Privacy Policy

Last Updated: 09/04/2026

This Privacy Policy explains how ANY PLACE ANY TIME LTD (company registration number 16120183), trading as Startmoto (“Startmoto”, “we”, “us”, or “our”), collects, uses, stores, discloses, and otherwise processes personal data in connection with our website, checkout process, digital course delivery, and customer support operations. Our registered address is 2 Unity St, St Philip S, Bristol, BS2 0HN, United Kingdom.

Geographical Note: Our services are not available to residents of the following countries: Belarus, Cuba, Iran, North Korea, Russian Federation, Syria, Sudan. We do not knowingly collect or process personal data from individuals in these jurisdictions. If you access our site from one of these countries, do not proceed with any registration or purchase.

1. Data Controller

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller is ANY PLACE ANY TIME LTD (company number 16120183), 2 Unity St, St Philip S, Bristol, BS2 0HN, United Kingdom. If you have questions about this Privacy Policy or how your information is handled, you may contact us at info@startmoto.co.uk.

2. Categories of Information We Collect

We collect information that you provide directly, information generated through your use of the service, and limited technical data required to operate and secure the platform.

• Contact enquiries: When you contact us, we may collect your first name, last name, email address, phone number, subject line, and message content.
• Checkout and order data: When you buy a course, we may collect your name, date of birth, Telegram handle, email address, phone number, billing address (street, city, postcode, country), selected courses, extras, payment status, currency, and related transaction metadata. We do not store full payment card numbers or security codes on our own systems.
• Course usage data: We may record course access, badge issuance records, and support history associated with your purchase.
• Technical and security data: We may process IP address, device type, browser, operating system, and log information where reasonably necessary for service operation, fraud prevention, and security monitoring.

We may use cookies and similar storage technologies where reasonably necessary to operate the service, support checkout, and remember user preferences such as selected currency. For full details, see our Cookie Policy.

3. Why the Checkout Form Requests Multiple Fields

Because we sell digital products through regulated payment channels, we require more information than a simple newsletter or contact form. We request only the information that is reasonably necessary to identify the purchaser, process payment, comply with payment and sanctions controls, deliver course access, and handle customer support efficiently.

• Name: Used to identify the purchaser, match the order to payment records, issue confirmations, and support any post-purchase enquiries.
• Email address: Used to deliver access details, send order confirmations, communicate service messages, and respond to support requests.
• Phone number and Telegram handle: Used as additional contact channels where we need to resolve urgent order, payment, access, or support issues, or where a primary email is unavailable or delayed.
• Date of birth: Used for age verification, eligibility checks, and fraud or risk screening where reasonably required by our payment and compliance processes.
• Street, city, postcode, and country: Used for billing verification, transaction-risk checks, sanctions and territory screening, dispute handling, and compliance with payment processor requirements.
• Selected courses, extras, amount, and currency: Used to create the order, calculate the amount due, reconcile the transaction, and deliver the correct digital products.
• Additional notes: Used only where you choose to provide extra information relevant to your order or support needs.

4. Purposes and Lawful Bases for Processing

Under the UK GDPR, we must have a lawful basis for processing your personal data. The table below sets out our purposes and the corresponding lawful bases under Article 6(1):

• Course delivery, order fulfilment, and access management: To process orders, deliver digital content, and make course access available. Lawful basis: Performance of a contract (Art. 6(1)(b)).
• Payment processing and billing verification: To facilitate payment authorisation, settlement, reconciliation, and compliance checks. Lawful basis: Performance of a contract (Art. 6(1)(b)).
• Digital badge issuance: To generate, verify, and issue digital completion badges associated with eligible course completions. Lawful basis: Performance of a contract (Art. 6(1)(b)).
• Security, fraud prevention, and chargeback management: To detect, prevent, investigate, and respond to fraud, misuse, chargeback abuse, sanctions issues, and unauthorised access. Lawful basis: Legitimate interests (Art. 6(1)(f)) — protecting the business, its customers, and its payment partners from fraudulent or abusive activity.
• Identity, age, and sanctions screening: To validate purchaser details against billing and transaction information and screen for sanctions or territory restrictions. Lawful basis: Legal obligation (Art. 6(1)(c)) and legitimate interests (Art. 6(1)(f)).
• Customer support and service administration: To respond to enquiries, resolve technical issues, and administer the service. Lawful basis: Performance of a contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f)).
• Service improvement: To maintain, improve, and troubleshoot our website, course content, and operational systems. Lawful basis: Legitimate interests (Art. 6(1)(f)) — improving and securing our products and services.
• Legal and regulatory compliance: To maintain records, respond to lawful requests, and comply with applicable legal, tax, accounting, sanctions, and regulatory obligations. Lawful basis: Legal obligation (Art. 6(1)(c)).

Where we rely on legitimate interests, we have carried out a balancing test to ensure our interests do not override your fundamental rights and freedoms. You may request details of these assessments by contacting us.

5. Disclosure of Information

We do not sell your personal data. We may disclose information to third parties where reasonably necessary to operate the service or comply with legal obligations:

• Hosting, infrastructure, and communications providers: To operate the website, deliver access links, and send service communications.
• Payment processors: To process payments, perform fraud screening, and comply with card-scheme and financial regulations. We do not store full payment card details on our own servers. Our payment processing is PCI-DSS compliant.
• Professional advisers and authorities: Where necessary for legal, tax, accounting, regulatory, insurance, or dispute-resolution purposes.

6. International Transfers

Some of our service providers may process data outside the United Kingdom. Where cross-border transfers occur, we ensure appropriate safeguards are in place as required by the UK GDPR, which may include UK adequacy regulations, standard contractual clauses approved by the ICO, or other lawful transfer mechanisms. You may request further details about the safeguards used by contacting us.

7. Data Retention

We keep your personal data only as long as necessary to fulfil the purposes it was collected for, including legal, accounting, and reporting requirements. Our standard retention periods are:

• Order and transaction data: Up to 7 years after the date of the transaction to comply with UK tax, accounting, and payment-scheme record-keeping obligations.
• Contact enquiry data: Up to 2 years after your last interaction, unless further retention is required for legal purposes.
• Technical and security logs: Up to 12 months, unless an investigation or legal matter requires longer retention.

When personal data is no longer required, it will be securely deleted or anonymised.

8. Data Security

We use reasonable technical and organisational measures designed to protect personal data against unauthorised access, loss, alteration, disclosure, or destruction. These measures include encryption in transit (TLS/HTTPS), restricted access controls, secure hosting environments, and regular security reviews. No internet-based system is completely secure, and we cannot guarantee absolute security.

9. Automated Decision-Making

Our payment processors may use automated fraud-scoring and risk tools as part of the payment authorisation process. These tools may assess transaction data, billing information, and device data to determine whether to approve or decline a payment. We do not carry out automated decision-making that produces legal or similarly significant effects on you solely based on automated processing without human involvement. If a payment is declined due to automated fraud screening, you may contact us to request a manual review.

10. Children’s Data

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us immediately so we can take steps to delete that information.

11. Your Rights

Under the UK GDPR and Data Protection Act 2018, you have the following rights regarding your personal data:

• Right to be informed: To understand how your data is collected and used (this Privacy Policy).
• Right of access: To request a copy of your personal data (Subject Access Request).
• Right to rectification: To correct inaccurate or incomplete information.
• Right to erasure: To request deletion of your personal data in circumstances permitted by law. Note that we may need to retain certain information for legal, tax, or dispute-resolution purposes.
• Right to restrict processing: To request that we limit certain uses of your data.
• Right to data portability: To request transfer of certain personal data in a structured, commonly used, machine-readable format.
• Right to object: To object to processing based on legitimate interests. We will stop unless we demonstrate compelling legitimate grounds.
• Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
• Rights related to automated decision-making: To request human review of a decision made solely by automated means, where it significantly affects you.

To exercise any of these rights, contact us at info@startmoto.co.uk. We will respond within one month of receiving your request, or inform you if an extension is necessary. We may request information necessary to verify your identity before responding.

12. Complaints

If you believe we have not handled your data appropriately, you may contact us first so we can investigate. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection:

• Website: ico.org.uk
• Phone: 0303 123 1113
• Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

13. Policy Updates

We may amend this Privacy Policy from time to time to reflect legal, regulatory, operational, or technical developments. The latest version will be posted on this page with an updated effective date. Where changes are material, we will take reasonable steps to notify affected individuals.

14. Contact

Questions, access requests, or privacy-related concerns may be sent to:

• Email: info@startmoto.co.uk
• Phone: +44 7727 673503
• Post: ANY PLACE ANY TIME LTD, 2 Unity St, St Philip S, Bristol, BS2 0HN, United Kingdom