Privacy Policy

Intogreat Ltd (“Intogreat”, “Us”, “We”, or “Our”) understands the importance of your privacy and that you want to clearly understand how your Personal Data is used. We respect and value the privacy of everyone who visits this website, www.transformintogreat.net (“Our Site” or “Site”), the Intogreat platform (“Our Platform”), uses the offered services (“Our Services” or “Services”) and buys the offered products ("Our Products" or "Products"). We will only collect and use Personal Data in ways that are described here, and in a way that is consistent with our obligations and your rights under all relevant data privacy laws.

This Privacy Policy explains how we collect, use, store, protect and share personal data when you use our Site, Platform, Products and Services. If you are a member of our Platform, please read this Privacy Policy alongside the LearnWorlds Privacy Policy. We are not responsible for the data processing activities of LearnWorlds.

This Privacy Policy is intended for individuals in the United Kingdom and is designed to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations.

Effective date:  27th January 2026

Who We Are and How to Contact Us

The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is Intogreat Ltd

Registered address: Suite 6a, 10 Duke Street, Liverpool L1 5AS, UK

Telephone: +44 (0) 7597 487 220

General and privacy enquiries email: hello@intogreat.net

Data Protection Officer (DPO)

We have assessed our obligations and, at present, a statutory Data Protection Officer is not required. If you have questions about this assessment or wish to contact the person responsible for privacy matters, please email hello@intogreat.net or write to the address above, marked “Privacy”.

The Personal Data We Collect

• Identity and contact data: name, title, email address, telephone number, location, and similar identifiers. We may collect your name, first name, surname, telephone/mobile number, email address, and location through contact forms, assessments and sign-up forms.

• Technical and usage data: IP address, browser type and version, operating system, referrer URL, pages visited, date and time of access, and similar diagnostic data. When you access our Site and Platform, systems may collect browser type and version, operating system, internet service provider, IP address, date and time of access, referrer URLs, and pages visited, and store this in log files.

• Marketing and communications data: newsletter preferences, consent records, and engagement data. For newsletter subscription we collect email address, name, first name, IP address, and the date and time of registration using a double opt-in process.

• Inquiry and correspondence data: contents of emails and contact form submissions. If you contact us by email or via our contact form, we will process the personal data transmitted with your message solely to handle the conversation.

• Assessment data: responses to assessments and related analytics. When completing a free assessment, we collect name, email address, IP address, and the date and time of completion, and we process and analyse the data to provide a customised report and aggregated insights.

• Cookies and similar technologies: information stored and retrieved from your device to support functionality, analytics, and marketing. We use cookies to make our Site more user-friendly and may also use cookies for analysis and other than technically necessary purposes with user consent

How We Collect Personal Data

We collect data directly from you (for example, when you complete forms, subscribe to newsletters, apply for membership, respond to assessments, or contact us), automatically through your use of our Site, Platform, Products and Services (for example, through log files and cookies), and from third-party tools integrated into our Site. Our Site automatically collects certain technical data and stores it in server log files when you visit.

Our Purposes and Legal Bases for Processing

We process personal data only where we have a lawful basis. Below we explain the purposes and the corresponding legal bases:

• Operating our Site and Platform, providing content, ensuring security, and diagnosing issues: legitimate interests (ensuring functionality, security, and performance). The temporary storage of IP addresses and log files is necessary to enable delivery of the website and to ensure functionality, and is based on Article 6(1)(f) GDPR.

• Managing cookies and similar technologies:

– Strictly necessary cookies: legitimate interests (functionality and security).

– Analytics/marketing cookies: consent. Users are informed about the use of cookies for analysis and other than technically necessary purposes and consent is obtained for such cookies The legal basis for technically necessary cookies is Article 6(1)(f) GDPR.

• Sending newsletters and marketing communications: consent; proof of consent via double opt-in is supported by our legitimate interests. The legal basis for sending newsletters after registration is Article 6(1)(a) GDPR, and processing of double opt-in metadata is based on Article 6(1)(f) GDPR.

• Responding to enquiries and providing customer support: consent where obtained via forms; legitimate interests in managing correspondence; contract where inquiries relate to pre-contractual steps. For contact form submissions, the legal basis is Article 6(1)(a) GDPR; if the contact aims at concluding a contract, Article 6(1)(b) GDPR applies.

• Delivering assessments, reporting results, and generating aggregated insights: consent. Assessment data is processed on the basis of Article 6(1)(a) GDPR and used to provide customised reports, with aggregated data used to derive insights.

• Payment processing: performance of a contract and legitimate interests in secure transactions; certain processing by our payment processor is carried out on our behalf. Stripe is our third-party payment processor and assists us in processing your payment information securely.

• Social media engagement and communications via our pages: consent for user actions on our pages and our legitimate interests in communications and brand presence. Our presence in social media is used for communication and information exchange with (potential) customers and is based on Article 6(1)(a) GDPR for user interactions.

• Compliance with legal obligations and enforcement of rights: legal obligation; legitimate interests in protecting our rights and those of others. We may release information where appropriate to comply with the law, enforce our Site policies, or protect our or others’ rights.

Where we rely on consent, you may withdraw it at any time. The revocation of consent does not affect the lawfulness of processing carried out based on consent before its withdrawal.

Children and Age of Consent

Our Site, Products, Platform and Services are not intended for children under the age of 18 years. We do not knowingly collect personal data from children under 18. In the United Kingdom, you must be at least 13 years of age to consent to processing of your personal information. In some other countries, a higher age may apply. If you believe a child under 13 has provided personal data, please contact us immediately at hello@intogreat.net.

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller, subject to the relevant exceptions:

1. Right of information

You may request confirmation from the Controller as to whether personal data concerning you are being processed by the company. If such processing is taking place, you can request the following information from the Controller:

  1. The purposes for which the personal data are processed.
  2. The categories of personal data which are processed.
  3. The recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed.
  4. The planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage duration.
  5. The existence of a right to rectify or erase personal data concerning you, a right to have processing restricted by the controller or a right to object to such processing.
  6. The existence of a right of appeal to a supervisory authority.
  7. Any available information on the origin of the data if the personal data are not collected from the data subject.
  8. The existence of automated decision-making, including profiling, pursuant to Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information on whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2.  Right of rectification

You have a right of rectification and/or completion towards the Controller if the personal data processed concerning you is inaccurate or incomplete. The Controller shall rectify the data without undue delay.

3. Right to restrict processing
You can request the restriction of the processing of personal data concerning you under the following conditions:

  1. If you contest the accuracy of the personal data concerning, you for a period which enables the Controller to verify the accuracy of the personal data.
  2. The processing is unlawful, and you refuse the erasure of the personal data and instead request the restriction of the use of the personal data.
  3. The Controller no longer needs the personal data for the purposes of the processing, but you need it for the establishment, exercise or defence of legal claims.
  4. If you have objected to the processing in accordance with Article 21 (1) of the GDPR and it has not yet been determined whether the legitimate reasons of the Controller prevail over your reasons.

Where the processing of personal data relating to you has been restricted, that data may be processed, except for storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the Controller before the restriction is removed.

4. Right of deletion

You may request the Controller to delete the personal data concerning you without delay and the Controller is obliged to delete such data without delay if one of the following reasons applies:

  1. The personal data concerning you is no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You withdraw your consent on which the processing was based pursuant to Art. 6 (1) sentence 1 lit.(a) or Art. 9 (2) lit. a GDPR and there is no other legal basis for the processing.
  3. You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
  4. The personal data concerning you have been unlawfully processed.
  5. The erasure of personal data concerning you is necessary for compliance with a legal obligation to which the Controller is subject.
  6. The personal data concerning you has been collected in relation to information society services offered in accordance with Article 8(1) of the GDPR.

Where the Controller has made the personal data public and is obliged pursuant to Article 17 paragraph 1 GDPR to erase the personal data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps including technical measures, to inform Controllers which are processing the personal data that the data subject has requested the erasure by such Controllers of any links to, or copy or replication of, those personal data.

5. Right to be informed

If you have asserted the right to rectification, erasure, or restriction of processing against the Controller, the Controller is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed of these recipients by the Controller.

6. Right of data portability

You have the right to receive the personal data concerning you that you have provided to the Controller in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the Controller to whom the personal data has been provided, provided that:

  1. The processing is based on consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) sentence 1 lit. b GDPR; and
  2. The processing is carried out with the assistance of automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller. We will respond to requests regarding your rights without undue delay and in any event within one month of receipt.

7. Right of objection
You have the right to object at any time, based on reasons arising from your particular situation to the processing of personal data relating to you which is carried out on the basis of Art. 6 (1) sentence 1 lit. e or f of the GDPR; this also applies to profiling based on these provisions.

The Controller shall no longer process the personal data relating to you unless it can demonstrate compelling legitimate reasons for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising, or defending legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility, in the context of the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent until the revocation.

9. Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

  1. Is necessary for the conclusion or performance of a contract between you and the responsible person.
  2. Is permitted by legislation of the country to which the Controller is subject, and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests.
  3. Is done with your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Article 9 (1) of the GDPR, unless Article 9 (2)(a) or (b) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

Use of cookies

Our Site uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user calls up a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies and similar technologies to make our Site more user-friendly, in particular to enable core functionality and improve user experience (strictly necessary), and for analytics, audience measurement, and marketing where you consent. Some elements of our Site require that the calling browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

  1. Accessibility settings.
  2. Frequency of page views.
  3. Use of website functions.

The user data collected in this way is pseudonymized by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the user.

When calling up our Site, the user is informed about the use of cookies for analysis and other than technically necessary purposes. The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) sentence 1 lit. f GDPR. Cookies are stored on the user’s computer and transmitted to our Site by the user. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our Site, it may no longer be possible to use all the functions of the Site to their full extent.

Hosting

The Site is hosted on servers provided by our service provider. Our service provider is: Webflow Rank, 398 11th Street, San Francisco, United States. The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is:

  • Browser type and browser version.
  • Operating system used.
  • Referrer URL.
  • Host name of the accessing computer.
  • Date and time of the server request.
  • IP address.

This data is not merged with other data sources. The collection of this data is based on Art. 6 (1) lit. f GDPR. The Site operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be collected. The location of the server of the Site is geographically in Ireland. Where your personal data is transferred outside the United Kingdom or European Economic Area, we ensure such transfers take place in accordance with data protection laws, using standard contractual clauses or relying on adequacy decisions as appropriate. If your data is processed outside the UK/EEA it will be done so only where necessary and in compliance with applicable safeguards.

LearnWorlds

We use LearnWorlds (CY) Ltd, Gladstonos 120, Foloune Building, 2nd Floor, B1, Limassol, 3032, Cyprus. to host our Platform. You can read their privacy policy. for more details.

Their servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is:

  • Browser type and browser version.
  • Operating system used.
  • Referrer URL.
  • Host name of the accessing computer.
  • Date and time of the server request.
  • IP address.

This data is not merged with other data sources. The collection of this data is based on Art. 6 (1) lit. f GDPR. LearnWorlds has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be collected.

Plug-ins used

We use Zapier, Hubspot, Google Analytics, Microsoft, Stripe and other applications as plug-ins on our Site, which are a suite of web analysis services that examine, among other things, the origin of visitors, the time they spend on individual pages and the use of search engines, thus allowing better monitoring of the success of advertising campaigns.

We also use an integrated software solution to cover various aspects of our online marketing. These include, among others: email marketing (newsletters and automated mailings, e.g., to provide downloads), social media publishing and reporting, reporting (in particular traffic sources, accesses, etc.), contact management (in particular user segmentation & CRM), landing pages and contact forms.

These applications may place cookies on your computer. This allows personal data to be stored and analysed, the user’s activity (especially which pages have been visited and which elements have been clicked on), device and browser information (especially the IP address and operating system). The information generated by the cookie about your use of this Site will be transmitted to and stored on servers in the United Kingdom and European Economic Area.

The purpose of the processing of personal data is to specifically address a target group that has already expressed an initial interest by visiting the Site. The legal basis for the processing of users’ personal data is generally the user’s consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR. You can prevent the collection as well as the processing of your personal data by these applications by preventing third-party cookies from being stored on your computer, by using the “Do Not Track” function of a supporting browser, by deactivating the execution of script code in your browser.

We use Stripe Inc. 354 Oyster Point Blvd South San Francisco, CA 94080 United States as our third-party payment processor who assists us in processing your payment information securely.  You can obtain further information on the processing of your personal data by Stripe Inc. here: https://stripe.com/gb/privacy

How Long We Keep Your Data

We keep personal data only as long as necessary for the purposes described below or as required by law. Specific retention periods/criteria:

• Site logs: retained for up to seven days, or longer where necessary for fraud prevention and security, after which IP addresses are deleted or anonymised. Log file data are deleted after seven days at the latest, with possible longer storage for fraud prevention and in that case IP addresses are deleted or alienated.

• Contact enquiries: retained until the enquiry is resolved and for 12 months thereafter for reference and audit, then deleted. Personal data sent by email or via contact form are deleted when the conversation has ended, and additional data collected during sending are deleted after seven days.

• Newsletter data: retained while your subscription remains active and for 24 months after last activity to manage suppression lists, then deleted or irreversibly anonymised. The email address is stored while the subscription is active, and other personal data collected during registration are usually deleted 7 days following termination of your subscription.

• Assessment data: retained until the report has been delivered and for 24 months to support follow-up, thereafter aggregated and anonymised; individual responses not needed for identified purposes are deleted. Assessment responses are used to provide a customised report, and aggregated anonymised data may be used to draw conclusions and insights.

• Payment data: retained for six years to meet tax and accounting obligations or as required by law; Stripe may retain transaction records under its own policies.

Where a specific retention period is not stated, we will apply documented criteria (purpose, legal obligations, limitation periods, and our legitimate interests) to determine the appropriate retention period. Personal data are deleted or blocked as soon as the purpose of storage no longer applies, and may be stored where required by applicable legislation.

Sharing Your Personal Data

We do not sell your personal data. We disclose personal data to trusted service providers who assist in operating our Site, Platform, Products and Services, under appropriate confidentiality and data protection commitments. We may also share non-personally identifiable information for analytics and insights. We do not sell, trade, or otherwise transfer your personal data to outside parties, except trusted third parties who assist us in operating our Site, Platform, conducting our business, or servicing you, provided they keep the information confidential.

Automated Decision-Making

We do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you. If this changes, we will update this Privacy Policy and provide meaningful information about the logic involved and the envisaged consequences, together with your rights.

The original policy acknowledges the existence of automated decision-making rights and profiling safeguards pursuant to Article 22 GDPR.

Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. Measures include access controls, encryption in transit, secure configurations, and regular monitoring. We have implemented appropriate security measures to protect your data from unauthorised access, alteration, or disclosure, noting that no method is 100% secure.

Data Breach Notification

We maintain procedures to identify, investigate, and remediate personal data breaches. Where required, we will notify the ICO without undue delay and, where feasible, within 72 hours of becoming aware of a notifiable personal data breach. Where a breach is likely to result in a high risk to your rights and freedoms, we will also inform you without undue delay, providing information about the nature of the breach, likely consequences, and measures taken.

International Users

If you access our services from outside the UK, please note that your data may be processed in the UK or other countries where our providers operate. We will implement appropriate safeguards for any transfers as described above.

Changes to This Policy

We may update this Privacy Policy from time to time. We will post any changes on this page and, where appropriate, notify you by email or via our services. Please review this Privacy Policy regularly.

Your Consent

By using our Site, Platform, Products or Services you consent to this Privacy Policy, to the extent consent is required for particular processing activities.

Contact

For privacy questions, to exercise your rights, or to make a complaint, please contact:

Data Controller: intogreat Ltd

Address: Suite 6A, 10 Duke Street, Liverpool, L1 5AS, UK

Email: hello@intogreat.net

Telephone: +44 (0)7597 487 220

We will respond as soon as reasonably practicable and within the timeframes required by UK data protection law.

FINALIST

Well-being Service Provider of the Year

WINNER

Best Strategic Well-being Platform and Consultancy (UK) of 2025
Stay connected

If you’d like occasional quiet reflections and practical ideas, you can subscribe here.

Thank you for joining our community! Take a look at the inspiring discussions you've now become a part of, and get ready to connect with like-minded individuals on your journey towards greatness
Oops! Something went wrong while submitting the form.
Copyright Intogreat 2025
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept