Section · 01
Introduction & Purpose
This Privacy Policy sets out the basis upon which Driven Clarity Coaching ("the Practice", "we", "us", "our") collects, uses, stores, and protects personal data in connection with the delivery of professional life coaching services. It is published in fulfilment of our transparency obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
As a life coaching practice, we are entrusted with sensitive information about our clients' personal goals, wellbeing, and life circumstances. We take this responsibility with the utmost seriousness. Our approach to data stewardship is grounded in the same values that guide our coaching philosophy: integrity, confidentiality, and respect for the individual.
This Policy applies to:
- All current, prospective, and former coaching clients
- Individuals who enquire about or subscribe to our services
- Visitors to our website and digital platforms
- Contacts arising from professional or corporate coaching engagements
Section · 02
Identity of the Data Controller
For the purposes of UK GDPR, the Data Controller responsible for your personal data is:
As Data Controller, we determine the purposes and means of processing your personal data and are accountable for compliance with applicable data protection legislation. We are registered with the Information Commissioner's Office (ICO), the UK's independent supervisory authority for data protection.
Section · 03
Data Protection Principles
This Practice is committed to processing personal data in accordance with all seven principles set out in Article 5 of the UK GDPR. The table below illustrates how each principle is applied across our coaching operations.
| UK GDPR Principle | How This Practice Applies It | Legal Reference |
|---|---|---|
| Lawfulness, Fairness & Transparency | All data processing is disclosed in this Policy and underpinned by a lawful basis. | Art. 5(1)(a) |
| Purpose Limitation | Data is collected for specified, explicit purposes only and not further processed incompatibly. | Art. 5(1)(b) |
| Data Minimisation | Only data that is adequate, relevant, and necessary is collected. | Art. 5(1)(c) |
| Accuracy | Data is kept accurate; clients may request corrections at any time. | Art. 5(1)(d) |
| Storage Limitation | Data is held no longer than required (see Retention Schedule). | Art. 5(1)(e) |
| Integrity & Confidentiality | Appropriate technical and organisational security measures are applied. | Art. 5(1)(f) |
| Accountability | The Data Controller maintains records and can demonstrate compliance. | Art. 5(2) |
Section · 04
Personal Data We Collect and Process
The table below provides a comprehensive overview of the categories of personal data we collect, the purposes and lawful bases for processing, and the applicable retention periods.
| Data Category | Examples | Lawful Basis | Retention Period |
|---|---|---|---|
| Identity & Contact Data | Full name, email address, telephone number, postal address | Contract / Legitimate Interest | 2 years post-engagement |
| Health & Wellbeing Data * | Mental health history, medical conditions, crisis disclosures | Explicit Consent / Vital Interests | 2 years post-engagement |
| Session Notes & Records | Coaching notes, action plans, progress records, session recordings | Contract / Consent | 2 years post-engagement |
| Payment & Financial Data | Invoice details, bank/card information (processed by Stripe/PayPal) | Contract / Legal Obligation | 7 years (HMRC compliance) |
| Marketing Preferences | Email opt-in/out status, communication channel preferences | Consent | Until consent withdrawn |
| Technical & Usage Data | IP address, browser type, website analytics (Zoom, booking tools) | Legitimate Interest | 12 months |
4.1 How We Collect Your Data
- Directly from you during onboarding, intake forms, or consultations
- Via written, audio, or video communication (email, Zoom, phone)
- Through our online booking and scheduling system
- Via our website (enquiry forms, newsletter sign-up, cookie-based analytics)
- From payment processing platforms at the point of purchase
- Through referrals from third parties, with your prior knowledge
Section · 05
Lawful Basis for Processing
We rely on one or more of the following lawful bases under Article 6 of the UK GDPR when processing your personal data:
- Contract (Art. 6(1)(b)): Processing necessary to deliver the coaching services you have engaged us for, including scheduling, communication, and record-keeping.
- Consent (Art. 6(1)(a)): Where you have provided freely given, specific, informed, and unambiguous consent — particularly for marketing communications and the processing of special category data.
- Legal Obligation (Art. 6(1)(c)): Processing required to comply with our legal obligations, including HMRC financial record-keeping requirements.
- Legitimate Interests (Art. 6(1)(f)): Where processing is necessary for our legitimate business interests (e.g., improving our services, maintaining security), provided these are not overridden by your rights and freedoms. A Legitimate Interests Assessment (LIA) is conducted and documented for each such purpose.
- Vital Interests (Art. 6(1)(d)): In exceptional circumstances where processing is necessary to protect your life or the life of another person — for example, in a safeguarding emergency.
Section · 06
Special Category Data & Sensitive Information
Life coaching engagements may naturally involve the disclosure of information relating to your mental health, emotional wellbeing, family circumstances, or personal history. Under UK GDPR, data revealing health conditions or mental wellbeing is classified as special category data and attracts a higher standard of protection.
We process special category data only:
- With your explicit written consent obtained through our Coaching Agreement or a standalone Data Processing Consent Form
- To the minimum extent necessary to deliver effective coaching support
- Within a framework of strict confidentiality aligned with professional coaching ethics
- In an emergency, where processing is necessary to protect your vital interests or those of another person
Section · 07
Third-Party Processors & Data Sharing
We engage selected third-party service providers (data processors) to support the delivery of our coaching services. All such providers are required to maintain appropriate data protection standards and are bound by data processing agreements (DPAs) where applicable.
| Platform / Provider | Purpose | Data Shared | Safeguard |
|---|---|---|---|
| Zoom | Video coaching sessions | Name, email, session metadata | Standard Contractual Clauses (SCCs) |
| Online Booking Tool (e.g. Calendly, Acuity) | Session scheduling & reminders | Name, email, availability | GDPR-compliant DPA in place |
| Email Marketing Platform (e.g. Mailchimp, ConvertKit) | Newsletters & programme updates | Name, email address | GDPR-compliant DPA in place |
| Stripe / PayPal | Payment processing | Billing name, card/bank data | PCI-DSS compliant; own Privacy Policy applies |
| ICO (if required) | Regulatory obligation / complaint handling | Relevant data only | Statutory regulatory body |
Section · 08
International Data Transfers
Some of our third-party processors (including Zoom and certain email marketing platforms) may process data outside the United Kingdom or the European Economic Area (EEA). Where this occurs, we ensure that appropriate safeguards are in place in compliance with Chapter V of the UK GDPR, including:
- Standard Contractual Clauses (SCCs) approved by the ICO
- Adequacy regulations recognised by the UK Secretary of State
- UK International Data Transfer Agreements (IDTAs) where applicable
Upon request, we can provide further information regarding the specific safeguards in place for any international data transfers relevant to your data.
Section · 09
Your Rights as a Data Subject
Under the UK GDPR, you have a comprehensive set of rights in relation to your personal data. We are committed to facilitating the exercise of these rights promptly and without charge.
| Your Right | What This Means for You | Timeframe |
|---|---|---|
| Right to be Informed | You have the right to know how and why your data is processed — this Policy fulfils that obligation. | At point of collection |
| Right of Access (SAR) | You may request a copy of all personal data held about you, free of charge. | Within 1 calendar month |
| Right to Rectification | You may request correction of inaccurate or incomplete data. | Within 1 calendar month |
| Right to Erasure | You may request deletion of your data where no overriding legal basis exists. | Within 1 calendar month |
| Right to Restrict Processing | You may request that we pause processing your data in certain circumstances. | Without undue delay |
| Right to Data Portability | You may receive your data in a structured, machine-readable format. | Within 1 calendar month |
| Right to Object | You may object to processing based on legitimate interests or direct marketing. | Immediately (marketing) |
| Rights re: Automated Decisions | You have the right not to be subject to solely automated decisions with significant effect. | Upon request |
To exercise any of the above rights, please submit a written request to: selton@drivenclaritycoaching.co.uk. We may request verification of your identity before processing any request. Where a request is complex or numerous, we may extend our response time by up to two additional months, in which case we will notify you accordingly.
If you believe your rights have been infringed or your data has been mishandled, you have the right to lodge a complaint with the ICO. Post: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
www.ico.org.uk · 0303 123 1113Section · 10
Data Security & Technical Safeguards
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure.
10.1 Technical Measures
- End-to-end encryption for communications and file transfers where available
- Password-protected devices and accounts with multi-factor authentication (MFA)
- Secure, encrypted cloud storage for coaching records
- Regular software updates and security patch management
- Secure, GDPR-compliant platforms for all client-facing tools (Zoom, booking systems, payment processors)
10.2 Organisational Measures
- A documented Privacy Policy and internal data handling procedures
- Strict confidentiality obligations consistent with the ICF Code of Ethics and professional coaching standards
- Regular review of data protection practices (minimum annually)
- Prompt notification to affected individuals and the ICO in the event of a reportable data breach (within 72 hours per Art. 33 UK GDPR)
- A Record of Processing Activities (ROPA) maintained in compliance with Art. 30 UK GDPR
Section · 11
Data Retention Policy
We retain personal data only for as long as is necessary to fulfil the purpose for which it was collected, or to comply with legal, regulatory, or professional obligations. The following schedule outlines our standard retention periods:
- Coaching session notes, records & correspondence: 6 years from the conclusion of the coaching engagement (aligned with the Limitation Act 1980)
- Financial and payment records: 7 years from the date of the transaction (HMRC statutory obligation)
- Marketing data and consent records: Until consent is withdrawn or 2 years of inactivity, whichever is sooner
- Website technical and analytics data: 12 months from collection
- Enquiry data where no engagement proceeds: 12 months from date of enquiry
Upon expiry of the applicable retention period, data is securely and irreversibly deleted or anonymised. Anonymised data (from which you can no longer be identified) may be retained for statistical or research purposes without restriction.
Section · 12
Website Cookies & PECR Compliance
If you visit our website, we may use cookies and similar tracking technologies in accordance with the Privacy and Electronic Communications Regulations (PECR) 2003. Cookies are small text files placed on your device that help us understand how the site is used and improve your experience.
12.1 Categories of Cookies We Use
- Essential: Strictly necessary for the website to function. No consent is required.
- Analytics: Used to understand how visitors interact with our website (e.g., Google Analytics). Set only with your explicit consent.
- Functional: Remember your preferences (e.g., language settings). Set only with your consent.
You may manage through your browser settings. Withdrawing consent does not affect the lawfulness of any prior processing.
Section · 13
Direct Marketing & Communications
We may from time to time send you information about our services, resources, events, and professional insights. We will only do so where:
- You have explicitly opted in to receive marketing communications; or
- You are an existing client and the communication relates to similar services (soft opt-in under PECR), and you have been given a clear opportunity to opt out
You may opt out of marketing communications at any time by:
- Clicking the 'unsubscribe' link in any email communication
- Contacting us directly at selton@drivenclaritycoaching.co.uk
Section · 14
Children's Data
Our coaching services are intended solely for individuals aged 18 years and over. We do not knowingly collect or process personal data relating to individuals under the age of 18. If you believe we have inadvertently collected data relating to a child, please notify us immediately at selton@drivenclaritycoaching.co.uk and we will take prompt steps to delete such data.
Where coaching services are provided to individuals aged 16–17 under a bespoke arrangement, explicit parental or guardian consent will be obtained prior to commencement, and enhanced data protection safeguards will be applied.
Section · 15
Policy Updates & Version Control
This Privacy Policy is reviewed at least annually and updated whenever there is a material change in our data processing activities, applicable legislation, or guidance from the ICO. The 'Effective Date' at the top of this document denotes the version currently in force.
In the event of a material change that affects how we process your data, we will notify you by email or by a prominent notice on our website prior to the change taking effect. We encourage you to review this Policy periodically to stay informed of how we protect your information.
All previous versions of this Policy are archived and available upon request.
Section · 16
Contact Us & Complaints Procedure
We are committed to resolving any privacy concerns swiftly and transparently. If you have questions about this Policy or wish to exercise your data subject rights, please contact us:
If you remain dissatisfied following our response, you have the right to escalate your complaint to the ICO. Making a complaint to the ICO does not affect your right to seek a judicial remedy.
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
www.ico.org.uk · 0303 123 1113LEGAL DISCLAIMER: This Privacy Policy has been drafted in good faith to reflect current UK data protection requirements. It does not constitute legal advice. You are encouraged to seek independent legal counsel to verify compliance specific to your circumstances. This Practice shall not be liable for any loss arising from reliance on this document without professional legal verification.
© 2026 Driven Clarity Coaching. All rights reserved. This document is the intellectual property of the Practice and may not be reproduced without express written permission.