Privacy and Refund Policy

Last updated: November 2025

At Carl Mumford Consulting Ltd, we take your privacy seriously. This policy explains how we collect, use, and protect your personal information when you visit carlmumford.co.uk, register for a webinar, or use our services. We are committed to handling your data fairly, transparently, and in line with UK data protection law, including the UK GDPR and the Data Protection Act 2018.

1. Who we are

  • Carl Mumford Consulting Ltd
  • Company number: 15626285
  • Registered address: 71–75 Shelton Street, London, WC2H 9JQ
  • ICO registration: ZB688474
  • Contact for privacy enquiries: data@carlmumford.co.uk

2. What information we collect

We collect and process different types of information depending on how you interact with us:

  • Website visitors and enquiries: Name, email address, and message when you contact us through a form or by email, plus limited analytics data such as IP address and browser type.
  • Newsletter subscribers: Name and email address if you opt in to receive updates.
  • Course and purchase customers: Name, contact details, billing information, and transaction history (processed securely via Stripe).
  • Webinar participants: Registration details (name and email), payment details (processed by Stripe; we never see full card numbers or CVC), participation data such as chat or Q&A messages, recordings (where faces and names are obscured or removed), and any accessibility or communication needs shared so we can support you.

3. How we use your information

  • Respond to your enquiries and provide customer support
  • Register you, take payment, and deliver webinars or courses (including Microsoft Teams links and joining instructions)
  • Provide essential event communications, reminders, updates, and follow-up resources
  • Send optional updates about related events, services, or resources (only with your consent)
  • Process payments and maintain records for tax and accounting purposes
  • Improve our website, services, and marketing through analytics
  • Comply with our legal obligations and maintain appropriate records

4. Legal bases for processing

  • Consent: For newsletters and optional marketing communications.
  • Contract: To process your data for a paid course, product, or webinar registration.
  • Legal obligation: For accounting, tax, and compliance requirements.
  • Legitimate interests: To manage and improve our website, respond to enquiries, and prevent misuse or fraud.

5. How long we keep your data

  • Enquiry form submissions: 12 months
  • Newsletter subscriptions: until you unsubscribe
  • Purchase and course records: 6 years (for tax and accounting)
  • Webinar registration and participation data: up to 12 months after the event
  • Webinar recordings: up to 1 month after the webinar
  • Analytics data: 26 months

6. Who we share data with

We only share data with trusted third-party processors who help us deliver our services:

  • Stripe for secure payment processing
  • Microsoft for business email, Teams webinars, and Microsoft 365 storage
  • Google for Analytics, Drive, and Workspace tools
  • MailerLite for newsletters and updates
  • Xero for accounting and invoicing

All providers operate under strict data protection terms and cannot use your information for their own purposes.

7. International transfers

Some providers may store or process data outside the UK. Where this occurs, recognised safeguards such as the UK–US Data Bridge or Standard Contractual Clauses are used to ensure your data remains protected.

8. Security

  • Secure Microsoft 365 environment with restricted access
  • Two-factor authentication on business accounts and administrator access points
  • Encrypted connections (HTTPS and SSL)
  • Regular password and access reviews

Payment data is handled by Stripe using encrypted connections. We only retain the minimum data necessary and restrict access to those who need it.

9. Use of Artificial Intelligence (AI)

We use Microsoft Copilot and ChatGPT to assist with internal tasks such as drafting written content, generating design ideas, and improving website functionality. No personal, confidential, or client-identifiable data is entered into public models. All AI-generated content is reviewed and edited by a human before use. Where applicable, data processed by these tools remains within secure enterprise systems such as Microsoft 365 Copilot. We do not use AI to make automated decisions about individuals or to analyse personal data.

10. Your rights

  • Access a copy of the data we hold about you
  • Correct inaccurate or incomplete data
  • Request deletion of your data where appropriate
  • Restrict or object to certain processing
  • Request portability for data you provided
  • Withdraw consent for marketing at any time
  • Complain to the Information Commissioner’s Office at ico.org.uk

To exercise any of these rights, email data@carlmumford.co.uk. We will respond within one month.

11. Refund policy for webinars and courses

We understand that circumstances may change:

  • Before the webinar or course: You can request a full refund at any time before the event takes place by emailing email@carlmumford.co.uk with your booking details.
  • After the event: Once the webinar or course has concluded, tickets are non-refundable, as access links, materials, and recordings may have already been shared.
  • Refunds will be processed via the same payment method originally used.

12. Charitable donations

At the conclusion of certain events such as Lost in the System, 10% of all ticket sales will be donated to Children Heard and Seen. Ticket costs for these events are non-refundable once the event has ended.

13. Who can attend our events

Our webinars and courses are designed for professionals and are intended for adults only.

14. Children’s data

We do not knowingly collect data from children. If a child’s information is provided, please contact us and we will delete it promptly.

15. Changes to this policy

We may update this policy from time to time to reflect new services or legal requirements. The latest version will always be available at carlmumford.co.uk/privacy-policy.

16. Cookies and tracking technologies

We use cookies that are necessary for the site to function and analytics cookies to understand site usage. You can manage cookies through your browser settings. For more detail, see our Cookie Policy.

  • Necessary cookies: Required for core functionality such as security and preferences.
  • Analytics cookies: Help us understand site performance and improve content.

17. Retention for AI-assisted drafts and tooling

Drafts created with Microsoft Copilot or similar tools are retained only within our Microsoft 365 environment and are deleted when no longer needed for the task. We do not store personal data in public AI tools.

18. Data processors and due diligence

We review our processors’ data protection measures periodically, including security certifications, data location, and contract terms. Sub-processors engaged by our providers are subject to equivalent protections.

19. Event communications and recordings

During webinars, participant names, chat messages, and Q&A submissions may be visible to other attendees. We do not publish these externally. If events are recorded, we will announce this in advance. Any shared recordings are restricted to attendees for a limited time.

20. Accessibility and reasonable adjustments

If you require accessibility adjustments, please let us know when registering or by emailing email@carlmumford.co.uk. We will use this information only to meet your needs and will delete it after the event unless there is a legitimate reason to retain it longer.

21. Links to other websites

Our website may contain links to external sites. We are not responsible for their content or privacy practices. You should review their privacy notices before providing any personal data.

22. Limitation of liability for event content

Webinars and courses are for professional development and general information. They do not constitute legal, medical, clinical, or therapeutic advice. You remain responsible for how you apply the information in your context.

23. Technical interruptions and rescheduling

If an event is disrupted by technical issues or needs to be rescheduled, we will provide a replacement live session or time-limited access to a recording. If neither is possible, we may offer a credit for a future event.

24. Intellectual property and permitted use

All materials provided before, during, or after an event, including slides, recordings, templates, and downloads, are the intellectual property of Carl Mumford Consulting Ltd or our licensors. You may not copy, share, sell, or adapt these materials without prior written permission, except for your own personal professional use.

25. Data breach response

In the unlikely event of a personal data breach that risks your rights and freedoms, we will notify you without undue delay and report to the ICO where required. We will take steps to mitigate harm and prevent recurrence.

26. Contact preferences and opt-out

You can change your email preferences or unsubscribe at any time using the link in our emails or by contacting us at data@carlmumford.co.uk. We will act on your request promptly.

27. Refund exceptions and transfers

If illness or unforeseen circumstances prevent attendance, you may request a transfer to a future date where available. Partial refunds or credits may be considered at our discretion if no materials have been accessed. Any such requests should be made as soon as possible before the event.

28. Governing law and jurisdiction

This policy and any related terms are governed by the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.

If you have any questions about this notice or how we handle your data, please contact us at data@carlmumford.co.uk.