Privacy Policy
Effective Date: [insert date] · Last reviewed: June 2026
Introduction
This Privacy Policy explains how [Function legal entity] ('Function', 'we', 'us' or 'our') collects, uses, stores and protects personal information when you visit our website at [website domain] (the 'Site'), subscribe to our newsletter, complete a lead magnet or enquiry form, book a discovery call, attend a Function event, or join Function as a member.
Function is a wellness-led membership network for Founders and Business Owners across Greater Manchester and Cheshire. We are committed to protecting your personal data and processing it in accordance with the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).
Table of Contents:
1. Who we are and how to contact us
[Function legal entity] is a company registered in England and Wales under company number [company number], with its registered office at [registered office address].
Function is the data controller for personal data collected through the Site and for the data we collect about our newsletter subscribers, leads, prospects, event attendees and members in the course of running our business.
For any data protection enquiries, including requests to exercise your rights under UK GDPR (such as access, correction, deletion or objection), please contact us at [contact email]. We will respond to verified requests within one calendar month.
We have not appointed a Data Protection Officer, as we are not required to do so under UK GDPR Article 37. The point of contact for all data protection enquiries is [contact email]. Function is registered with the Information Commissioner's Office under registration number [ICO registration number].
2. The personal data we collect
Function collects the categories of personal data described below. We collect only the data we need to operate our business and to provide the membership, events and services you have requested or signed up to.
2.1 Information you provide directly
Full name. Provided when you subscribe to our newsletter, opt in to a lead magnet, complete an enquiry or contact form, book a discovery call, book onto an event, or join Function.
Email address. Provided in the same circumstances as above. Used to send you the newsletter, the lead magnet, discovery call and event confirmations, and membership communications.
Phone number. Provided when you book a discovery call, book onto an event, or join Function. Used for booking confirmations and for operational communications by phone and WhatsApp during your membership.
Business information. Including business name, role, industry and sector, and any other detail you share with us during the discovery call or onboarding process.
Payment and billing information. Including card and billing details, processed by our payment provider Stripe via the GoHighLevel platform. Function does not store or have direct access to your full card details. Stripe acts as a separate data controller for the payment card information you provide.
Information shared during your membership. Including your LinkedIn profile information, event preferences, content sign-offs, and any other information you share with us during a Function membership or event.
Health and dietary information. Where you provide it (for example, to confirm you are medically fit to take part in an activity, or to tell us about dietary or medical requirements for an event). This is special category data and is handled as described in section 2.4.
2.2 Information collected automatically
Technical information. Including IP address, browser type and version, device type, operating system, time zone setting and location data inferred from your IP address.
Usage information. Including pages visited on the Site, time spent on pages, click patterns, referring URLs and the path taken through the Site.
Cookie data. Including the cookie consent record (whether you have accepted, rejected or partially accepted cookies), and the data captured by the cookies you have consented to.
2.3 Photography and video at events
At Function events, we and our event partners may take photographs and video footage in which attendees appear. We use this material for membership records and for marketing purposes, including testimonials and case studies. Where we wish to use material that identifies you for promotional purposes, we rely on your consent or on the testimonial terms of the Membership Agreement, and you may ask us to stop using identifiable material featuring you at any time by contacting us at [contact email].
2.4 Special category (health) data
Some Function activities involve physical exertion and exposure to heat and cold. Where you provide health, medical fitness or dietary information so that you can take part safely, this is special category data under UK GDPR Article 9. We process it only with your explicit consent (Article 9(2)(a)), solely for the purpose of your safety and wellbeing at events, and we do not use it for any other purpose. We keep this information only for as long as it is needed for the relevant event or activity.
3. The lawful bases on which we process your data
Under UK GDPR, every processing activity must have a lawful basis. The lawful bases we rely on are set out below.
Processing activity
Processing activity
Processing activity
Sending you the newsletter
Consent (Article 6(1)(a))
You have actively subscribed by entering your email address. You can withdraw consent at any time using the unsubscribe link in any newsletter email.
Sending you a lead magnet you have opted into
Consent (Article 6(1)(a))
You have requested the resource and we deliver it to the email address you provided.
Discovery calls and enquiries
Legitimate interests (Article 6(1)(f))
Our legitimate interest in pursuing commercial conversations with prospective members who have expressed an interest in Function.
Delivering your membership and events
Contract (Article 6(1)(b))
Processing your data is necessary to perform the Membership Agreement we have with you.
Processing payments
Contract (Article 6(1)(b))
Processing your payment is necessary to perform the contract you have entered into with us.
Operational communications by email and WhatsApp during your membership
Contract (Article 6(1)(b))
Communicating with you about events and your membership is necessary to perform the contract.
Sharing your contact details within the member community
Consent (Article 6(1)(a))
You agree, under the Membership Agreement, that your details may be shared with other members so the community can connect.
Health and medical fitness information
Explicit consent (Article 9(2)(a))
You provide this so that you can take part in physical activities safely. It is used only for that purpose.
Photography and video at events
Legitimate interests (Article 6(1)(f)), and consent for identifiable promotional use
Our legitimate interest in keeping membership records and promoting Function, with consent or the Membership Agreement governing identifiable promotional use.
Records, accounting, tax and legal compliance
Legal obligation (Article 6(1)(c))
We are required by law to keep certain records of commercial transactions for accounting, tax and audit purposes.
Marketing to existing members about related Function services
Legitimate interests (Article 6(1)(f)) and the soft opt-in under PECR Regulation 22
Where you are an existing member, we may contact you about related Function services. You can object at any time.
Security, fraud prevention and Site protection
Legitimate interests (Article 6(1)(f))
Our legitimate interest in protecting the Site, our systems and our members from fraud, abuse and unlawful activity.
Non-essential cookies and analytics
Consent (Article 6(1)(a) and PECR Regulation 6)
We only set non-essential cookies if you have consented through the cookie banner on the Site.
4. How we use your personal data
We use the personal data we collect for the following purposes:
Providing the membership, events and services you have requested or signed up to, including the newsletter and any lead magnet you have opted into.
Communicating with you, by email and WhatsApp, about your enquiries, your membership, your event bookings, your account and your payments.
Sending you the newsletter you have subscribed to, until you unsubscribe.
Booking and managing discovery calls, events and other meetings with you.
Processing payments through Stripe and GoHighLevel, and managing the recurring subscription set up at the point of joining.
Sharing your contact details within the member community, with your consent, so that members can connect with one another.
Keeping you safe at events, where you have provided health, fitness or dietary information for that purpose.
Operating the Site and analysing how visitors use it, where you have consented to analytics cookies.
Taking and using photography and video from events for membership records and marketing, as described in section 2.3.
Protecting the Site, our systems and our members from fraud, abuse, unauthorised access and unlawful activity.
Complying with our legal, accounting, tax and regulatory obligations.
Building anonymised performance data, analytics summaries and case study material, for our own marketing, training and development. Any case study material that identifies you is governed by the testimonial clauses in the Membership Agreement.
We do not sell your personal data. We do not share your personal data with third parties for their own marketing purposes. We do not use your personal data for automated decision-making that has legal or similarly significant effects on you.
5. Cookies and tracking technologies
The Site uses cookies and similar tracking technologies. Cookies are small text files stored on your device when you visit the Site. They allow the Site to remember your preferences, recognise you across visits, and help us understand how the Site is used.
5.1 Categories of cookies we use
Strictly necessary cookies. Required for the Site to function. These cookies do not require your consent because they are essential to the operation of the Site, including security, load balancing and remembering your cookie preferences.
Analytics cookies. Help us understand how visitors interact with the Site, which pages are most popular, where visitors come from, and how the Site is performing. We use these only with your consent. Examples include cookies set by Google Analytics and by the GoHighLevel platform that hosts the Site infrastructure.
Functional cookies. Allow the Site to remember choices you have made (such as form fields you have completed) and provide enhanced features. Set only with your consent.
Marketing cookies. May be used to deliver more relevant advertising to you, including remarketing pixels from platforms such as LinkedIn and Meta. Set only with your consent through the cookie banner.
5.2 Managing your cookie preferences
When you first visit the Site, you are shown a cookie consent banner. You can accept all cookies, reject all non-essential cookies, or customise your preferences by category. You can change your preferences at any time by clicking the cookie settings link in the footer of the Site.
You can also control cookies through your browser settings. Most browsers allow you to refuse cookies or to alert you when cookies are being sent. Disabling cookies may prevent certain features of the Site from working as intended.
7. Third parties we share your personal data with
Function does not sell, rent, or trade your personal data. We do not share your personal data with third parties for their own marketing purposes.
We do share personal data with the following categories of third party, who are required by contract, or by their own role as a controller, to keep your personal data secure and to use it only for the purposes described.
Provider
Purpose
Location of processing
GoHighLevel (HighLevel Inc)
Customer relationship management, newsletter and lead magnet delivery, contract management, e-signature, recurring payment subscriptions, and automation infrastructure.
United States
Stripe
Payment card processing for membership fees. Stripe acts as a separate data controller for the card data you provide. We do not store your card details.
United States, with UK and EU subsidiaries
WhatsApp (Meta Platforms)
Operational and membership communications by message. Meta is a separate data controller for the WhatsApp service.
United States, with UK and EU operations
Where relevant to your membership and our networking and content activity. LinkedIn is a separate data controller for your account data.
United States, with UK and EU operations
Google (Analytics and Workspace)
Where consented, Google Analytics for Site analytics. Google Workspace for our internal email and document infrastructure.
United States, with EU operations
Event partners and venues (including The Farm Club, Pickmere)
To deliver the events you attend, including access lists and any dietary or medical requirements you have provided for that event.
United Kingdom
Other Function members
Your contact details may be shared within the member community, with your consent, so that members can connect.
United Kingdom
Professional advisers
Solicitors, accountants and other professional advisers where we need their advice in relation to our business.
United Kingdom
Regulatory and law enforcement bodies
Where we are required by law to disclose data, including HMRC, the Information Commissioner's Office, the police and courts.
United Kingdom
If we ever need to add a new processor to this list, we will update this Privacy Policy and the effective date at the top of the document.
8. International data transfers
Several of our service providers (set out in section 7) are based in the United States. This means that your personal data may be transferred to, stored in and processed in countries outside the United Kingdom and the European Economic Area. The data protection laws in these countries may not provide the same level of protection as UK GDPR.
Whenever we transfer your personal data outside the United Kingdom, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is in place:
We transfer data to countries that have been deemed by the UK government to provide an adequate level of protection for personal data.
Where we use certain service providers, we use Standard Contractual Clauses approved by the UK Information Commissioner's Office, which provide personal data with the same protection it has in the United Kingdom.
Where we use providers based in the United States, we rely on the UK Extension to the EU-US Data Privacy Framework, where the provider is certified under it, or on Standard Contractual Clauses where they are not.
You can request a copy of the safeguards we have in place for any specific transfer by contacting us at [contact email].
9. How we protect your personal data
Function takes the security of your personal data seriously and applies the following technical and organisational measures to protect it:
All personal data is stored in password-protected systems with role-based access controls. Only authorised Function staff can access systems containing personal data, and access is limited to what each person needs to perform their role.
All systems require multi-factor authentication for access where the underlying platform supports it.
All personal data is encrypted in transit using industry-standard TLS encryption, and at rest where the underlying platform supports it.
Payment card data is processed by Stripe and is not stored on Function systems. Stripe is certified to the highest level of payment card industry security standards (PCI DSS Level 1).
We do not store passwords in plain text. All passwords are encrypted, hashed and salted in line with industry standards.
We use reputable third party providers (GoHighLevel, Stripe, Google) that maintain enterprise-grade security certifications.
Our team is briefed on data protection, information security and the requirements of UK GDPR.
Our team is trained on data protection, information security and the requirements of UK GDPR.
We have a breach notification process. If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within seventy-two (72) hours and notify you without undue delay where required by law.
Despite these measures, no system can be guaranteed to be completely secure. We continually review and improve our security practices, but the transmission of information over the internet is never fully without risk. You share your information with us at your own risk.
10. Your rights under UK GDPR
UK GDPR gives you a number of rights in relation to your personal data. These rights are:
The right to be informed. You have the right to be told how your personal data is being collected and used. This Privacy Policy provides that information.
The right of access. You have the right to ask for a copy of the personal data we hold about you (a 'subject access request').
The right to rectification. You have the right to ask us to correct inaccurate or incomplete personal data we hold about you.
The right to erasure (the 'right to be forgotten'). You have the right to ask us to delete personal data we hold about you, subject to certain exceptions (such as where we need to keep records for legal or accounting reasons).
The right to restrict processing. You have the right to ask us to limit how we use your personal data in certain circumstances.
The right to data portability. You have the right to ask for a copy of your personal data in a structured, machine-readable format, and to ask us to transmit it to another provider.
The right to object. You have the right to object to our processing of your personal data, including the right to object to direct marketing at any time.
Rights in relation to automated decision-making. You have the right not to be subject to a decision based solely on automated processing that has a legal or similarly significant effect on you. We do not make any such decisions about you.
The right to withdraw consent. Where we rely on your consent, you have the right to withdraw it at any time. This will not affect the lawfulness of any processing carried out before you withdrew your consent.
To exercise any of these rights, please email us at [contact email]. We will respond within one calendar month. We may need to verify your identity before fulfilling your request.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (the ICO), the supervisory authority in the United Kingdom for data protection matters. You can contact the ICO at ico.org.uk, by phone on 0303 123 1113, or by post at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom.
11. Marketing communications
Where you have subscribed to our newsletter or opted into a lead magnet, you may receive email marketing communications from us about Function, our content, our events and our offers. You can unsubscribe at any time by clicking the unsubscribe link in any email we send you, or by emailing us at [contact email].
Where you are an existing Function member, we may contact you about related services we think you may be interested in, on the basis of our legitimate interests and the soft opt-in under PECR Regulation 22. You can object at any time using the unsubscribe link or by emailing us.
Operational membership communications, including event details and confirmations, are sent by email and WhatsApp under the Membership Agreement. We do not send SMS marketing, and we do not share your contact details with third parties for their own marketing purposes.
12. Children's data
The Site and the Function membership are not directed at, nor intended for use by, children under the age of eighteen (18). We do not knowingly collect personal data from children under eighteen. If we become aware that we have collected personal data from a child under eighteen, we will delete it promptly. If you believe we hold data about a child under eighteen, please contact us at [contact email].
13. Third party websites
The Site may contain links to third party websites, including LinkedIn, social media platforms, podcast platforms and other external sites. Function is not responsible for the privacy practices or content of those third party sites. We encourage you to read the privacy policies of any third party sites you visit. This Privacy Policy applies only to personal data collected by Function.
14. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our business, the services we offer, or changes in data protection law. The most current version is always available on the Site. The effective date at the top of this document tells you when the Privacy Policy was last updated.
Where changes are material (for example, where we add a new category of processing, a new processor, or a new lawful basis), we will notify you by email (if we have your email address) or through a prominent notice on the Site before the changes take effect.
15. How to contact us
If you have any questions about this Privacy Policy, the way we handle your personal data, or you wish to exercise any of your rights under UK GDPR, please contact us:
