Privacy Policy

Last updated: 18 May 2026  |  Applies to: izharshah.com

Welcome to izharshah.com ("Website"). This Website is operated by Sustech Solutions Limited (trading as Izhar Shah), a company registered in England and Wales under company number 15774535, with its registered office at 86-90 Paul Street, London, Greater London, England, EC2A 4NE ("we", "us", "our").

We are committed to protecting your privacy and handling your personal data with care, transparency, and integrity. This Privacy Policy explains who we are, what personal data we collect, why and how we use it, who we share it with, how long we keep it, and what rights you have over it.

1. Who We Are and How to Contact Us

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller is:

Sustech Solutions Limited
Trading as: Izhar Shah
Company Number: 15774535
Registered Office: 86-90 Paul Street, London, Greater London, England, EC2A 4NE
Website: www.izharshah.com
Contact: www.izharshah.com/contact

As data controller, we are responsible for deciding how and why your personal data is processed. If you have any questions about this policy or wish to exercise any of your rights, please use the contact details above.

2. Scope of This Policy

This Privacy Policy applies to all personal data processed by Sustech Solutions Limited in connection with:

• Visitors to the Website, whether or not they make a purchase or create an account
• Customers purchasing digital products, courses, or other materials
• Subscribers to our newsletter or email list
• Clients engaging in coaching or mentoring services
• Individuals who contact us with enquiries or for support
• Individuals who interact with us via social media or other channels that link to this Website

This policy does not apply to:

• Data processed about our employees, contractors, or job applicants, which is governed by separate internal policies
• Third-party websites linked from this Website, whose own privacy policies apply

3. Data We Collect About You

3.1 Data You Provide Directly

We collect personal data that you actively provide to us, including:

• Identity data: full name, username or similar identifier
• Contact data: email address, billing address
• Transaction data: details of purchases, products accessed, order history, and payment confirmation references
• Account data: login credentials, account preferences, and membership details
• Profile data: information you add to your account profile
• Communications data: messages, enquiries, support requests, or feedback submitted by you
• Coaching data: information shared during coaching sessions, booking details, goals, and notes relevant to your coaching engagement
• Marketing preferences: your opt-in and opt-out choices for marketing communications

3.2 Data Collected Automatically

When you visit our Website, we automatically collect certain technical and behavioural data, including:

• Technical data: IP address, browser type and version, operating system, device type and identifiers, time zone setting, and plug-in types
• Usage data: pages visited, time spent on pages, links clicked, referring URLs, and navigation paths
• Cookie data: data collected via cookies and similar technologies (see Section 8)

3.3 Data We Do Not Collect

We do not intentionally collect the following, and you should not submit this information to us unless specifically requested:

• Full payment card numbers, CVV codes, or bank account details
• Government-issued identification numbers (e.g. National Insurance number, passport number)
• Special category data (see Section 16)
• Data relating to individuals under the age of 18 (see Section 15)

4. How We Collect Your Data

We collect personal data through the following means:

• Direct interactions: when you register an account, make a purchase, book a coaching session, subscribe to our newsletter, submit an enquiry form, or correspond with us
• Automated technologies: through cookies, web beacons, pixels, and server logs as you interact with the Website (see Section 8)
• Third-party sources: from our platform provider (Kajabi), payment processors (PayPal), email marketing tools, and analytics providers — who may share data with us in accordance with their own policies
• Publicly available sources: for fraud prevention or verification purposes, from publicly available records where relevant

5. Legal Bases for Processing

Under the UK GDPR, we must have a valid lawful basis for each processing activity. We rely on the following, as set out in more detail in Section 6:

Lawful Basis	When We Rely on It
Contract (Article 6(1)(b))	Processing necessary to fulfil an order, deliver a product, manage your account, or perform coaching services you have purchased
Legal Obligation (Article 6(1)(c))	Compliance with tax, accounting, and financial reporting obligations; responding to lawful requests from regulators or courts; maintaining records required by law
Legitimate Interests (Article 6(1)(f))	Operating and improving our business and Website; preventing fraud, piracy, and abuse; network and information security; direct marketing to existing customers (soft opt-in under PECR); analytics and performance monitoring; enforcing our legal rights and terms
Consent (Article 6(1)(a))	Sending marketing emails to new subscribers who have not purchased from us; setting non-essential cookies; any other processing where consent is specifically sought

Where we rely on legitimate interests, we have conducted a Legitimate Interests Assessment (LIA) to ensure our interests are balanced against your rights and freedoms, and that our processing does not override your interests in an unjustified manner. You may request further information about any LIA by contacting us.

Where we rely on consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of any processing carried out before withdrawal.

6. How We Use Your Data

We use your personal data for the following purposes:

Purpose	Data Used	Lawful Basis
Providing access to purchased products, courses, and coaching	Identity, contact, transaction, account data	Contract
Processing payments and fulfilling orders	Identity, contact, transaction data	Contract
Managing your account and membership	Identity, contact, account, profile data	Contract
Responding to enquiries and providing customer support	Identity, contact, communications data	Contract / Legitimate interests
Delivering coaching sessions and maintaining coaching records	Identity, contact, coaching data	Contract
Sending marketing emails and newsletters	Identity, contact, marketing preferences	Consent / Legitimate interests (existing customers)
Improving Website performance, content, and user experience	Technical, usage, cookie data	Legitimate interests
Analysing website traffic and measuring campaign performance	Technical, usage, cookie data	Legitimate interests / Consent
Detecting and preventing fraud, piracy, chargebacks, and abuse	Identity, technical, transaction data	Legitimate interests / Legal obligation
Complying with tax, accounting, and regulatory obligations	Identity, contact, transaction data	Legal obligation
Establishing, exercising, or defending legal claims	All relevant data	Legitimate interests / Legal obligation
Notifying you of changes to our services, terms, or policies	Identity, contact data	Legal obligation / Contract

We will not use your personal data for any purpose that is incompatible with the purposes for which it was originally collected, without informing you and establishing a new lawful basis where required.

We may process aggregated or anonymised data — which cannot identify any individual — for any purpose, including research, analysis, and business planning. Such data falls outside the scope of the UK GDPR.

7. Marketing Communications

7.1 What We May Send

Where you have given consent, or where we are relying on the soft opt-in for existing customers under the Privacy and Electronic Communications Regulations 2003 (PECR), we may send you:

• The Parallel Operator newsletter and educational content
• Updates on new products, courses, or services
• Promotional offers and announcements
• Business insights and relevant industry updates

7.2 Your Right to Opt Out

You may withdraw consent or opt out of marketing communications at any time by:

• Clicking the "Unsubscribe" link in any marketing email we send
• Contacting us directly at www.izharshah.com/contact

Opting out of marketing does not affect your receipt of essential service-related communications, such as order confirmations, account notifications, access details, and responses to your enquiries. These are sent on the basis of contract or legal obligation and are not subject to the right to opt out.

7.3 Soft Opt-In

Where you have purchased a product or service from us, we may send you marketing communications relating to similar products or services under the soft opt-in rule in PECR Regulation 22. You can opt out of these at any time using the methods above.

7.4 Third-Party Marketing

We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve our Website. A full explanation of the cookies we use, your choices, and how to manage them is set out in our Cookie Policy.

In summary:

• Strictly necessary cookies are set without consent as they are essential to operate the Website
• Analytics, functional, and marketing cookies are only set with your prior consent, sought via the cookie banner on first visit
• You may withdraw or change your cookie preferences at any time via the cookie settings link in the footer

9. Payments and Financial Data

All payments made through this Website are processed by trusted third-party payment providers, currently including Kajabi and PayPal. These providers are responsible for the security of your payment card data and process it in accordance with the Payment Card Industry Data Security Standard (PCI DSS).

We do not receive, store, or have access to your full payment card number, CVV, or bank account details at any stage of the transaction. We receive only a payment confirmation reference, which we retain for accounting and dispute resolution purposes.

Payment data is processed under the providers' own privacy policies:

• Kajabi Privacy Policy
• PayPal Privacy Policy (UK)

10. Sharing Your Data

We do not sell your personal data. We may share it only in the following circumstances and with the following categories of recipients:

10.1 Service Providers and Data Processors

We engage third-party service providers who process personal data on our behalf, strictly under our instruction and under appropriate data processing agreements:

Provider	Role	Data Shared
Kajabi	Website hosting, course delivery, email, membership, and payment infrastructure	Identity, contact, account, transaction, usage data
PayPal / Braintree	Payment processing and fraud prevention	Identity, contact, transaction data
Email delivery providers	Transactional and marketing email delivery	Identity, contact, marketing preference data
Analytics providers (e.g. Google Analytics)	Website performance analysis and traffic measurement	Technical, usage, anonymised/pseudonymised data
Professional advisers	Legal, accounting, tax, and compliance advice	Relevant personal data as required

10.2 Legal and Regulatory Disclosure

We may disclose personal data to authorities, regulators, courts, or law enforcement agencies where we are required to do so by law, court order, or regulatory requirement — or where we believe disclosure is necessary to prevent serious harm, protect our legal rights, or enforce our terms.

10.3 Fraud and Security

We may share data with fraud prevention agencies, payment networks, or platform providers where we have reasonable grounds to suspect fraudulent activity, piracy, chargebacks, or abuse of our services.

10.4 Business Transfers

In the event that Sustech Solutions Limited is acquired by, merges with, or transfers assets to another entity, your personal data may be transferred as part of that transaction. We will notify you before your personal data is transferred and becomes subject to a different privacy policy, where required by law.

11. International Data Transfers

Sustech Solutions Limited is based in the United Kingdom. Some of our service providers are located outside the UK, and your data may be transferred to and processed in countries that do not have the same data protection laws as the UK.

Where we transfer personal data outside the UK, we ensure that appropriate safeguards are in place to protect your data, including:

• Adequacy decisions: transfers to countries recognised by the UK Secretary of State as providing an adequate level of data protection
• International Data Transfer Agreements (IDTAs): the UK-specific equivalent of Standard Contractual Clauses, where no adequacy decision exists
• UK Addendum to EU Standard Contractual Clauses: used where providers operate under EU SCCs that have been updated with the required UK Addendum

If you would like further information about the safeguards applied to a specific transfer, please contact us.

12. Data Retention

We retain your personal data only for as long as is necessary for the purposes for which it was collected, or as required by law. The following retention periods apply as a guide:

Data Category	Retention Period	Reason
Customer account and purchase records	Duration of relationship + 7 years	HMRC tax and accounting requirements; limitation period for contract claims
Transaction and payment confirmation records	7 years from date of transaction	Companies Act 2006; HMRC requirements
Marketing consent records	Until consent is withdrawn + 1 year	Evidence of consent; ICO guidance
Email marketing engagement data	Up to 3 years of inactivity, then reviewed	Legitimate interests in maintaining an active list
Coaching session records and notes	3 years from last session	Limitation period for contract claims; professional record-keeping
Customer support and communications	3 years from last interaction	Dispute resolution; legitimate interests
Website usage and analytics data	Up to 26 months	Website improvement; standard analytics retention
Fraud prevention and security records	Up to 7 years	Fraud prevention; legal claims
Data subject to legal hold	Duration of proceedings + applicable limitation period	Legal obligation; establishing and defending claims

At the end of the applicable retention period, personal data is securely deleted or anonymised. We review our retention practices periodically and will retain data for longer where required by law or court order.

13. Your Rights Under UK GDPR

Under UK GDPR, you have the following rights in relation to your personal data. To exercise any of these rights, please contact us at www.izharshah.com/contact. We will respond within one calendar month of receiving your request, as required by UK GDPR Article 12, unless the request is complex or numerous, in which case we may extend this by a further two months and will notify you accordingly.

13.1 Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you and to receive information about how we use it. This is known as a Subject Access Request (SAR). We will provide this free of charge, though we may charge a reasonable fee or refuse requests that are manifestly unfounded, excessive, or repetitive.

13.2 Right to Rectification (Article 16)

You have the right to ask us to correct personal data that is inaccurate or to complete data that is incomplete. We will act on valid requests promptly.

13.3 Right to Erasure (Article 17)

You have the right to request the deletion of your personal data — also known as the "right to be forgotten" — in certain circumstances, including where the data is no longer necessary for the purpose it was collected, where you withdraw consent, or where processing is unlawful. This right is not absolute; we may retain data where we have a legal obligation or legitimate interest to do so, such as for tax records, fraud prevention, or the establishment or defence of legal claims.

13.4 Right to Restriction of Processing (Article 18)

You have the right to request that we temporarily restrict the processing of your personal data in certain circumstances — for example, while the accuracy of data is being contested, or where you have objected to processing pending verification of our legitimate grounds.

13.5 Right to Data Portability (Article 20)

Where processing is based on your consent or the performance of a contract, and is carried out by automated means, you have the right to receive a copy of your personal data in a structured, commonly used, machine-readable format, and to have it transmitted to another data controller where technically feasible.

13.6 Right to Object (Article 21)

You have the right to object at any time to the processing of your personal data where we rely on legitimate interests as the lawful basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or where the processing is necessary for the establishment, exercise, or defence of legal claims. You have an absolute right to object to processing for direct marketing purposes.

13.7 Right to Withdraw Consent (Article 7(3))

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing that took place before withdrawal.

13.8 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Please see Section 14 for our position on this.

To exercise any of the above rights, please contact us in writing via www.izharshah.com/contact. We may need to verify your identity before processing your request. We will not charge for valid requests; however, we may charge a reasonable administrative fee for requests that are manifestly unfounded or excessive.

14. Automated Decision-Making and Profiling

We do not currently make any decisions about you that are based solely on automated processing and that produce legal or similarly significant effects on you, within the meaning of Article 22 of the UK GDPR.

We may use automated tools for the purposes of personalising email content, segmenting our subscriber list by behaviour (such as opens and clicks), and analytics. These activities do not constitute automated decision-making under Article 22 as they do not produce legal effects or similarly significant consequences for you individually.

If this position changes, we will update this policy accordingly and, where required, seek your explicit consent.

15. Children's Privacy

Our Website and services are intended for individuals aged 18 and over. We do not knowingly collect or process personal data from anyone under the age of 18.

If you are under 18, please do not use this Website, create an account, or submit personal data to us. If we become aware that we have inadvertently collected personal data from a person under 18, we will take prompt steps to delete that data.

If you are a parent or guardian and believe your child has provided personal data to us without your consent, please contact us immediately at www.izharshah.com/contact.

16. Special Category Data

We do not intentionally collect or process special category data as defined by UK GDPR Article 9, which includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation.

Please do not share such information with us. If special category data is incidentally disclosed to us — for example, in a coaching conversation — we will treat it with the highest level of confidentiality and process it only where strictly necessary and on the basis of explicit consent or another applicable condition under Article 9(2) of the UK GDPR.

17. Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against accidental loss, unauthorised access, disclosure, alteration, or destruction. These measures include:

• Use of reputable, security-certified platforms (Kajabi, PayPal) with their own security programmes
• HTTPS encryption across the Website
• Access controls limiting who within our organisation can access personal data
• Secure password practices and account authentication measures
• Regular review of our information security arrangements

However, no method of transmission over the internet or electronic storage is completely secure. Whilst we use commercially reasonable means to protect your data, we cannot guarantee absolute security. Use of this Website is at your own risk, and you are responsible for maintaining the security of any account credentials used to access our services.

If you have reason to believe your account has been compromised, please contact us immediately.

18. Data Breaches

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, in accordance with our obligations under UK GDPR Article 33.

Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, in accordance with UK GDPR Article 34.

We maintain an internal record of all data breaches, including those which do not require notification to the ICO, as required by UK GDPR Article 33(5).

19. Business Transfers

If Sustech Solutions Limited undergoes a merger, acquisition, asset sale, or other business restructuring, personal data held by us may be among the assets transferred. We will notify you — via a prominent notice on the Website or by email — before your personal data is transferred and before it becomes subject to a materially different privacy policy.

In any such scenario, the acquiring entity will be required to honour the commitments made in this policy unless you are given notice and an opportunity to object or opt out.

20. Third-Party Links

Our Website may contain links to third-party websites, tools, platforms, or services. Clicking on these links may allow those parties to collect or share data about you. We do not control those third-party websites and are not responsible for their privacy practices, content, or availability.

We encourage you to read the privacy policy of every website you visit. The inclusion of a link on our Website does not constitute an endorsement or recommendation of that third party.

21. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Display a prominent notice on the Website where required
• Notify you by email where required by law or where the changes materially affect your rights

We encourage you to review this page periodically. Your continued use of the Website following the posting of changes constitutes your acknowledgement of those changes. Where changes require fresh consent, we will seek it from you before the new processing begins.

The current version of this policy is always available at www.izharshah.com/privacy-policy.

22. How to Complain

If you have concerns about how we handle your personal data, we ask that you contact us first so that we have the opportunity to resolve your concern directly. We take all complaints seriously and will respond promptly.

If you remain dissatisfied after contacting us, or if you believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113
Registered address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

If you are based outside the UK, you may also have the right to lodge a complaint with a data protection supervisory authority in your country of residence.

23. Contact Us

For any questions, requests, or concerns relating to this Privacy Policy or the processing of your personal data, please contact us:

Sustech Solutions Limited
Trading as: Izhar Shah
Company Number: 15774535
86-90 Paul Street, London, Greater London, England, EC2A 4NE
Website: www.izharshah.com/contact

We aim to respond to all privacy-related queries within five working days and to all formal data subject requests within one calendar month, as required by UK GDPR Article 12.