1. INTRODUCTION
This privacy notice explains how we collect and process personal data through your use of our website and our services, including when you contact us, purchase or access a programme, attend an event, or are invited to participate in training through your employer or organisation.
Our services are not aimed at children. If we ever receive personal data relating to a person under 18, this will normally be because a client or organisation has arranged training or services involving that individual, and we will handle that data carefully and in line with applicable legal and contractual requirements.
Mancroft International Ltd is the data controller, and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
Contact Details
Our full details are:
Full name of legal entity: Mancroft International Ltd
Product: The Winning Edge
Email address: data@winningedgemindset.com
Postal address: Manor Farm Barns, Norfolk, NR14 7PZ, UK
The information we hold about you must be accurate and up to date. Please let us know if at any time your personal information changes by emailing us at data@winningedgemindset.com.
2. WHAT DATA DO WE COLLECT ABOUT YOU, FOR WHAT PURPOSE AND ON WHAT GROUND WE PROCESS IT
Personal data means any information capable of identifying an individual. It does not include anonymised data.
We may process the following categories of personal data about you:
Communication Data includes any communication that you send to us, whether through the contact form on our website, by email, text, social media message, social media post, telephone, or any other form of communication. We process this data to communicate with you, keep records, respond to enquiries, manage our relationship with you, and establish, pursue or defend legal claims. Our lawful basis for this processing is our legitimate interests, namely to respond to communications, keep appropriate records, manage our business, and establish, pursue or defend legal claims.
Customer Data includes data relating to purchases, bookings, programme participation, services, or enquiries, such as your name, title, billing address, phone number, email address, organisation, job title, purchase details, booking details, attendance information, and payment-related information. We process this data to provide goods and/or services, manage bookings and attendance, administer programmes, process payments, keep records of transactions, and manage our relationship with you or the organisation arranging the service. Our lawful basis for this processing is performance of a contract, taking steps at your request before entering into a contract, legitimate interests, and/or legal obligation, depending on the context.
User Data includes data about how you use our website, online services, learning platforms, member areas, or other online resources, together with any data that you post, submit, or upload for publication or participation through our website or online services. We process this data to operate and administer our website and online services, provide access to relevant content, support participation in programmes, maintain backups, protect our systems, and manage our business. Our lawful basis for this processing is our legitimate interests, namely to administer our website, online services, programme delivery, security, and business operations.
Technical Data may include limited technical information needed to operate and secure our website and online services, such as device, browser, security, access, login-related, and system information. We process this data to keep our website and online services working properly, maintain security, troubleshoot issues, prevent unauthorised access, and support business continuity. Our lawful basis for this processing is our legitimate interests, namely to operate secure and reliable website, platform, and business systems. We do not use this data for advertising, profiling, or behavioural tracking.
Marketing Data includes your contact details, communication preferences, sign-up information, event or programme interest, attendance history, enquiry history, and prize draw or activity participation where relevant. We may use this data to send relevant communications about our events, programmes, resources, prize draws, services, or related opportunities where you have signed up, attended, enquired, purchased from us, participated in an activity, or where we otherwise have a lawful basis to contact you. This may include daily mindset emails, Mindset Reboot emails, post-course accountability emails, event updates, resources, prize draws, or programme-related communications where you have signed up or where the communication forms part of the service or programme experience.
Our lawful basis for this processing is either consent or legitimate interests, depending on the nature of the communication and our relationship with you. Our legitimate interests are to maintain appropriate business relationships, support participation in our programmes and events, and grow our business in a fair and proportionate way.
Where you enter a prize draw, competition or similar activity, we may use the information you provide to administer the activity, contact winners, manage participation, and meet any related legal or record-keeping requirements.
We do not use website tracking, advertising pixels, behavioural profiling, or online advertising tools to target marketing communications.
Sensitive Data
We do not intentionally collect special category data through our website. In some cases, we may process limited sensitive information where it is necessary to deliver services safely and appropriately, such as accessibility needs, dietary requirements, or information provided by a client or participant for training delivery. We only process this where there is a lawful basis and appropriate safeguards are in place.
Where we are required to collect personal data by law, or under the terms of the contract between us, and you do not provide us with that data when requested, we may not be able to perform the contract, for example, to deliver goods or services to you. If you do not provide us with the requested data, we may have to cancel a product or service you have ordered, but if we do, we will notify you at the time.
We will only use your personal data for the purpose it was collected for, or for a reasonably compatible purpose where necessary. For more information, please email us at data@winningedgemindset.com. If we need to use your details for an unrelated new purpose, we will let you know and explain the legal basis for processing.
We may process your personal data without your knowledge or consent where this is required or permitted by law.
We do not currently use AI or automated systems to make decisions about individuals that have legal or similarly significant effects. We do not carry out automated profiling. If this changes, we will review the use before implementation, update this notice where required, and put appropriate safeguards in place.
3. HOW WE COLLECT YOUR PERSONAL DATA
We may collect personal data directly from you, for example when you complete a form, contact us, email us, purchase or access a service, attend an event, enter a prize draw, participate in a programme, or communicate with us.
We may also receive personal data from your employer, organisation, client contact, event organiser, or another authorised party where they have arranged for you to attend one of our programmes, events, or services.
We may receive personal data from service providers that support our business, such as payment providers, IT service providers, learning platforms, customer relationship management systems, booking or event administration tools, and professional advisers.
We do not use website tracking, advertising pixels, behavioural profiling, or online advertising tools to collect or profile personal data. Our website platform may use strictly necessary technologies to operate, secure, and deliver the website and related services.
We may also receive limited personal data from publicly available sources, such as Companies House, professional websites, or business networking platforms, where relevant to our business relationship or services.
4. MARKETING COMMUNICATIONS
Our lawful basis for sending marketing communications is either your consent or our legitimate interests, depending on the nature of the communication and our relationship with you. Our legitimate interests include maintaining appropriate business relationships, supporting participation in our events and programmes, and growing our business in a fair and proportionate way.
Under the Privacy and Electronic Communications Regulations, we may send you marketing communications from us if (i) you made a purchase or asked for information from us about our goods or services or (ii) you agreed to receive marketing communications and in each case you have not opted out of receiving such communications since. Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However, you can still opt-out of receiving marketing emails from us at any time.
Before we share your personal data with any third party for their own marketing purposes we will get your express consent.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by emailing us at data@winningedgemindset.com at any time.
If you opt-out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as purchases etc.
5. DISCLOSURES OF YOUR PERSONAL DATA
We may have to share your personal data with the parties set out below:
-
Service providers who provide IT and system administration services.
-
Professional advisers including lawyers, bankers, auditors and insurers.
-
Government bodies that require us to report processing activities.
-
Third parties to whom we sell, transfer, or merge parts of our business or our assets.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
6. INTERNATIONAL TRANSFERS:
We are subject to the UK General Data Protection Regulation and the Data Protection Act 2018, which protect your personal data. Where we transfer personal data outside the UK, we will ensure that appropriate safeguards are in place. This may include:
- transferring data to a country or organisation that has been recognised as providing an adequate level of protection;
- using UK-approved contractual safeguards, such as the International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or other approved transfer mechanisms;
- using providers that participate in an approved data transfer framework, where applicable; or
- relying on another lawful transfer mechanism where permitted by data protection law.
We also review relevant supplier security, privacy and transfer information as part of our supplier due diligence process.
7. DATA SECURITY
We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.
8. DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
In many cases, client contact details, training records, attendance data, invoices, and payment records are retained for up to 7 years after final engagement, unless a longer or shorter period is legally or contractually required.
In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
9. YOUR LEGAL RIGHTS
Under data protection laws, you have rights in relation to your personal data. These may include the right to request access to your personal data, correction, erasure, restriction, transfer, objection to processing, data portability, and, where the lawful basis for processing is consent, the right to withdraw consent.
If you are within the UK, you can read more about these rights on the Information Commissioner’s Office website:
If you wish to exercise any of these rights, please email us at data@winningedgemindset.com.
You will not usually have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee, or refuse to comply with your request, if your request is clearly unfounded, repetitive or excessive.
We may need to request specific information from you to help us confirm your identity and confirm your right to access the personal data, or to exercise any of your other rights. This is a security measure to help ensure that personal data is not disclosed to anyone who has no right to receive it. We may also contact you to ask for further information in relation to your request so that we can respond properly.
We aim to respond to all legitimate requests within one month. Occasionally, it may take longer than one month if your request is particularly complex or you have made a number of requests. In that case, we will notify you.
Data Protection Complaints
If you are unhappy with how we have handled your personal data, you can raise a data protection complaint by contacting data@winningedgemindset.com. We will acknowledge your complaint within 30 days, investigate it, keep you informed where appropriate, and tell you the outcome.
If you are within the UK and are not happy with any aspect of how we collect and use your data, you also have the right to complain to the Information Commissioner’s Office, the UK supervisory authority for data protection issues: www.ico.org.uk. We would be grateful if you contacted us first so that we can try to resolve your concern.
If you are within the EU and are not happy with any aspect of how we collect and use your data, you also have the right to complain to the data protection authority of the country in which you are based. We would be grateful if you contacted us first so that we can try to resolve your concern.
10. THIRD-PARTY LINKS
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
11. COOKIES AND WEBSITE TECHNOLOGIES
We do not use cookies for advertising, behavioural tracking, profiling, or marketing analytics. Our website platform may use strictly necessary cookies or similar technologies to make the website work, keep it secure, support login or account access, process forms, or enable requested services.
We do not use Google Analytics, Meta/Facebook pixels, advertising pixels, or behavioural tracking tools on this website.
If we introduce analytics, advertising, tracking pixels, or other non-essential cookies in the future, we will update this notice and, where required, ask for consent before setting them.
Last Updated: June 2026
