Data & Privacy
Policy

Section 01 — What Data We Collect

The Personal Data We Collect and Why

Section 02 — How We Use Your Data

The Specific Ways Your Data Is Used

Your personal data is used only for the purposes described below. The Provider does not engage in data practices that are inconsistent with the reason the data was collected.

• — To deliver the service: Your identity, contact, assessment response, and professional data are used to generate your personalised structural report and deliver it to your inbox
• — To communicate with you: Your email address is used to send your report, scheduling confirmations, payment receipts, and any other communications directly related to your engagement
• — To send The Structural Briefing: By completing a free assessment or subscribing, you consent to receive The Structural Briefing — the Provider's weekly intelligence publication. You may unsubscribe at any time using the link in any email.
• — To improve services: Aggregated, anonymised assessment response data may be used to identify patterns that help the Provider improve its assessment tools and report frameworks. Individual responses are never published or shared in identifiable form.
• — To maintain legal and financial records: Payment data and engagement records are retained as required by applicable tax and corporate law
• — To protect the Provider's rights: In the event of a legal dispute, relevant communications and engagement records may be used to protect the Provider's legal interests
• — To personalise future communications: Professional data (role, country, what you are building) may be used to send targeted content relevant to your specific institutional context. This personalisation is always based on data you have voluntarily provided.

Section 03 — How We Do Not Use Your Data

What the Provider Will Never Do With Your Data

• Your personal data — including your name, email, and assessment responses — will never be sold to any third party under any circumstances
• Your assessment responses will never be published, shared publicly, or used in any marketing material in identifiable form without your explicit written consent
• Your data will never be shared with advertisers for targeting purposes
• Your data will never be used to train any artificial intelligence or machine learning model
• Your contact information will never be used to send marketing communications unrelated to the services you have engaged with, without your consent
• Your data will never be transferred to a jurisdiction with weaker data protection standards without appropriate safeguards in place

Section 04 — Data Sharing

When and With Whom Data Is Shared

The Provider shares personal data only in the following limited and specific circumstances:

• — Service providers: The Provider uses third-party tools for email delivery (e.g. Mailchimp or equivalent), payment processing (e.g. Stripe), website hosting, and form processing. These providers receive only the data necessary to perform their specific function and are bound by data processing agreements. They are not permitted to use your data for any other purpose.
• — Legal requirements: The Provider may disclose personal data if required to do so by law, court order, or regulatory authority — and only to the extent strictly required by such obligation.
• — Business transfer: In the unlikely event that Irevia Holdings is sold, merged, or restructured, Client data may be transferred to the successor entity. Clients will be notified of any such transfer in advance.
• — With explicit consent: The Provider will share your data with any other party only with your explicit, informed, written consent.

Assessment response data is never shared with any third party, including service providers, except where the data is used in aggregated, non-identifiable form for service improvement purposes.

Section 05 — Data Retention

How Long We Keep Your Data

After the retention period expires, data is securely deleted or anonymised. The Provider does not retain personal data beyond the periods stated above without the Client's explicit consent.

Section 06 — Your Rights

Your Data Rights Under Applicable Law

Depending on your jurisdiction, you may have some or all of the following rights in relation to your personal data:

• — Right of Access: You have the right to request a copy of the personal data the Provider holds about you
• — Right of Rectification: You have the right to request correction of any inaccurate or incomplete personal data the Provider holds about you
• — Right to Erasure: You have the right to request deletion of your personal data in certain circumstances — subject to the Provider's legal obligations to retain certain records
• — Right to Restrict Processing: You have the right to request that the Provider limits how it uses your data in certain circumstances
• — Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format where technically feasible
• — Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes at any time. You may also object to processing based on the Provider's legitimate interests.
• — Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal
• — Right to Lodge a Complaint: You have the right to lodge a complaint with the relevant data protection authority in your jurisdiction

To exercise any of these rights, submit your request in writing to legal@euniceirewole.com. The Provider will respond within 30 calendar days. The Provider may request proof of identity before processing your request.

Section 07 — Data Security

How We Protect Your Data

The Provider implements appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL protocols across all Provider websites and platforms
• Access controls limiting personal data access to authorised personnel only
• Regular review of data handling practices and third-party service provider security standards
• Secure deletion protocols for data that has reached the end of its retention period
• Payment card data is processed exclusively by PCI-DSS compliant payment processors — the Provider does not store card numbers or CVV codes

No method of data transmission or storage is 100% secure. In the unlikely event of a data breach that poses a risk to your rights and freedoms, the Provider will notify affected individuals and relevant authorities in accordance with applicable law — within 72 hours where required.

Section 08 — Cookies and Tracking

How We Use Cookies and Tracking Technologies

The Provider's website uses cookies and similar tracking technologies to provide and improve the platform. The following types of cookies are used:

• — Essential cookies: Required for the website to function. Cannot be disabled. These include session cookies that keep you logged in and security cookies that protect against fraud.
• — Analytics cookies: Used to understand how visitors use the website — which pages are visited, how long visitors stay, and where they navigate from. This data is collected in aggregated, anonymised form. The Provider uses Google Analytics or equivalent. You may opt out of analytics tracking via your browser settings.
• — Marketing cookies: Used to measure the effectiveness of the Provider's marketing activities. These cookies are only set where the Client has given explicit consent through the cookie consent mechanism.
• — Preference cookies: Used to remember your settings and preferences to improve your experience on return visits.

You may manage your cookie preferences through your browser settings or through any cookie consent tool displayed on the Provider's website. Disabling certain cookies may affect the functionality of the website.

Section 09 — International Data Transfers

How We Handle Cross-Border Data

The Provider is based in Canada and operates platforms serving clients internationally, particularly in the United States, United Kingdom, and across Africa, Europe, and the Asia-Pacific region.

When personal data is transferred across international borders, the Provider ensures appropriate safeguards are in place in accordance with applicable data protection law — including standard contractual clauses where required for transfers from the European Economic Area or United Kingdom.

Third-party service providers used by the Provider may be located in Canada, the United States, or the European Union. The Provider selects only service providers that meet adequate data protection standards for international transfer purposes.

Section 10 — Children's Data

Age Restrictions

The Provider's products and services are designed exclusively for business professionals and institutional builders aged 18 and over. The Provider does not knowingly collect personal data from individuals under the age of 18. If the Provider becomes aware that personal data from a minor has been collected, it will be deleted immediately.

If you believe that a minor has provided personal data to the Provider, please contact legal@euniceirewole.com immediately.

Section 11 — Policy Updates

How This Policy May Change

The Provider reserves the right to update this Data & Privacy Policy at any time to reflect changes in applicable law, data practices, or business operations. The most current version will always be available at euniceirewole.com/legal.

Material changes to this policy will be communicated to Clients via email at least 14 days before the changes take effect. Continued use of the Provider's products and services after the effective date of any change constitutes acceptance of the updated policy.