Privacy Policy

The Expansion Room Vault

Privacy Policy

1. Introduction

This Privacy Policy explains how [Business/Legal Entity Name] (“we”, “us”, “our”), the operator of The Expansion Room Vault (“the Vault”), collects, uses and protects your personal data when you register for and use our membership service.

We are committed to protecting your privacy and handling your data in line with the General Data Protection Regulation (GDPR) and Irish data protection law.

2. Who We Are

The Expansion Room Vault is operated by Aisling Owens Nash and Laura Staunton, based at Edenderry, Ireland. For any data protection queries, contact us at [email protected].

3. What Information We Collect

We may collect the following personal data when you interact with the Vault:

Identity and contact data: name, email address, and any other details provided at sign-up.

Account data: username, encrypted password, membership status, and login activity.

Payment data: billing details processed by our third-party payment provider, Stripe / PayPal. We do not store your full card details ourselves.

Usage data: how you use the Vault, including pages viewed, content accessed, and login frequency - used in part to detect shared logins and unauthorised access in line with our Terms and Conditions.

Communications: any messages, queries, or feedback you send to us.

4. How We Use Your Information

We use your personal data to:

create and manage your membership account;

provide you with access to the Vault and its content;

process payments and manage billing;

communicate with you about your membership, including updates, new content, and administrative matters;

send you marketing communications, where you have given consent, which you may withdraw at any time;

monitor account usage to protect our intellectual property and that of the contributors and detect unauthorised sharing of login credentials;

comply with our legal and regulatory obligations.

5. Legal Basis for Processing

We process your data on the following legal bases under GDPR:

Contract - to provide the membership service you have signed up for.

Consent - for marketing communications, which you can withdraw at any time.

Legitimate interests - to protect our content and intellectual property, improve our service, and maintain the security of the Vault.

Legal obligation - where we are required to retain or disclose information by law.

6. Sharing Your Information

We do not sell your personal data. We may share your information with:

trusted third-party service providers who help us operate the Vault, such as our membership platform host, email provider, and payment processor;

guest experts, only where necessary and limited to what is required for the operation of the Vault, such as aggregated, non-identifiable engagement statistics;

legal or regulatory authorities, where required by law.

All third parties are required to handle your data securely and only for the purposes we specify.

7. International Data Transfers

Some of our service providers may be based outside the European Economic Area (EEA). Where this is the case, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses, to protect your data.

8. Data Retention

We retain your personal data for as long as your membership is active, and for a reasonable period afterwards to meet our legal, accounting, and administrative requirements. We delete or anonymise your data when it is no longer needed.

9. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse, including secure password storage, restricted access to systems, and monitoring of account activity.

10. Your Rights

Under GDPR, you have the right to:

access the personal data we hold about you;

request correction of inaccurate data;

request deletion of your data, where applicable;

restrict or object to certain processing;

request a copy of your data in a portable format;

withdraw consent for marketing at any time.

To exercise any of these rights, contact us at [email protected]. You also have the right to lodge a complaint with the Irish Data Protection Commission (www.dataprotection.ie) if you believe your data has been mishandled.

11. Cookies

If the Vault or its associated website uses cookies or similar tracking technologies, we will inform you of this and seek your consent where required, in line with applicable e-privacy laws.

12. Children’s Privacy

The Vault is intended for adults aged 18 and over. We do not knowingly collect personal data from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any material changes will be communicated to members. The “last updated” date below reflects the most recent version.

14. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at [email protected].