Privacy Policy and Cookie Policy for Handy CPD

Last Updated On: 6 September 2025

Effective Date: 6 September 2025

1. Introduction & Who We Are

Our Commitment: Handy CPD (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal data when you visit or make a purchase from our website https://handycpd.co.uk (the “Website”). This policy should be read in conjunction with our Terms and Conditions and Delivery Policy.

Data Controller: For the purpose of the UK General Data Protection Regulation (UK GDPR) and other relevant data protection laws, the data controller is Thomas Murray, Handy CPD, 43 Penhurst Way, England CV11 4XF, United Kingdom of Great Britain and Northern Ireland.

Contact for Data Protection: If you have any questions about this Privacy Policy or our data protection practices, please contact us via our “Contact Us” form on the Website, or by email at support@handycpd.co.uk.

2. What Personal Data We Collect

As you will be checking out as a guest, we do not require you to create an account. We collect personal data from you when you make a purchase, contact us, or browse our Website.

When you place an order: Your full name, your billing and delivery addresses, your email address, your telephone number (if provided), details of the products you have ordered (including physical books and/or our digital AI Assistant), and transaction details. We do not store your full payment card details; these are processed securely by our payment gateway.
When you contact us: Your name, your email address, and any other personal data you provide in your correspondence.
When you use our digital services: When you use the Handy CPD AI Assistant, any personal information you provide in your conversational prompts and inputs will be processed by a third-party Large Language Model (LLM) provider, such as OpenAI. We do not store this data.
When you browse our Website: Your IP address, browser type and version, operating system, and information collected through cookies.

3. How We Collect Your Data

We collect your personal data through various methods:

Directly from you: When you provide it to us by placing an order, filling in our contact form, or otherwise communicating with us.
Automatically: As you interact with our Website, we may automatically collect technical data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies and similar technologies.
Indirectly from you: When you use our Services (the AI Assistant), the data you input is processed by a third-party LLM provider.

4. How We Use Your Personal Data (and our Lawful Basis for Processing)

We will only use your personal data when the law allows us to.

To process and fulfil your order: This includes processing payments, arranging printing and delivery with our partners, and providing customer service. Lawful Basis: Performance of a contract with you.
To communicate with you: This involves sending order confirmations, dispatch notifications, and responding to your enquiries. Lawful Basis: Performance of a contract (for order-related communications); Legitimate interests (to respond to your enquiries and provide good customer service).
To provide and improve our Services (the AI Assistant): We use your input to the AI to deliver the Service as intended. The third-party LLM provider processes this data to generate a response. Lawful Basis: Performance of a contract with you.
To comply with our legal and regulatory obligations: This includes maintaining records for tax purposes and fraud prevention. Lawful Basis: Legal obligation.
For website security and fraud prevention: Protecting our Website and business against fraudulent activities. Lawful Basis: Legitimate interests.
To improve our Website, products, and services: Analysing how our Website is used via aggregated data or non-essential cookies (if you consent). Lawful Basis: Consent (for non-essential analytics cookies); Legitimate interests (for general service improvement).

We do not currently engage in direct marketing activities using your personal data. If we wish to do so in the future, we will only do so if you provide your explicit consent, and you will have the right to opt out at any time.

5. Who We Share Your Personal Data With

We do not sell your personal data to any third parties. To run our business and fulfil your orders and services, we may need to share your personal data with trusted third parties who provide services to us.

Our Printing and Dispatch Partner (Bookvault): We will share your name, delivery address, and order details (such as the book(s) ordered) to fulfil your physical orders.
Payment Gateway(s): When you make a purchase, your payment is processed by Woo Payments and Lemon Squeezy (for digital products). We do not store your full payment card details.
LLM Service Provider (e.g., OpenAI): When you interact with our custom GPT, the data you input (your conversational prompts and any personal data within them) is processed by the LLM provider. You should consult their privacy policy for details on how they process and handle your data.
Delivery Companies: Our printing partner (Bookvault) will share your name and delivery address with selected courier services (such as Yodel, DPD, Royal Mail) to deliver your order.
Transactional Email Provider: We use MailerSend to send essential transactional emails. Your name and email address will be processed by MailerSend for these purposes.
Analytics Providers: We may use analytics providers to help us understand how our Website is used, which may involve sharing your IP address and browsing data with them if you consent to analytics cookies.
Website Hosting Provider: Our website is hosted by Ionos. They may have incidental access to data stored on the servers they provide for our website.
Professional Advisers: Including our accountants, lawyers, and auditors, where necessary and under obligations of confidentiality.
Legal Authorities: If required by law, or in response to valid legal processes, we may disclose your personal data.

6. International Data Transfers

We primarily store and process your data within the United Kingdom. However, some third-party service providers (as listed in Section 5) may be based outside the UK or the European Economic Area (EEA), or may use servers located outside these areas. If your personal data is transferred outside the UK/EEA, we will take steps to ensure that appropriate safeguards are in place to protect your data.

7. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. Our Website uses SSL (Secure Socket Layer) technology to encrypt data. While we strive to protect your personal data, no method of transmission over the Internet is 100% secure. Any transmission of personal data is at your own risk.

8. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for.

Order Information: Personal data related to your orders will be retained for 7 years after the end of the financial year in which your order was placed to comply with legal obligations for tax purposes.
AI Assistant Input Data: We do not retain the data you input into the custom GPT. This data is handled by the third-party LLM provider in accordance with their privacy policy.
Contact Form Enquiries: We will keep a record of your correspondence for up to 2 years unless a longer period is required for legal reasons.
Analytics Data: Data collected for analytics purposes is typically anonymised or aggregated.

9. Your Data Protection Rights

Under UK data protection law, you have certain rights regarding your personal data, including the right to request access, correction, erasure, or restriction of your data. You also have the right to object to processing and, where we are relying on consent, to withdraw that consent.

If you wish to exercise any of these rights, please contact us at support@handycpd.co.uk, clearly stating “Data Protection Request” in your communication. We may need to verify your identity before we can respond to your request.

10. Cookies and Other Tracking Technologies

a. What are Cookies? This section explains what cookies are and how we use them, the types of cookies we use (i.e., the information we collect using cookies and how that information is used), and how to manage your cookie settings.

Cookies are small text files that are used to store small pieces of information. They are stored on your device when the website is loaded on your browser. These cookies help us make the website function properly, make it more secure, provide a better user experience, and understand how the website performs and to analyse what works and where it needs improvement.

b. How We Use Cookies As with most online services, our Website uses first-party and third-party cookies for several purposes. First-party cookies are mostly necessary for the website to function correctly, and they do not collect much of your personally identifiable data. The third-party cookies used on our Website are mainly for:

Understanding how the Website performs and how you interact with it (if you provide consent for Analytics cookies).
Keeping our services secure (e.g., via Google reCAPTCHA cookies, which are necessary).
Overall, providing you with a better and improved user experience and helping to speed up your future interactions with our Website.

c. Types of Cookies We Use We use the following types of cookies:

Strictly Necessary Cookies: These cookies are essential for you to browse the Website and use its features, such as our guest checkout process and security functions like Google reCAPTCHA. Our website cannot function properly without these cookies. They do not require your prior consent but are active to ensure site functionality.
Analytics Cookies: These cookies collect information about how visitors use our Website, such as which pages are visited, the source of the visit, and other user actions. This information is used to help us understand user behaviour, improve our Website, and enhance the visitor experience. These cookies are only set if you give us your explicit consent to do so via our cookie consent banner.
Performance Cookies: These cookies are used to understand and analyse the key performance indicators of the website, which helps in delivering a better user experience for the visitors.
Advertisement Cookies: These cookies are used to provide visitors with customised advertisements based on the pages you have visited previously and to analyse the effectiveness of the ad campaigns.

d. Specific Cookies Used on Our Website The following is a list of the main cookies currently used on https://handycpd.co.uk, based on our last review on [28/5/2025]:

Cookie	Duration	Description
Strictly Necessary		Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
`rc::a`	Never Expires	This cookie is set by the Google reCAPTCHA service to identify bots to protect the website against malicious spam attacks.
`wpEmojiSettingsSupports`	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user’s browser can display emojis properly.
`rc::c`	session	This cookie is set by the Google reCAPTCHA service to identify bots to protect the website against malicious spam attacks.
`wp_consent_preferences`	1 month	WP Consent API sets this cookie to save users’ consent choices for different types of cookies on the website.
`wp_consent_statistics`	1 month	WP Consent API sets this cookie to collect anonymous data on website usage to help analyse and enhance the site’s performance.
`wp_consent_statistics-anonymous`	1 month	WP Consent API sets this cookie to understand how the website is used.
`wp_consent_functional`	1 month	WP Consent API sets this cookie to remember user preferences for essential website functionalities.
`wp_consent_marketing`	1 month	WP Consent API sets this cookie to record user consent choices for marketing cookies.
`cookieyes-consent`	1 year	CookieYes sets this cookie to remember users’ consent preferences so that their preferences are respected on subsequent visits to this site.
`wp_woocommerce_session_*`	2 days	WooCommerce sets this cookie to make a unique code for each customer so that it knows where to find the cart data in the database for each one.
`m`	1 year 1 month 4 days	Stripe sets this cookie for fraud prevention purposes. It identifies the device used to access the website.
`__stripe_mid`	1 year	Stripe sets this cookie to set a unique session identifier to recognise users across sessions.
`__stripe_sid`	1 hour	Stripe sets this cookie to set a unique session identifier for a single session.
`__cf_bm`	1 hour	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
`_GRECAPTCHA`	6 months	Google reCAPTCHA service sets this cookie to identify bots to protect the website against malicious spam attacks.
`rc::f`	Never Expires	This cookie is set by the Google reCAPTCHA service to identify bots to protect the website against malicious spam attacks.
`rc::b`	session	This cookie is set by the Google reCAPTCHA service to identify bots to protect the website against malicious spam attacks.
Analytics		Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
`tk_or`	1 year 1 month 4 days	JetPack plugin sets this referral cookie on sites using WooCommerce, which analyses referrer behaviour for Jetpack.
`tk_r3d`	3 days	JetPack installs this cookie to collect internal metrics for user activity and improve user experience.
`tk_lr`	1 year	JetPack plugin sets this referral cookie on sites using WooCommerce, which analyses referrer behaviour for Jetpack.
`_ga`	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site’s analytics report.
`_ga_*`	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
`_gcl_au`	3 months	Google Tag Manager sets the cookie to experiment with advertisement efficiency.
`tk_ai`	1 year 1 month 4 days	JetPack sets this cookie to store a randomly-generated anonymous ID used only within the admin area and for general analytics tracking.
`tk_qs`	1 hour	JetPack sets this cookie to store a randomly-generated anonymous ID used only within the admin area and for general analytics tracking.
`tk_tc`	session	JetPack sets this cookie to record details on how users use the website.
Performance		Performance cookies are used to understand and analyse the key performance indexes of the website which helps in delivering a better user experience for the visitors.
`__cflb`	1 hour	This cookie is used by Cloudflare for load balancing.
Advertisement		Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
`test_cookie`	15 minutes	doubleclick.net sets this cookie to determine if the user’s browser supports cookies.
`NID`	6 months	Google sets the cookie for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
`IDE`	1 year 24 days 1 minute	Google DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile.

Export to Sheets

e. Managing Your Cookie Preferences & Consent When you first visit our Website, you will be presented with a cookie consent banner. This banner allows you to provide your consent for the use of non-essential cookies (such as Analytics cookies). Strictly Necessary cookies do not require your consent as they are essential for the site to function, but they are declared here for transparency.

You can change your cookie preferences or withdraw your consent for non-essential cookies at any time by clicking the “Cookie Settings” button or link (this is usually accessible via a persistent icon or link in the footer of our website, managed by our CookieYes tool). This will allow you to revisit the cookie consent banner and adjust your preferences.

In addition to our consent tool, different web browsers provide various methods to block and delete cookies used by websites. You can change the settings of your browser to block or delete cookies. For more information on how to manage and delete cookies from major web browsers, please see the following links:

If you are using any other web browser, please consult your browser’s official support documents. Blocking all cookies may affect the functionality of many websites, including ours.

11. Links to Other Websites

Our Website may contain links to other websites. We are not responsible for the privacy practices or content of these external sites. You should exercise caution and review the privacy policy of any other website you visit.

12. Complaints

If you have a concern about our use of your information, please contact us in the first instance at support@handycpd.co.uk. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post any changes on this page and update the “Last Updated” date at the top of the policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.