Karen’s Holistic Lifestyle Coaching – Privacy Notice – 1st January 2023
1. About me
I am a sole trader providing coaching to individuals and organisations within the UK and Europe (Karen’s Holistic Lifestyle Coaching – www.karen-wyness.com).
I can be contacted at firstname.lastname@example.org or on +44 (0)75015 545 554.
2. The Purpose of this Notice
This notice is designed to help you understand what kind of information I collect in connection with coaching and how I will process and use this information. In the course of providing coaching I will collect and process information that is commonly known as “personal data”.
3. What is Personal Data?
Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, address, date of birth, gender and contact details.
Personal data may contain information which is known as special categories of (sensitive) personal data – relating to and not limited to an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership. genetic and biometric data or data relating to sexual orientation. Personal data may also contain data relating to criminal convictions and offences.
4. Personal data I collect
To provide coaching to you I may collect and process personal data about you.
You may provide me with personal data when booking an introductory coaching call, when booking a coaching session, or by email or phone, or video call. You may also provide personal data during an introductory coaching session, or during a face to face or online coaching session which may be recorded by video or audio (with your consent), and/or in my session notes.
I will also collect personal data when you book an introductory coaching call or coaching session through my website using an online booking service.
If you visit my website (www.karen-wyness.com) I may collect your personal data through your unique online electronic identifier. This is commonly known as an “IP address”.
I will collect electronic personal data when you visit my website where I will place a small text file that is commonly known as a “cookie” on your computer. Cookies are used to identify visitors and to monitor visitor behaviour when viewing website content, navigating my website and when using features.
Where I collect data directly from you, I am the “Data Controller”. A “Data Controller” means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Where I use third parties to process your data, these parties are known as “processors” of your personal data. A “Data Processor” means the individual or organisation which processes personal data on behalf of the controller.
As the Data Controller I may process the following categories of data:
If you object to the collection and use of your personal data I may be unable to provide you with coaching services. If you require more information about how I collect personal data and with whom I share data please contact me by email – email@example.com
5. Why do I need your personal data?
I need your personal data to be able to offer, quote for, provide, invoice and seek feedback for coaching services. I also need your personal data to potentially provide evidence to an accreditation body (such as the International Coaching Federation) for my continuing professional development, further qualification/accreditation, and/or supervision or mentoring of my coaching by a third party.
In some cases I may use your personal information to pursue legitimate interests of my own or those of third parties, provided your interests and fundamental rights do not override those interests. The situations in which I may process your personal information are:
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information. In certain circumstances listed above, I hold your data to market other services to you, send you inspirational blogs, or send you information that I think may interest you. I have a legitimate business interest in retaining your data for this purpose, but you may ‘opt out’ of receiving these types of communication from me.
If you contact me to enquire about coaching or to discuss providing coaching to you or others, or I deliver coaching to you, I consider that I have a legitimate business interest to provide you with information about future coaching services that I may offer.
You may request to be withdrawn from any promotional or marketing emails or other contacts from me at any time by emailing firstname.lastname@example.org
6. Data Security
I have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Access to your personal data is limited to me and any third parties who have a business need to know such data.
I have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where I am legally required to do so.
7. Data Retention
I will only retain your personal information for as long as necessary to fulfil the purposes I collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, I consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which I process your personal data and whether I can achieve those purposes through other means, and the applicable legal requirements.
Sometimes I may anonymise your personal information so that it can no longer be associated with you, in which case I may use such information without further notice to you.
In respect of client data, you can expect me to hold data relating to your instructions for a period of seven years after completion of the last coaching interaction. The reason for this is that the Limitation Act 1980 typically provides that legal proceedings for breach of contract or negligence can be brought up to six years after the events. I therefore have a legitimate business interest in retaining the data should any subsequent legal proceedings ensue.
Given the nature of my services clients often return to me with repeat instructions within weeks, months or years of contacting me in the first instance. The seven-year period referred to above will start from the last contact I had with the client, third party or supplier, to ensure I am able to assist as and when I need to. Should you not contact me for seven years, I will confidentially destroy all data held for you.
Where you contact me about coaching services but I do not provide a coaching service to you I retain your personal data for a period of 18 months. I will comply with any legal requirements when retaining this data. Please contact me by email (email@example.com) if you object to the use of, or you have any questions relating to the use of, or retention, of your personal data.
8. Your rights
Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data. These rights are known as Individual Rights under the Data Protection Act 2018.
The following list details these rights:
– The right to be informed about the personal data being processed;
– The right of access to your personal data;
– The right to object to the processing of your personal data;
– The right to restrict the processing of your personal data;
– The right to rectification and/or erasure of your personal data; and
– The right to data portability (to receive an electronic copy of your personal data).
Individuals can exercise their Individual Rights at any time. As mandated by law I will not charge a fee to process these requests, however if your request is considered to be repetitive, wholly unfounded and/or excessive, I am entitled to charge a reasonable administration fee.
You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make. In addition, where these interests apply, I am required by law to grant access to this data for law enforcement, legal and/or health related matters. If you require further information on your individual rights or you wish to exercise your individual rights, please contact me (firstname.lastname@example.org).
If you are dissatisfied with any aspect of the way in which I process your personal data please contact me (email@example.com).
You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns/, by live chat or by calling their helpline on 0303 123 1113.