This Privacy Policy explains how we collect, use, store, share, and delete your personal information when you visit brendanlevin.com or interact with us through our services, including LinkedIn.
Data Controller
Levaro Ltd (trading as "Brendan Levin Coaching")
Registered office: 128 City Road, London, United Kingdom, EC1V 2NX
We act as the data controller of your personal information for the purposes of UK GDPR, the EU GDPR (where applicable), the California Consumer Privacy Act (CCPA/CPRA), Canada's PIPEDA, and South Africa's POPIA.
Information We Collect
Information you provide directly
Name, email address, job title, company, and phone number when you fill out forms, book appointments, or contact us.
Responses you submit through intake forms or questionnaires on our site.
Payment details when you purchase services (processed by Stripe; we receive transaction confirmation and billing details but do not store full card numbers).
Communications you send us by email, LinkedIn, contact form, or booking widget.
Information collected automatically
Usage data (pages visited, time on site, referring source) through standard analytics tools.
Technical data: IP address, browser type, device type, operating system, and timestamps.
Cookies and similar technologies (see Cookies section below).
Information collected through LinkedIn
We use LinkedIn and the LinkedIn Marketing Developer Platform (including the Community Management API), and we use Unipile as a technical integration layer, to publish content, manage conversations, analyse engagement, and conduct outreach from our authenticated LinkedIn account and from LinkedIn Pages we administer. Through these tools we may access:
Your public LinkedIn profile data (name, headline, profile photo, current position, employer, location, and other information you have chosen to make publicly visible on LinkedIn).
LinkedIn post engagement data — reactions, comments, saves, shares, impressions, and click-through metrics — on content published by our personal account or our administered Pages.
Comment content and metadata you post in response to content published by our personal account or our administered Pages.
Connection and invitation data when you accept a connection request from us, or when we send or receive invitations.
Messaging data: LinkedIn direct messages and InMails exchanged between you and our LinkedIn account.
Organization-level analytics and follower data for LinkedIn Pages we administer, accessed via the Community Management API for the purpose of managing our own brand presence.
We only access LinkedIn data that is either (a) made available to our authenticated LinkedIn account or to our administered Pages through standard LinkedIn functionality, or (b) provided to us via LinkedIn's APIs subject to your consent at LinkedIn's authorization screen. We do not scrape LinkedIn, we do not maintain an independent database of LinkedIn profile data for resale, and we do not use LinkedIn data to build profiles of non-members.
How We Use Your Information
To provide and improve our advisory services.
To communicate with you about our services and relevant content.
To send updates you have opted into.
To process payments and meet legal, tax, and accounting obligations.
To respond to enquiries received by email, LinkedIn, or our contact form.
To publish, schedule, and manage content on LinkedIn and on LinkedIn Pages we administer.
To moderate and respond to comments on our LinkedIn content.
To measure content engagement and optimise our publishing strategy.
To conduct outbound outreach on LinkedIn and by email to potential clients in our ICP (B2B prospecting based on our legitimate interest).
To analyse how our website and content perform.
We do not use your information for automated decision-making that produces legal or similarly significant effects, and we do not sell your personal information.
Third-Party Services
We use third-party services to operate our business. Each acts as a data processor under our instructions and is bound by written agreements:
LinkedIn and the LinkedIn Marketing Developer Platform — content publishing, engagement analytics, messaging, Page management, and outreach.
Unipile — LinkedIn API access layer for messaging and profile data, acting on behalf of our authenticated LinkedIn account.
Stripe — payment processing.
Cal.com — appointment scheduling.
Cloudflare — website hosting and CDN.
Instantly — email outreach.
Each service has its own privacy policy governing your data. We do not sell your personal information to third parties, and we do not share personal information for cross-context behavioural advertising as defined under the CCPA.
LinkedIn Data — Specific Terms
This section applies in addition to the rest of this policy and governs our handling of data obtained through LinkedIn's APIs, services, or platform, including the Community Management API.
Source: LinkedIn data is obtained either through our authenticated LinkedIn account and administered Pages using LinkedIn's standard product features, or via LinkedIn's APIs subject to your consent provided at LinkedIn's OAuth or authorization screen.
Purpose limitation: We use LinkedIn data only for the specific purposes you consented to or that are reasonably necessary to publish content, manage our own LinkedIn presence, analyse engagement on our own posts and Pages, moderate comments on our content, conduct B2B outreach, and respond to messages you have sent to us. We do not use LinkedIn data for any purpose beyond what is described in this policy.
No resale or independent database: We do not sell, rent, license, or trade LinkedIn data. We do not build or maintain an independent database of LinkedIn member data for our own commercial purposes outside the scope of our active CRM and outreach workflow.
Retention: We retain LinkedIn profile data only while you remain an active prospect, lead, or client, and we apply the deletion and caching requirements set out in LinkedIn's API Terms of Use. Where LinkedIn's terms require shorter retention windows, those windows take precedence over the general retention periods described below.
Termination: If LinkedIn suspends or terminates our access to its APIs, or if you revoke your consent through LinkedIn, we will permanently delete the affected LinkedIn data within the timeframe required by LinkedIn (and in any event no later than 10 days from the suspension, termination, or revocation event).
User-directed deletion: At your request, we will delete the LinkedIn data we hold about you. See Your Rights below.
LinkedIn's own policy: LinkedIn is an independent data controller of any data it holds about you. Your use of LinkedIn is governed by LinkedIn's Privacy Policy and LinkedIn's User Agreement. You can revoke our application's access to your LinkedIn data at any time by visiting your LinkedIn permitted services settings.
International Data Transfers
We are established in the United Kingdom and operate globally. Some of our service providers are located outside the UK, including in the United States and the European Union. When we transfer your personal information outside the UK, we rely on appropriate safeguards including the UK International Data Transfer Agreement (IDTA) or the Standard Contractual Clauses with the UK Addendum, adequacy decisions issued by the UK Secretary of State where they apply, and your explicit consent where required. You can request a copy of the safeguards in place by contacting us.
Data Retention
We retain personal information only as long as necessary for the purposes set out in this policy:
Type of data
Retention period
Lead and prospect records
24 months from last meaningful interaction, or until you request deletion
Active client records
Duration of engagement plus 7 years (for UK tax and legal purposes)
Payment and invoicing records
7 years (UK tax law requirement)
LinkedIn messages and conversation history
While you remain an active connection or prospect, subject to LinkedIn's API requirements
LinkedIn profile cache data
Refreshed in line with LinkedIn's caching rules; not retained beyond what LinkedIn permits
LinkedIn Page analytics data
While we administer the Page, subject to LinkedIn's API requirements
Email communications
24 months from last reply
Website analytics data
14 months
When we no longer need your information, we securely delete or anonymise it.
Your Rights
Under UK GDPR and other applicable laws, you have the following rights:
Access — request a copy of the personal information we hold about you.
Rectification — request that we correct inaccurate or incomplete information.
Erasure — request that we delete your information. We will comply unless we have an overriding legal obligation to retain it.
Restriction — request that we limit the way we use your information.
Portability — request your information in a structured, machine-readable format.
Object — object to our processing of your information, including for direct marketing or outreach purposes.
Withdraw consent — where we rely on consent, you can withdraw it at any time.
Non-discrimination (CCPA) — if you are a California resident, we will not discriminate against you for exercising any of these rights.
Lodge a complaint — you have the right to lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or, if you are based elsewhere, with your local data protection authority.
To exercise any of these rights, contact us at [email protected]. We will respond within one month (or sooner where required by law). For requests involving LinkedIn data specifically, you can also revoke access directly through LinkedIn at linkedin.com/psettings/permitted-services.
Cookies
Our website uses cookies and similar technologies for analytics and functionality. Categories include strictly necessary cookies (required for the site to function), analytics cookies, and functional cookies. We do not use cross-site advertising trackers or behavioural advertising cookies. You can control cookie settings through your browser.
Security
We implement industry-standard technical and organisational measures to protect your personal information, including TLS encryption in transit, access controls, encrypted storage, and regular review of our service providers' security practices. No method of transmission over the internet is 100% secure, but we take reasonable steps to safeguard your data. If we become aware of a personal data breach affecting your information, we will notify the UK Information Commissioner's Office within 72 hours where required, and we will notify you without undue delay where the breach is likely to result in a high risk to your rights and freedoms.
Children
Our website and services are intended for business professionals over the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, contact us and we will delete it.
Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated date. For material changes, we will notify you by email or a prominent notice on the site before the change takes effect.
Contact
For questions about this policy or your data, contact us at:
Levaro Ltd
128 City Road, London, United Kingdom, EC1V 2NX
Email: [email protected]