Effective date: 26/04/2026
This Privacy Policy explains how Greg Kurnikov trading as a sole trader (“I”, “me”, “my”) collects, uses and protects personal data through this website, gregkurnikov.com, including when you contact me through the website.
I am committed to handling personal data fairly, lawfully and transparently in line with the UK GDPR and the Data Protection Act 2018.
1. WHO I AM
Data controller: Greg Kurnikov trading as a sole trader
ICO registration number: ZC133480
Website: gregkurnikov.com
If you have any questions about this Privacy Policy or how your personal data is handled, please contact me using the contact form on this website.
2. THE PERSONAL DATA I COLLECT
I may collect and process the following personal data:
- Your name
- Your email address
- Your telephone number, if you choose to provide it
- Your company name, job title or other business information, if you choose to provide it
- The content of your enquiry, message or correspondence
- Technical information generated when you use the website, such as:
- IP address
- browser type
- device information
- basic server log data
- Any other information you choose to send to me
I do not intentionally collect special category personal data through this website or through the questionnaires used in paid assessments. Participants in paid assessments are asked not to include special category personal data in their answers. Where such data is volunteered, it will be handled with additional care and only to the extent necessary to deliver the service.
3. HOW I COLLECT PERSONAL DATA
I collect personal data when:
- You complete a contact form on the website
- You communicate with me through the website
- You contact me about a potential or ongoing engagement
- You browse the website and standard technical information is collected through hosting, security or website systems
4. HOW I USE YOUR PERSONAL DATA
I use personal data for the following purposes:
- To respond to enquiries and messages
- To discuss, prepare or manage potential engagements or services
- To provide services and maintain client relationships
- To operate, secure and improve the website
- To keep appropriate business records
- To comply with legal or regulatory obligations
- To establish, exercise or defend legal claims where necessary
4A. PERSONAL DATA COLLECTED THROUGH PAID ASSESSMENTS
Where you purchase a paid assessment service such as the Individual Invincibility Blueprint, additional personal data is collected and processed:
- Your responses to a structured online questionnaire about your own work situations and management practice, completed via a secure form
- Payment information processed through Stripe to take payment for the service
- The written assessment report produced from your responses
This information is used only to deliver the assessment, produce and deliver the report, support you in connection with the service, and meet legal, tax and accounting obligations.
Where an employer commissions assessments on behalf of individual employees under a separate engagement, the employer receives only a themes-level summary across the group. Individual answers and individual reports remain confidential to each participant.
Questionnaire responses and reports are retained for up to 24 months from delivery, after which they are deleted, unless a longer period is necessary for contractual, legal, regulatory, tax, insurance or accounting purposes.
5. LAWFUL BASES FOR PROCESSING
I rely on one or more of the following lawful bases under the UK GDPR:
- Contract
Where processing is necessary to take steps at your request before entering into a contract, or to perform a contract with you - Legitimate interests
Where processing is necessary for legitimate business purposes, including responding to enquiries, managing relationships, protecting the website and running the business - Legal obligation
Where processing is necessary to comply with legal or regulatory requirements - Consent
Where consent is required for a specific activity, I will ask for it
6. WHO I SHARE PERSONAL DATA WITH
I do not sell personal data.
I may share personal data with trusted third parties where reasonably necessary, such as:
- Website hosting and IT service providers
- Payment processors used to take and process payments for paid services (currently Stripe)
- Website form, email, security or technical service providers
- Professional advisers such as legal, accounting or insurance advisers
- Regulators, courts, law enforcement or other authorities where required by law
- Clients or counterparties where this is necessary in connection with an engagement and lawful to do so
These recipients will only receive personal data where there is a legitimate reason for them to do so.
7. INTERNATIONAL TRANSFERS
Some service providers may process data outside the UK. Where that happens, I will take reasonable steps to ensure that appropriate safeguards are in place in accordance with applicable data protection law.
8. HOW LONG I KEEP PERSONAL DATA
I keep personal data only for as long as reasonably necessary for the purposes for which it was collected, including to respond to enquiries, maintain records, meet legal, regulatory, tax, insurance or accounting obligations, and resolve disputes.
As a general guide:
- Website enquiry data is usually kept for up to 12 months
- Client and engagement-related records may be kept for longer where necessary for contractual, legal, regulatory, tax or insurance purposes
Retention periods may be extended where reasonably necessary to protect legal rights or comply with obligations.
9. SECURITY
I take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. However, no method of transmission or storage is completely secure, so I cannot guarantee absolute security.
10. COOKIES AND SIMILAR TECHNOLOGIES
This website may use strictly necessary cookies or similar technologies to help the site function properly, maintain security and support standard website operations.
If I use non-essential analytics or marketing cookies, I will update this Privacy Policy and, where required, request your consent.
You can also control cookies through your browser settings.
11. THIRD-PARTY LINKS
This website may contain links to third-party websites. If you follow a link to another site, that site will have its own privacy practices and policies. I am not responsible for the content, security or privacy practices of third-party websites.
12. YOUR RIGHTS
Under data protection law, you may have rights including:
- The right to request access to your personal data
- The right to request correction of inaccurate or incomplete data
- The right to request erasure of your personal data in certain circumstances
- The right to request restriction of processing in certain circumstances
- The right to object to processing based on legitimate interests
- The right to data portability in certain circumstances
- The right to withdraw consent, where processing is based on consent
- The right to complain to the Information Commissioner’s Office (ICO)
To exercise any of these rights, please contact me using the contact form on this website.
13. COMPLAINTS
If you have a concern about how I handle your personal data, please contact me first and I will try to resolve it fairly and promptly.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Information Commissioner’s Office
Website: ico.org.uk
Telephone: 0303 123 1113
14. CHANGES TO THIS PRIVACY POLICY
I may update this Privacy Policy from time to time to reflect changes to the website, services, legal requirements or data handling practices. The latest version will always be published on this page.