Book Revenue Audit

Privacy Notice

Last updated: [2 March 2026]

This privacy notice explains how Practical Revenue (we, us) collects and uses personal data when you visit our website, contact us, book time with us, or use our services. This notice is provided to meet the UK GDPR transparency requirements (the right to be informed). (Information Commissioner’s Office)

Controller

Practical Revenue is the controller for personal data covered by this notice. (Information Commissioner’s Office)

  • Registered office: 167-169 Great Portland Street, 5th Floor, London, England, W1W 5PF
  • Company number: 16939356
  • Email: james@practicalrevenue.com
  • Postal address for privacy requests: 167-169 Great Portland Street, 5th Floor, London, England, W1W 5PF

We do not currently appoint a Data Protection Officer. If that changes, we will update this notice.

What we collect

Information you provide to us

  • Identity and contact details: name, email, phone number, job title, company name.
  • Enquiry and communications: messages you send us, attachments, and meeting details.
  • Client delivery information: information you share that we need to deliver the work, which may include personal data contained in business systems you ask us to review.

Information we collect automatically (website)

  • Technical data: IP address, device and browser type, operating system, referral source.
  • Usage data: pages visited and interactions with the site.
  • Cookie data: identifiers and analytics data collected via cookies and similar technologies (see Cookies and analytics).

Call recording

  • Sales calls are recorded through Google. This may include voice, name, company, and any information you share during the call.

Payments and billing

  • Billing contact details, invoice records, payment status, and transaction references.
  • Payments are processed securely by our payment provider, Stripe. When you make a purchase through our website, your payment details are submitted directly to Stripe and are processed in accordance with Stripe’s privacy policy. We do not receive or store full card details on our systems.
  • Stripe may process personal data including your name, email address, billing details, payment method information, IP address, and transaction data, for the purposes of processing payments, fraud prevention, regulatory compliance, and financial record keeping.
  • When purchasing digital products, you will be required to confirm acceptance of our Terms of Service before completing payment.

Why we use personal data and our lawful basis

We use personal data for the purposes below. UK GDPR requires a lawful basis for each purpose. (Information Commissioner’s Office)

1) Responding to enquiries and managing relationships

  • Purpose: respond to messages, handle requests, book meetings, manage business relationships.
  • Lawful basis: legitimate interests and, where relevant, steps prior to entering a contract. (Information Commissioner’s Office)

2) Delivering services

  • Purpose: provide contracted services, produce deliverables, and communicate about the work.
  • Lawful basis: contract (performance of a contract) and, where relevant, legitimate interests. (Information Commissioner’s Office)

3) Billing, payments, and accounting

3A) Processing digital product purchases

  • Purpose: process payment for digital products, provide access to purchased materials, maintain transaction records, enforce our Terms of Service, and prevent fraud.
  • Lawful basis: performance of a contract and legitimate interests (business administration, fraud prevention, and enforcement of contractual rights).

Where required under UK consumer law, we also rely on your express consent to immediate digital delivery which may remove any statutory right to cancel once access is granted.

4) Sales call recording

  • Purpose: maintain an accurate record of discussions, improve sales process quality, handle disputes, and train internally where appropriate.
  • Lawful basis: legitimate interests. Where we rely on legitimate interests, we balance our interests against your rights and you can object. (Information Commissioner’s Office)

5) Marketing and business development

  • Purpose: send relevant updates and invitations, measure campaign performance, maintain suppression lists (do not contact).
  • Lawful basis: legitimate interests for business to business marketing and, where required under PECR, consent. You can opt out at any time. (Information Commissioner’s Office)

6) Website analytics and improvement

  • Purpose: understand how the site is used, improve content and performance, fix issues.
  • Lawful basis: consent for analytics cookies where required under PECR (see Cookies and analytics). (Information Commissioner’s Office)

7) Legal, security, and compliance

  • Purpose: protect systems, prevent fraud, enforce terms, comply with legal requests, establish or defend legal claims.
  • Lawful basis: legal obligation and legitimate interests. (Information Commissioner’s Office)

Who we share personal data with

We share personal data only as needed to operate the business and deliver services. UK GDPR requires you to be informed about recipients or categories of recipients. (gdpr-info.eu)

Processors and service providers

  • Website hosting: Bluehost.
  • Website forms: Gravity Forms
  • Scheduling: Calendly.
  • Analytics: Google Analytics 4.
  • Email and calendar: Google
  • CRM: HubSpot.
  • Payments: Stripe
  • Invoicing and accounting: Xero.

Note: We use Stripe to process payments for blueprint purchases and reviews. When you buy, we share your name, email, business name, and purchase details with Stripe to take payment and send receipts. Stripe handles and stores card details. We don’t store card numbers.

Professional advisers

We may share data with accountants, legal advisers, and other professional advisers where necessary.

Legal and regulatory disclosures

We may disclose data to courts, law enforcement, regulators, or other public authorities where required by law.

We do not sell personal data.

International transfers

Some providers listed above may process personal data outside the UK. Where personal data is transferred internationally and the destination is not covered by UK adequacy regulations, we use appropriate safeguards such as the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses. (Information Commissioner’s Office)

You can request more information about relevant safeguards by contacting us.

How long we keep personal data

We keep personal data only as long as needed for the purposes in this notice, including legal and accounting requirements.

Typical retention periods:

  • Enquiries and non-client correspondence: up to 24 months after last contact.
  • CRM records: for as long as we have an active relationship, then reviewed at least annually and removed or anonymised where no longer needed.
  • Sales call recordings: up to 12 months unless needed for dispute handling, training, or legal claims.
  • Client delivery records and communications: up to 6 years after the end of the engagement.
  • Invoices and accounting records: typically 6 years.
  • Website analytics (GA4): retained according to configuration, typically 14 to 26 months.

We may keep data longer where necessary to establish, exercise, or defend legal claims.

Your rights

You have rights under UK GDPR, including:

  • access
  • rectificatio
  • erasure
  • restriction
  • data portability
  • objection (including objection to direct marketing)
  • rights related to automated decision-making

You can exercise your rights by emailing james@practicalrevenue.com. We may ask for information to verify your identity. We normally respond within one month and can extend where legally permitted. (Information Commissioner’s Office)

Direct marketing: you can opt out at any time by using the unsubscribe link (if provided) or contacting us.

Complaints

If you have concerns, contact us first and we will try to resolve them. You also have the right to complain to the UK Information Commissioner’s Office. (Information Commissioner’s Office)

Cookies and analytics

We use cookies and similar technologies to operate the website and, if you consent, to measure and improve performance using Google Analytics 4. Under PECR, analytics cookies generally require consent unless an exemption applies. (Information Commissioner’s Office)

You can control cookies using CookieYes and browser settings. If you disable cookies, parts of the site may not work.

Security

We use reasonable technical and organisational measures to protect personal data and restrict access to those who need it. No system is completely secure.

Changes to this notice

We may update this notice from time to time. The latest version will be posted on this page with the updated date.