Your Expert Mind

1. Who We Are

This website is operated by Cognito CallFlow Ltd, a company registered in England and Wales, trading as Your Expert Mind. In this Privacy Policy, references to "we", "us", or "our" mean Cognito CallFlow Ltd.

Data Controller: Cognito CallFlow Ltd t/a Your Expert Mind
Website: www.yourexpertmind.com
Email: [email protected]
ICO Registration: Pending (we will register with the Information Commissioner's Office prior to commencing trading)

We are committed to protecting your personal data and processing it in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Personal Data We Collect

We collect personal data that you provide directly to us when you use our website or contact us. This includes:

Data Category	Examples	Source
Identity data	Full name	Contact form
Contact data	Email address, phone number	Contact form
Business data	Website URL, programme or offer description	Contact form
Communication data	Messages and enquiries you send us	Contact form, email
Technical data	IP address, browser type, pages visited, time on site	Google Analytics (with consent)
Cookie data	Preferences and browsing behaviour	Cookies (with consent)

We do not collect any special category data (such as health information, racial or ethnic origin, or political opinions) and we do not knowingly collect data from individuals under the age of 18.

3. How We Use Your Personal Data

We will only use your personal data when the law allows us to. The table below sets out the purposes for which we process your data and the lawful basis we rely on under UK GDPR:

Purpose	Lawful Basis (UK GDPR Art. 6)
Responding to your enquiry or booking request	Legitimate interests (Art. 6(1)(f)) — to respond to pre-contractual communications
Providing our services to you once engaged	Performance of a contract (Art. 6(1)(b))
Sending you information about our services that you have requested	Legitimate interests (Art. 6(1)(f))
Sending you marketing communications (if you have opted in)	Consent (Art. 6(1)(a))
Analysing website usage to improve our service	Consent (Art. 6(1)(a)) — via cookie consent
Complying with legal obligations	Legal obligation (Art. 6(1)(c))

4. Cookies and Analytics

We use cookies and similar tracking technologies on our website. We use Google Analytics to understand how visitors interact with our website. Google Analytics uses cookies to collect anonymised information about your visit, including pages viewed, time spent on the site, and your approximate location.

We will only activate Google Analytics after you have given your consent via our cookie consent banner. You can withdraw your consent at any time by clearing your cookies and declining when the banner reappears, or by contacting us.

For full details of the cookies we use and how to manage them, please see our Cookie Policy.

5. Who We Share Your Data With

We do not sell, rent, or trade your personal data. We may share your data with the following categories of third parties where necessary to operate our business:

Third Party	Purpose	Location
Google LLC (Google Analytics)	Website analytics	USA (UK adequacy / Standard Contractual Clauses)
Email service providers	Delivering email communications	UK/EEA
CRM or scheduling tools	Managing enquiries and bookings	UK/EEA or SCCs in place
Professional advisers	Legal, accounting, or compliance advice	UK
HM Revenue & Customs, regulators	Compliance with legal obligations	UK

Where we transfer data outside the UK, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses approved by the ICO.

6. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Our standard retention periods are:

Data Type	Retention Period
Enquiry and contact form data (no contract formed)	12 months from last contact
Client data (where a contract is formed)	6 years from end of contract (Companies Act / HMRC requirements)
Marketing consent records	Until consent is withdrawn, plus 12 months
Website analytics data (Google Analytics)	26 months (Google's default retention setting)

7. Your Rights Under UK GDPR

Under UK GDPR, you have the following rights in relation to your personal data. These rights are not absolute and may be subject to exemptions in certain circumstances.

Right of access: You can request a copy of the personal data we hold about you (a Subject Access Request). We will respond within one month.

Right to rectification: You can ask us to correct inaccurate or incomplete personal data we hold about you.

Right to erasure: You can ask us to delete your personal data where there is no compelling reason for us to continue processing it.

Right to restrict processing: You can ask us to restrict how we use your data in certain circumstances.

Right to data portability: Where processing is based on consent or contract, you can ask us to provide your data in a structured, commonly used format.

Right to object: You can object to processing based on legitimate interests. We must stop unless we can demonstrate compelling legitimate grounds.

Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Right to complain: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

To exercise any of these rights, please contact us at [email protected]. We will respond within one calendar month of receiving your request.

8. Data Security

We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include secure HTTPS transmission, access controls, and regular review of our data handling practices. Where we use third-party processors, we ensure they provide sufficient guarantees regarding their security measures.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of the breach, and will notify you directly where required.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of our website after any changes constitutes your acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

Cognito CallFlow Ltd t/a Your Expert Mind
Email: [email protected]
Website: www.yourexpertmind.com

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO): ico.org.uk