Chase & Marshal takes your privacy seriously. This policy sets out — in plain English — what data we collect, why, who we share it with, and the rights you have under the New Zealand Privacy Act 2020 and the EU GDPR.
Information We Collect
Personal Information: When you register, buy, or contact us, we collect your name, email, phone, company name and billing details.
Usage Data: We log how you use the site — IP address, browser type, pages visited and time on page.
Cookies: We use cookies to remember preferences and to measure traffic. See our Cookie Policy for the full list.
How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain our services
- Process transactions and send related information
- Send you newsletters, marketing communications, and updates (with your consent)
- Respond to your comments, questions, and customer service requests
- Analyse usage patterns to improve our website and services
- Detect, prevent, and address technical issues or fraudulent activity
Lawful Bases for Processing
Under the UK and EU General Data Protection Regulation (GDPR), we are required to identify a lawful basis for each category of personal data processing. The table below sets out the basis we rely on for each type of activity.
Contract Performance
We process data because it is necessary to fulfil the contract we have with you, or to take steps at your request before entering into a contract.
- Creating and managing your user account
- Processing purchases and payments
- Delivering training courses and digital products
- Providing customer support
Consent
You have given clear consent for us to process your data for these specific purposes. You can withdraw consent at any time.
- Sending marketing emails and newsletters
- Analytics cookies (e.g. Google Analytics, Hotjar, Contentsquare)
- Personalisation and retargeting advertising
Legitimate Interests
We process data where we have a legitimate business interest, provided that interest is not overridden by your rights and freedoms.
- Security logging and fraud prevention
- Analysing aggregate usage patterns to improve our services
- Protecting our legal rights and enforcing our terms
- Communicating important service updates to existing customers
Data Security
We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit and at rest
- Regular security assessments and audits
- Access controls and authentication measures
- Secure data storage with reputable cloud providers
Third-Party Sub-processors
We engage the following key sub-processors to help deliver our services. Data Processing Agreements (DPAs) are in place with each vendor to ensure your data is handled in compliance with applicable data protection law.
| Vendor | Role | Location | DPA |
|---|---|---|---|
| Stripe | Payment processing | United States | In place |
| OpenAI | AI-powered features (e.g. scoring, chatbots) | United States | In place |
| Brevo (Sendinblue) | Transactional and marketing email delivery | France / EU | In place |
| Hotjar | Session recording and heatmap analytics | Malta / EU | In place |
| Google Analytics | Website traffic analytics | United States | In place |
| Contentsquare | Digital experience analytics | France / EU | In place |
| Replit | Cloud hosting and infrastructure | United States | In place |
Your Data Rights
Under GDPR (and the equivalent UK GDPR), you have six core rights over your personal data. These apply regardless of whether you are based in the EU or the UK.
Right of Access
You have the right to request a copy of the personal data we hold about you and information about how we process it.
Right to Erasure
You may ask us to delete your personal data where there is no compelling reason to continue processing it. Also known as the 'right to be forgotten'.
Right to Rectification
You have the right to have inaccurate or incomplete personal data corrected.
Right to Data Portability
You can request that we transfer your personal data to you or to another organisation in a structured, machine-readable format.
Right to Restriction of Processing
In certain circumstances you can ask us to temporarily pause processing your data while a query is resolved.
Right to Object
You have the right to object to processing based on legitimate interests or for direct marketing purposes.
How to exercise your rights
You can submit a Data Subject Request using the form below, or email us directly at team@chasemarshal.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request.
If you believe we have not handled your request correctly, you have the right to lodge a complaint with your local data protection authority — for example, the ICO (UK) or your EU member state's supervisory authority.
Submit a Data Subject Request
Use the form below to submit your request. You will receive a confirmation email, and we will respond within 30 days. If you prefer, you can email us directly at team@chasemarshal.com.
Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at:
Your Cookie Preferences
You can view and update your cookie preferences at any time. Your choices take effect immediately without requiring a page reload.
Policy Updates
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.