has in the UK.
7. Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, and the applicable legal requirements.
Our standard retention periods are as follows:
-
General Inquiries: If you contact us via email or a website form but do not enter into a commercial relationship with us, we will retain your identity and contact data for 24 months following our last correspondence with you, after which it is securely deleted.
-
Client Records: If you become a client of The You Co, we will retain your contact, transaction, and financial data for 6 years following the end of our contract or the relevant financial year. This is to comply with UK statutory limitation periods for legal claims and HMRC tax regulations.
-
Technical and Analytics Data: Anonymised usage data collected via Google Analytics is automatically deleted after 14 months.
8. Data Security
We implement appropriate technical and organisational security measures to safeguard your personal information against unauthorized access, accidental loss, alteration, or misuse. Access to your personal data is strictly limited to individuals who have a genuine business need to know.
9. Your Rights
Under the UK GDPR, you have the following rights regarding your personal data:
-
Access: Request a copy of the personal data we hold about you.
-
Correction: Request correction of any inaccurate or incomplete data.
-
Erasure ("Right to be Forgotten"): Request that we delete your data in certain circumstances.
-
Object or Restrict: Object to or restrict the processing of your data under certain conditions.
-
Withdraw Consent: Withdraw your consent at any time where we rely on consent to process your data.
To exercise any of these rights, please contact us at contact@theyouco.co.uk. We will respond to all legitimate requests within one month.
If you are not satisfied with our response, you have the right to lodge a complaint at any time with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us first.
10. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal obligations. The most current version will always be available on our website.
If we make significant changes, we will notify you via email or through a prominent notice on the website, where possible. By continuing to use our services, you acknowledge the terms of the updated Privacy Policy.