Client Privacy Policy

1. Scope and contract

This privacy policy applies if you are a client and explains how we use your personal data which we collect or obtain in the course of providing coaching (or any other) services. Where we are engaged to provide coaching to employees, “client” shall, for the purposes of this Client Privacy Policy, mean the individual employees being coached, and the on-boarding process referred to below shall include any initial communications with the employer for the purpose of setting the coaching up.

Please read this privacy policy carefully before providing us with your personal data, or using our website or our services. Please contact us at Ed@EdHeatonCoaching.com if you have any questions about our use of your personal data.

Controller of your personal data

A “controller” under data protection laws is the person that determines the purposes for which your personal data will be used and how it will be processed.

For the purposes of this privacy policy, the controller of your personal data is Ed Heaton Limited, trading as Ed Heaton Coaching (Company Number: 13817330, Registered Office Address: Heritage House, Murton Way, Osbaldwick, York, North Yorkshire, England, YO19 5UW).

2. What personal information do we collect?

Visitors to our website

During the course of on-boarding you as a client, we will require certain personal data for our records and to understand your requirements. The personal data we collect at the on-boarding stage may include the following (to the extent that you have not already provided us with this information in the course of initial communications with us):

  • your name;

  • your email address;

  • your date of birth;

  • your address/location;

  • your telephone number;

  • your responses to any initial worksheets or questionnaires which we provide to you and you choose to complete in order for us to understand your aims and requirements; and

  • any personal data which you choose to provide in your communications with us.

In the course of your coaching sessions, you (or your employer, where we are engaged by them) will provide us with personal data relating to your circumstances and the aims and outcomes of coaching and other information which you wish to share, including in response to questions and advice raised by your coach.

The precise types of personal data which will be discussed in our sessions are difficult to state, since this will depend very much on the personal circumstances of each client. However, all of this personal data will be voluntarily provided by you, rather than obtained from any third party (with the exception of any personal data provided by your employer for the purposes of engaging our coaching services, as described in the paragraph above, or unless you request us to contact a third party for this purpose, for any reason). The typical types of personal data which we would expect to receive and/or collect from/about you include certain of the following, depending on your circumstances and requirements:

  • CV / professional history / job title;

  • information relating to education and professional qualifications;

  • workplace data – including:

    • data relating directly to you (for example, salary, performance review, figures and targets)

    • data relating more generally to your employer, whether we are engaged by them or otherwise (for example, team and/or company/firm performance and targets, structure, management decisions, commercial concerns, risk).

  • personal beliefs - including, but not limited to, political and/or religious beliefs;

  • information relating to your health;

  • information relating to your racial, ethnic and/or cultural background;

  • information relating to your sexual orientation; and

  • information relating to your personal life – for example, relationships, family, interests and memberships.

During the course of your coaching sessions we may create personal data consisting of the following:

  • notes taken during a coaching session and any post-session write-ups; and

  • records and logs of coaching sessions and client details.

Special categories of personal data

Certain types of personal data called “special categories of personal data” are given additional protection under data protection laws. The following personal data constitutes “special categories of personal data”:

  • personal data revealing racial or ethnic origin;

  • personal data revealing political opinions;

  • personal data revealing religious or philosophical beliefs;

  • personal data revealing trade union membership;

  • genetic data;

  • biometric data (where used for identification purposes);

  • data concerning health;

  • data concerning a person’s sex life; and

  • data concerning a person’s sexual orientation.

As we identify in the section above, some special categories of personal data may be relevant to your coaching sessions with us. For this reason, we ask you to sign a separate consent form which allows us to record any special categories of personal data where this is necessary in connection with the services which we provide to you. We will not record any such special categories of personal data if we do not believe it is relevant to the work which we undertake with clients.

Financial Information – if you use our website to make payments for our services, we will keep a record of any financial transaction you make with us if the functionality to take payments online has been deployed on our website. To the extent that any online payments made through our websites are processed by third party payment providers, such as Stripe and Paypal, please refer to the relevant provider's privacy policy (which can be found at stripe.com/privacy in the case of Stripe and paypal.com in the case of Paypal) for details of how your payment card data is processed by them.  We do not directly collect or process your debit or credit card information, unless we specifically inform you otherwise.


3. How will your personal information be used?

In accordance with data protection legislation, we will only process your personal data where we have a lawful basis for doing so. These bases are: (i) where it is necessary for us to comply with a legal obligation that we are subject to; (ii) where it is in our (or a third party’s) legitimate interests and such interests are not overridden by your interests or fundamental rights and freedoms; or (iii) with your consent, where we request your consent).

Specifically, we’ve set out in the table below the purposes for which we process your personal data and the lawful basis on which we carry out such processing.

Types of personal data

Purposes for processing

Legal basis for processing

Personal data provided to us, as described in section 2 above, including any special categories of personal data

To administrate our business and services, including customer service provision and communications with our clients

Legitimate interests – being the provision of coaching services, for client relationship management and the maintenance of client and business records

Personal data provided to us, as described in section 2 above, including any special categories of personal data

To provide coaching services to clients

Legitimate interests in respect of personal data which is not special categories of personal data – the legitimate interest being the provision of coaching services

Consent in respect of special categories of personal data

Personal data provided to us, as described in section 2 above

To market products and services which we believe may be of interest or benefit to you

Legitimate interests – being the promotion of our products and services

Personal data provided to us, as described in section 2 above

For legal or regulatory purposes

Compliance with a legal obligations to which we are subject

4. How will your personal data be shared?

Your personal data may be shared with:

  • your employer by way of feedback on coaching sessions, where your employer engages our coaching services for the benefit of employees – however, we will not provide personal data which is clearly not appropriate to be shared outside of our coaching sessions without your prior approval;

  • the individual coach that undertakes your coaching sessions – such persons may be our employees or alternatively consultants that we have engaged;

  • our service providers to the extent necessary to enable such parties to perform functions on our behalf and under our instructions in order to carry out the purposes identified in section 3 above.  These include: infrastructure and IT services providers, for example, the providers of our emails system, client intake system, our finance systems and our customer relationship management databases; third party consultants who provide us with support in respect of business analytics and marketing campaigns. We require such parties by contract to provide reasonable security for personal data and to use and process such personal data on our behalf only;

  • any service providers that will provide services to you or for your benefit, such as third party providers of psychometric profiling, to be used in connection with our coaching services;

  • professional services providers, such as our lawyers or accountants, in order for such persons to advise us on legal, accounting and financial matters;

  • a medical, emergency or other appropriate professional or service in the event of an emergency, such as in circumstances where there may be a risk of harm, either to you or to any other party;

  • professional bodies for the purposes of upgrading and/or securing additional coaching qualifications and/or accreditations; and

  • any other legal entities which are, from time to time, part of the same corporate group as us.

5. Transfer of your personal information outside the UK

We, and service providers processing personal data on our behalf, may transfer or store data, including personal data, to or on servers outside the UK including in the United States of America for storage purposes. However, this will not allow routine access to any personal data. These countries may not have equivalent data protection legislation to the UK. However, when we transfer your personal data in this way we will do so in compliance with applicable laws, including the UK GDPR, and endeavour to ensure that adequate safeguards are in place so that your personal data is treated in a way that is consistent with and which respects the UK laws on data protection, including via standard contractual clauses. If you require further information about our safeguard measures in place you can request it from Ed@EdHeatonCoaching.com

6. Links

From time to time, our site may contain links to other websites over which we have no control. We are not responsible for privacy policies or practices of other websites to which we link from this site. We encourage you to review the privacy policies of those other websites so you can understand how they collect, use and share your personal data.

7. Security

We have implemented reasonable technical and organisational measures designed to secure your personal information from accidental loss and from unauthorised access, use, alteration or disclosure. However, the Internet is an open system and we cannot guarantee that unauthorised third parties will never be able to defeat those measures or use your personal data for improper purposes.

8. Your rights

You have certain rights in respect of your personal data under applicable data protection laws, as summarised below:

  • right to be informed about how personal information is used – you have a right to be informed about how we will use and share your personal information. This explanation will be provided to you in a concise, transparent, intelligible and easily accessible format and will be written in clear and plain language;

  • right to access personal information – you have a right to obtain confirmation of whether we are processing your personal information, access to your personal information and information regarding how your personal information is being used by us;

  • right to have inaccurate personal information rectified – you have a right to have any inaccurate or incomplete personal information rectified. If we have disclosed the relevant personal information to any third parties, we will take reasonable steps to inform those third parties of the rectification where possible;

  • right to have personal information erased in certain circumstances – you have a right to request that certain personal information held by us is erased. This is also known as the right to be forgotten. This is not a blanket right to require all personal information to be deleted. We will consider each request carefully in accordance with the requirements of any laws relating to the processing of your personal information;

  • right to restrict processing of personal information in certain circumstances – you have a right to block the processing of your personal information in certain circumstances. This right arises if you are disputing the accuracy of personal information, if you have raised an objection to processing, if processing of personal information is unlawful and you oppose erasure and request restriction instead or if the personal information is no longer required by us but you require the personal information to be retained to establish, exercise or defend a legal claim;

  • right to data portability – in certain circumstances you can request to receive a copy of your personal information in a commonly used electronic format. This right only applies to personal information that you have provided to us (for example by completing a form or providing information through a website). Information about you which has been gathered by monitoring your behaviour will also be subject to the right to data portability. The right to data portability only applies if the processing is based on your consent or if the personal information must be processed for the performance of a contract and the processing is carried out by automated means (i.e. electronically);

  • right to object to processing of personal information in certain circumstances, including where personal information is used for marketing purposes – you have a right to object to processing being carried out by us if (a) we are processing personal information based on legitimate interests or for the performance of a task in the public interest (including profiling), (b) if we are using personal information for direct marketing purposes, or (c) if information is being processed for scientific or historical research or statistical purposes. You will be informed that you have a right to object at the point of data collection and the right to object will be explicitly brought to your attention and be presented clearly and separately from any other information; and

  • right not to be subject to automated decisions where the decision produces a legal effect or a similarly significant effect – you have a right not to be subject to a decision which is based on automated processing where the decision will produce a legal effect or a similarly significant effect on you.

You may exercise any of your rights at any using the contact details set out in Section 9 below.  You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

 Where we rely on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent. If you do choose to withdraw your consent, we may have to cease providing services to you which require the processing of personal data for which we require your consent.

 If you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority.

 If you are resident in the UK, you can find the contact details for the UK data protection regulator here: ico.org.uk

9. Contacting us

Please contact us in the first instance if you have any questions or complaints about our use of your personal data. We take your privacy very seriously and will do everything we can to address your questions and concerns.

You can contact us at: Ed@EdHeatonCoaching.com

10. Retention

We will only retain your personal data for as long as necessary for the purposes set out in this Privacy Policy, including for the purposes of satisfying any legal, accounting, or reporting requirements. Accordingly, we use the following criteria to determine the period for which we retain your personal data:

  • the period for which the personal data is required for the applicable purposes set out in this Privacy Policy; or

  • any statutory limitation period relevant to a claim for which the personal data; or

  • any statutory or regulatory retention period applicable to the personal data.

11. Changes to our privacy policy

If our Privacy Policy changes in any way, we will place an updated version on this page. Regularly reviewing this page ensures that you are always aware of what personal information we collect, how we use it and under what circumstances, if any, we will share it with other parties.

Get in touch.

 

For further information about any of the above or to see if I'm the right coach for you or your organisation, do please get in touch.