As a professional Coach our client and coaching relationship will always be built on transparency, trust and confidence in each other. Confidentiality will always be paramount. I am detailing below my privacy statement that provides you with the further confidence that I am following personal data protection laws.
I have written this statement to inform you that I am committed to protecting the privacy and security of your personal information whilst using this site and any site listed below, and through our coaching work.
This privacy notice describes how I collect and use personal information about you during and after your relationship with me, in accordance with the General Data Protection Regulation (GDPR).
It is important that you read this notice, together with any other privacy notice I may provide on specific occasions when I am collecting or processing personal information about you, so that you are aware of how and why I am using such information.
This privacy notice provides you with details of how we collect and process your personal data through your use of the following sites:
By providing us with your data, you warrant to us that you are over 13 years of age.
Root For Your Health / RFYH LTD is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
Our full details are:
Full name of legal entity: RFYH LTD
Email address: email@example.com
Postal address: 5 Toronto Terrace, Brighton BN2 9UW
Your duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by emailing us at firstname.lastname@example.org.
Data Protection Principles
I will comply with data protection laws including GDPR. This says that the personal information we hold about you must be:
2. What data we collect about you, for what purpose and on what ground we process it
Personal data means any information capable of identifying an individual. It does not include anonymised data.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any sensitive data via our sites. The only time we will collect sensitive data is for 'Coaching Interventions' and with your consent.
Due to the nature of our work we may retain personal data, including sensitive data, during ‘Coaching Interventions’.
This may include information collected via email or forms prior to a ‘Discovery Call’, during a ‘Discovery Call’, during 1:1 sessions, and through further correspondence when supporting you as a Coach.
Personal data may include:
We may also collect, store and use the following ’Sensitive Data’ of more sensitive personal information in respect of client information arising from some Coaching Interventions, which will be limited to:
Business Contact Data:
I will collect, store, and use the following categories of personal information about business clients.This may include:
If you choose to correspond with us through email, we may retain the content of your email messages together with your email address and our responses. We provide the same protections for these electronic communications that we employ in the maintenance of information received online, mail, and telephone. This also applies when you register for our website, sign up through any of our forms using your email address or make a purchase on this site. For further information see the email policies below.
We are committed to keeping your e-mail address confidential. We do not sell, rent, or lease our subscription lists to third parties, and will not disclose your email address to any third parties except as allowed in the section titled Disclosure of Your Information.
3. How and why we collect your personal data
We may receive data from third parties such as analytics providers such as Google based outside the EU, advertising networks such as Facebook based outside the EU, such as search information providers such as Google based outside the EU, providers of technical, payment and delivery services, such as data brokers or aggregators.
We may also receive data from publicly availably sources such as Companies House and the Electoral Register based inside the EU.
Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
When you make an enquiry
The name and contact details you give and the content of your message(s) are retained for three reasons:
When you make an online purchase as a single purchase, a membership or subscription
This is a contract for services. Your contact details are dealt with as above (consent, contract, legitimate reasons) – also these, your purchase history and the payment details (sent to me from Paypal or Stripe) are retained for six years beyond the end of the contract for legal reasons – accounting law.
When you attend a workshop or training
All of the above applies. I also keep record of your attendance, your certificates earned etc on the legal bases of both contract and legitimate interest – so that I can confirm your certificate status / reissue certification if required, also so that I can send you updates or offers which may be of specific interest to you as an attendee/graduate.
When you work with me on a 1:1 basis, including initial ‘Discovery Call’
Client work is different. Dependent on the work, you may wish (or need) to provide personal details of a sensitive nature.
As an intake form these are retained in printed or handwritten format and include your contact details and where appropriate, signature. The sensitive nature of such documents will generally be in relation to health or medical history.
Session notes will be taken during 1:1 sessions. These are either memos handwritten by me for the purpose of fulfilling our contract and keeping tabs on the work during the session and from one week to the next, filed separately with only initials and date as identifiers so that no other person may connect these details alone to your personal identity.
Sessions notes and summaries may be typed and will be stored on an encrypted online server, such as iCloud, and password protected.
Other data sources:
Incoming data is also received from my website host WordPress, Paypal, Stripe, Acuity Scheduling and Zoom.
I may receive information from another practitioner or therapist as part of a referral. In such a case you may be unaware that the consented data transfer has taken place, I will therefore inform you of receipt within 28 days.
4. Marketing Communications
Our lawful ground of processing your personal data to send you marketing communications is either your consent or our legitimate interests (namely to grow our business).
Under the Privacy and Electronic Communications Regulations, we may send you marketing communications from us if (i) you agreed to receive marketing communications and in each case you have not opted out of receiving such communications since. Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However you can still opt out of receiving marketing emails from us at any time.
Before we share your personal data with any third party for their own marketing purposes we will get your express consent.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by emailing us at email@example.com at any time.
5. Disclosures of your personal data
Your privacy is important and I do not sell your data nor share it except by your consent or under the law.
We may have to share your personal data with the parties set out below:
When working together, I may give out elements of your personal information to another practitioner or therapist as part of a referral. This will always only be with your personal consent.
In continuation of current UK law on confidentiality I also retain the right and in some cases the legal requirement to breach confidentiality to inform an authority such as the police or your GP of impending harm or illegality.
We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary. For more information on this please email us at firstname.lastname@example.org. In case we need to use your details for an unrelated new purpose we will let you know and explain the legal grounds for processing.
We do not carry out automated decision making or any type of automated profiling.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
6. International Transfers
We are subject to the provisions of the General Data Protection Regulations that protect your personal data. Where we transfer your data to third parties outside of the EEA, we will ensure that certain safeguards are in place to ensure a similar degree of security for your personal data. As such:
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
7. Data Security
We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential.
8. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
For both Intake Forms and 1:1 Session Notes, I am required by law to retain these records for six years after the completion of our contract – or in the case of a minor, from six years beyond the date of their eighteenth birthday.
In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
9. Your Legal Rights
Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.
You can see more about these rights at:
If you wish to exercise any of the rights set out above, please email us at email@example.com.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
10. Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
12.Changes to this policy