Skip to main content

Privacy Policy

Last updated: April 2025

This Privacy Policy explains how ISO READY 360 collects, uses, and protects your personal data. It applies to all visitors and customers of isoready360.com. We are committed to handling your data transparently and in accordance with the UK GDPR and EU GDPR.

1. Data Controller

The data controller responsible for your personal data is:

ISO READY 360
Sole trader / freelance consultant
Operated by: Rounak Maheshwari
Email: support@isoready360.com
Website: https://isoready360.com

As a small sole-trader business, we are not required to appoint a formal Data Protection Officer (DPO). However, all privacy questions and requests are handled directly by Rounak Maheshwari. You can reach us at support@isoready360.com for any data-related enquiries.

2. What Personal Data We Collect

2.1 Data you provide directly

When you contact us, book a consultation, or submit a form on our website, we may collect:

  • Your full name
  • Your email address
  • Your company or organisation name
  • Your job title or role (if provided)
  • The content of your message or enquiry

2.2 Data collected via Gumroad (purchases)

When you purchase a template through our Gumroad store, Gumroad processes your payment and purchase data directly. ISO READY 360 receives limited post-sale data from Gumroad, which may include:

  • Your name and email address
  • The product(s) purchased
  • Purchase date and transaction reference

Gumroad's own privacy policy governs how they collect and process your payment and personal data during checkout. You can review it at gumroad.com/privacy.

2.3 Data collected via Cal.com (booking)

If you book a consultation call, we use Cal.com to manage scheduling. Cal.com will collect your name, email address, and any notes you provide at the time of booking. Cal.com's privacy policy governs their processing of that data. ISO READY 360 receives your booking details to prepare for and conduct the call.

2.4 Data collected automatically (analytics)

When you visit isoready360.com, certain technical data is collected automatically via analytics tools (see Section 7 on cookies). This may include:

  • IP address (anonymised or pseudonymised)
  • Browser type and version
  • Operating system
  • Pages visited and time spent on each page
  • Referral source (how you arrived at our site)
  • Click and scroll behaviour (via Microsoft Clarity heatmaps)

3. Why We Process Your Data and Our Legal Basis

Under the UK GDPR and EU GDPR, we must have a lawful basis for processing your personal data. The table below sets out what we use your data for and the legal basis we rely on.

Fulfilling a purchase or service request

Purpose: Delivering digital products you have purchased, processing order confirmation, and providing post-purchase support.
Legal basis: Performance of a contract (Article 6(1)(b) GDPR) — processing is necessary to deliver what you have paid for.

Responding to enquiries and bookings

Purpose: Replying to contact form submissions, email enquiries, and booked consultation calls.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR) — we have a legitimate business interest in responding to prospective and existing customers, and this does not override your rights.

Improving our website and services

Purpose: Using aggregated analytics data (Google Analytics, Microsoft Clarity) to understand how visitors use the site and improve it.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR) — subject to your consent where analytics cookies require it (see Section 7).

Legal and compliance obligations

Purpose: Retaining records of transactions for tax and accounting purposes.
Legal basis: Legal obligation (Article 6(1)(c) GDPR).

4. Third-Party Services and Data Sharing

We do not sell your personal data to third parties. We share data only with the following service providers where necessary to operate our business:

Gumroad (payment processing and digital delivery)

Gumroad processes all template purchases on our behalf. When you buy through our Gumroad store, Gumroad acts as the merchant and handles your payment and delivery. Gumroad is based in the United States and operates under standard contractual clauses and applicable data transfer mechanisms. Learn more: gumroad.com/privacy.

Cal.com (appointment scheduling)

We use Cal.com to allow you to book consultation calls. Your name, email, and booking details are shared with Cal.com to facilitate scheduling. Cal.com may store this data on their servers. Learn more: cal.com/privacy.

Google Analytics (web analytics)

We use Google Analytics to collect aggregated data about how visitors use our website. Google Analytics uses cookies and may transfer data to Google's servers, which may be located outside the EEA. We use IP anonymisation where available. Google Analytics is operated by Google LLC. Learn more: policies.google.com/privacy.

Microsoft Clarity (heatmaps and session recordings)

We use Microsoft Clarity to understand how users interact with our website through heatmaps and aggregated session data. Clarity may collect pseudonymised behavioural data. This tool is operated by Microsoft Corporation. Learn more: Microsoft Privacy Statement.

We will never disclose your personal data to any other third party without your explicit consent, unless required by law.

5. International Data Transfers

Some of our third-party service providers (including Gumroad, Google, and Microsoft) are based outside the European Economic Area (EEA) and the UK. Where your personal data is transferred outside these areas, we rely on appropriate safeguards to protect it. These safeguards include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • The UK International Data Transfer Agreement (IDTA) or addendum where applicable
  • The EU-US Data Privacy Framework or equivalent adequacy decisions where applicable

If you would like more information about the safeguards in place for any specific transfer, please contact us at support@isoready360.com.

6. Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected or as required by law. Our general retention periods are:

  • Purchase records and transaction data: 7 years (to comply with UK/EU tax and accounting obligations)
  • Enquiry and contact form data: Up to 2 years from the date of your last interaction with us
  • Consultation booking data: Up to 1 year after the date of the scheduled call
  • Analytics data: As configured within Google Analytics and Microsoft Clarity (typically 14 months for Google Analytics)

When data is no longer required, we delete or anonymise it in a secure manner. You may request early deletion of your data at any time (subject to legal retention obligations) — see Section 8 for how to do this.

7. Cookies and Tracking Technologies

What are cookies?

Cookies are small text files placed on your device when you visit a website. They help websites function correctly and allow us to understand how our site is used.

Cookies we use

Analytics cookies (Google Analytics): Used to collect aggregated information about how visitors use our site — pages visited, time spent, traffic sources. These are non-essential cookies and require your consent before being set.

Behaviour and heatmap cookies (Microsoft Clarity): Used to record pseudonymised interaction data (scroll behaviour, clicks, session replays) to help us improve the user experience. These are non-essential cookies and require your consent before being set.

Your cookie choices

Non-essential cookies are only placed after you give consent via our cookie consent banner. You can withdraw your consent at any time by clearing your cookies in your browser settings. Most browsers also allow you to block cookies entirely — please refer to your browser's help documentation for instructions. Note that disabling analytics cookies will not affect your ability to use our website or purchase our products.

8. Your Rights Under GDPR

If you are located in the EEA or UK, you have the following rights regarding your personal data:

Right of access (Article 15): You have the right to request a copy of the personal data we hold about you.

Right to rectification (Article 16): You have the right to ask us to correct inaccurate or incomplete personal data.

Right to erasure (Article 17): Also known as the "right to be forgotten" — you can request deletion of your personal data where there is no compelling reason for us to continue processing it.

Right to data portability (Article 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to restrict processing (Article 18): You can ask us to limit how we use your data in certain circumstances.

Right to object (Article 21): You have the right to object to processing based on legitimate interests. If you object to marketing communications, we will stop immediately.

Right to withdraw consent: Where we rely on your consent to process data (e.g. analytics cookies), you can withdraw it at any time without affecting the lawfulness of processing already carried out.

How to exercise your rights

To exercise any of the above rights, please email us at support@isoready360.com with your request. We will respond within one calendar month. We may need to verify your identity before fulfilling any request.

Right to complain

If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with your local data protection supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk. In the EU, you should contact the supervisory authority in your country of residence.

9. How We Protect Your Data

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These measures include using HTTPS encryption on our website, limiting access to personal data to only those who need it, and relying on reputable third-party providers that maintain their own robust security standards. However, no method of internet transmission is completely secure. If you have reason to believe that your data has been compromised, please contact us immediately at support@isoready360.com.

10. Children's Privacy

Our website and services are intended for business professionals and are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website or services after a change has been posted constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact:

ISO READY 360
Rounak Maheshwari
Email: support@isoready360.com
Website: https://isoready360.com