Privacy Policy

Who We Are

Navolon LLC ('we', 'us', 'our') is a limited liability company registered in the State of New York, United States. We operate the GCC Business Wartime Masterclass program and are the data controller for personal data collected through the program and this website.

Contact for data protection matters: [email protected]
Registered address: Navolon LLC, New York, United States

Personal Data We Collect

We collect the following categories of personal data:

• (a) Identity data: full name, job title, company name, LinkedIn profile URL.
• (b) Contact data: email address, phone number (including WhatsApp number), country of residence.
• (c) Program data: enrollment tier, module completion progress, assessment scores, deliverable submissions, attendance records.
• (d) Payment data: billing name, billing address, payment confirmation reference. We do not store card numbers — payment processing is handled by Stripe.
• (e) Communications data: records of emails, messages, and other communications with us.
• (f) Usage data: how you interact with our website and LMS platform, pages visited, time spent, device and browser type.
• (g) Diagnostic data: your responses to the GCC Business Wartime Readiness Diagnostic, including your score and tier result.

How We Use Your Personal Data

We use your personal data for the following purposes:

• (a) Program delivery (contract): to provide the program you have enrolled in, including access to content, assessment, and certification.
• (b) Payment processing (contract): to process your enrollment fee and issue invoices.
• (c) Communications (legitimate interests): to send you program-related communications, session reminders, and community updates. You may opt out of non-essential communications at any time.
• (d) Marketing (consent): to send you marketing communications about new cohorts and program updates. We will only do this with your consent, which you may withdraw at any time.
• (e) Program improvement (legitimate interests): to analyse how participants engage with the program and improve content and delivery.
• (f) Legal compliance (legal obligation): to comply with applicable United States laws and regulations.
• (g) Alumni communications (legitimate interests): to maintain the alumni community and send updates relevant to program graduates.

Data Sharing

We do not sell your personal data to third parties. We share your data with the following categories of third parties only where necessary:

• (a) LMS platform provider (Kajabi): to host and deliver program content.
• (b) Payment processor (Stripe): to process enrollment fees and issue payment confirmation.
• (c) Email marketing platform (Kajabi): to deliver program and marketing communications.
• (d) Video conferencing platform (Zoom): for SHIELD live session delivery.
• (e) Assessors and facilitators: who may access deliverable submissions for assessment purposes. Assessors are bound by confidentiality obligations.
• (f) Professional advisers: including lawyers, accountants, and auditors, where necessary.
• (g) Regulatory authorities: where required by applicable law.

We require all third-party processors to implement appropriate technical and organisational security measures.

International Data Transfers

Navolon LLC is based in the United States. Your personal data is processed and stored on servers in the United States or those of our service providers (including Kajabi, Zoom, and Stripe), which may be located in various jurisdictions.

By enrolling in the program or submitting the readiness diagnostic, you consent to your data being processed in the United States and by those service providers under their respective privacy policies and our data processing agreements with them.

If you have questions about how your data is handled, contact us at [email protected].

Data Retention

We retain personal data for the following periods:

• (a) Program records (enrollment, assessment, certification): 7 years from the date of enrollment.
• (b) Financial and payment records: 5 years from the transaction date.
• (c) Marketing consent records: until consent is withdrawn, plus 1 year.
• (d) Diagnostic data: 2 years from completion, unless you enroll in the program.
• (e) Alumni communications: until you unsubscribe or request deletion.

We will delete or anonymise your data when it is no longer needed for the purposes for which it was collected.

Your Rights

Regardless of your country of residence, you may exercise the following rights:

• (a) Access: to request a copy of the personal data we hold about you.
• (b) Correction: to request correction of inaccurate or incomplete data.
• (c) Deletion: to request deletion of your data, subject to our legal obligations to retain certain records.
• (d) Restriction: to request that we restrict processing of your data in certain circumstances.
• (e) Objection: to object to processing based on legitimate interests.
• (f) Withdrawal of consent: to withdraw consent for marketing communications at any time.
• (g) Portability: to receive your data in a structured, commonly used format.

To exercise any of these rights, write to [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.

Cookies and Website Tracking

Our website uses cookies and similar tracking technologies to improve user experience and analyse site usage. We use:

• (a) Strictly necessary cookies: required for the website and LMS to function. These cannot be disabled.
• (b) Analytics cookies: to understand how visitors use the website (e.g. Google Analytics). These are placed only with your consent.
• (c) Marketing cookies: to track the effectiveness of advertising (e.g. Google Ads conversion tracking). These are placed only with your consent.

You may manage your cookie preferences through the cookie consent banner on our website or through your browser settings. We do not sell data collected via cookies to third parties.

Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include TLS encryption for data in transit, access controls limited to authorised personnel, regular security assessments, and contractual data processing obligations with all service providers.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected individuals, within the timeframes required by applicable law.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting the updated policy on our website. The 'last updated' date at the top of this page indicates when it was last revised.

Continued use of the program or website following notification of material changes constitutes acceptance of the updated policy.