Privacy Policy

Katie Wilson Coaching - Customer Privacy Notice

This privacy notice tells you what to expect us to do with your personal information.

Contact details

What information we collect, use, and why

We collect or use the following information to provide coaching, wellbeing services, and related products and goods to our clients:

Name, address and contact details
Pronoun preferences
Date of birth
Next of Kin details including any support networks
Photographs
Health information (including medical conditions, allergies, medical requirements and medical history)
Payment details (including card or bank information for transfers and direct debits)
Records of meetings and decisions
Call recordings and asynchronous text/video/voice messages (e.g. via Clarityflow)

We also collect the following special category information to provide personalised coaching and wellbeing services. This information is subject to additional protection due to its sensitive nature:

Health information - This includes information you voluntarily share, such as sleep quality, mood, energy levels, existing diagnosed medical conditions (e.g., postnatal depression, anxiety), and wellness goals. We use this strictly to tailor your coaching plan and ensure our recommendations are safe and appropriate for your current wellbeing status. We do not provide medical diagnosis or treatment.

We collect or use the following information for safeguarding or public protection reasons:

Name, address and contact details
Health information (including medical conditions, allergies, medical requirements and medical history)
Records of meetings and decisions

We collect or use the following personal information for information updates, marketing or market research purposes:

Names and contact details
Addresses
Marketing preferences
Website and app user journey information
IP addresses
Records of consent, where appropriate

We collect or use the following personal information for dealing with queries, complaints or claims:

Names and contact details
Addresses
Payment details
Account information
Purchase or service history
Call recordings
Relevant information from previous investigations
Customer or client accounts and records
Financial transaction information
Information relating to health and safety (including incident investigation details and reports and accident book records)
Correspondence

We also collect the following special category information for dealing with queries, complaints or claims. This information is subject to additional protection due to its sensitive nature:

Racial or ethnic origin
Political opinions
Religious or philosophical beliefs
Health information
Sex life information
Sexual orientation information

Information Shared Within Community Elements

If you participate in any community, group, or forum elements of our coaching program (e.g., private social media groups, group video calls, message boards), any personal data you voluntarily share in these spaces is shared directly with other members of that community, not just with us. We do not control or take responsibility for how other members of the community may use, process, or retain the personal data you choose to share publicly within that group. We strongly advise that you consider the nature of the information, including any sensitive or special category data, before sharing it with the wider community.

Marketing and Testimonial Content

As detailed in the Service Agreement, Coaching Contract, or Terms of Business, we collect and process the following data specifically for marketing, promotional, and service validation purposes.

This includes:

Testimonial Content: Written feedback, audio recordings, raw video footage of interviews, and final edited video clips.
Attribution Data: Your name, image, or a chosen pseudonym used to attribute the testimonial.
Consent Records: Records of your explicit written or recorded consent (including approval emails) for the specific use of the testimonial material.

Lawful Basis & Purpose: We process this data based on Consent (specifically, Explicit Consent, as this content may touch on your health or personal experiences). The purpose is to market and validate the effectiveness of our motherhood wellbeing services to prospective clients.

Retention of Testimonial Data:

Approved Content: If you approve a testimonial for publication, we retain the final content and the associated consent record until you exercise your right to withdraw consent (request removal), or until we decide the content is no longer relevant to our business.

Work in Progress (Edits): If you request edits or changes to a draft, we will retain the raw files and drafts for as long as is necessary to complete the editing process and secure your final approval.

Explicit Rejection: If you review a draft and explicitly state that you do not want it published and do not want to proceed with edits, we will securely delete the raw footage and drafts within 30 days of your rejection.

Non-Response: If you do not respond to our approval requests within the timeframes set out in your Agreement, we will securely delete the raw video footage, audio files, and drafts within 3 months of the final deadline passing.

Information Relating to Children

Our coaching services are directed solely at adults (the parents/carers). We do not market to or knowingly collect personal data directly from children.

The only information we process about children (under 18) is that which is provided to us by the parent or carer (our client) as part of the coaching relationship. This information may include the child’s name, date of birth, and any relevant health or wellbeing details (e.g., sleep patterns, feeding routines, developmental stage) that are directly relevant to your own motherhood wellbeing coaching goals.

We use this information only to contextualise and deliver your coaching plan. It is treated with the same high level of confidentiality and security as all other special category data we process.

We rely on the parent/carer (our client) to provide this information with the necessary authority. For any request to exercise data protection rights related to the child’s information, we will only respond to the parent/carer who is the client, provided we are satisfied they hold parental responsibility.

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. Read more about the right of access.
Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Read more about the right to rectification.
Your right to erasure - You have the right to ask us to delete your personal information. Read more about the right to erasure.
Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. Read more about the right to restriction of processing.
Your right to object to processing - You have the right to object to the processing of your personal data. Read more about the right to object to processing.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. Read more about the right to data portability.
Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. Read more about the right to withdraw consent.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide coaching, wellbeing services, and related products and goods to our clients are:

Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

Our lawful bases for collecting or using personal information for safeguarding or public protection reasons are:

Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
Vital interests – collecting or using the information is needed when someone’s physical or mental health or wellbeing is at urgent or serious risk. This includes an urgent need for life sustaining food, water, clothing or shelter. All of your data protection rights may apply, except the right to object and the right to portability.

Our Conditions for Collecting and Using Special Category Data

Because we process sensitive information (Special Category Data) such as Health information and potentially Racial or ethnic origin (if volunteered for complaints/claims), we must meet a separate condition under UK GDPR Article 9.

For all Special Category Data related to the provision of coaching services, we rely on:

Explicit Consent: We obtain your explicit consent to process your Special Category Data (including health information and any related child's data) to provide your personalised coaching service. You may withdraw this consent at any time, but doing so may prevent us from safely and effectively providing the full service to you.

For Special Category Data processed for legal defence or complaints, we rely on:

Necessary for Legal Claims: Processing is necessary for the establishment, exercise or defence of legal claims. (This covers the use of sensitive data for the 'dealing with queries, complaints or claims' purpose).

Our lawful bases for collecting or using personal information for information updates, marketing or market research purposes are:

Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. We have determined that our interest in carrying out these activities (e.g., marketing, service updates) does not override your fundamental rights and freedoms, as the data used is non-intrusive and you always retain the right to object. Our legitimate interests are:
- Sending Marketing Emails: We rely on our legitimate interest to market our similar products and services to you, as your contact details were obtained during a previous sale or service negotiation. You are given a clear opportunity to opt-out when we first collect your details and in every communication we send.
- Sending essential service updates, changes to terms, or security alerts: We rely on our legitimate interest to ensure you are properly informed about the services you have paid for (e.g., changes to our scheduling platform or security alerts). This is separate from marketing and is necessary for the proper administration of our coaching relationship.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
- Responding to general queries (pre-sale or non-contractual): We rely on our legitimate interest to efficiently manage and respond to non-contractual enquiries (e.g., website contact form submissions) to provide information about our services and develop our business.
- Handling internal complaints: We rely on our legitimate interest to internally investigate, address, and resolve any complaints or disputes efficiently to maintain high service standards and protect our business from potential liability.
- Setting up and administering customer accounts: We rely on our legitimate interest to create and maintain accounts on our platforms (Wix, Clarityflow, etc.) to ensure you can access the services you have paid for. This includes essential operational tasks like setting login credentials.
- Business operations and continuity: We rely on our legitimate interest to back up our data, perform necessary system maintenance, and utilise professional advisors (like your accountant or business consultant) to ensure the continuity and security of our business, which is necessary to deliver your coaching service.
- System and Data Security: We rely on our legitimate interest to monitor the activity on our website and platforms, detect and prevent fraudulent activity, and ensure the overall security and stability of our data processing systems.
- Financial Administration: We rely on our legitimate interest to conduct internal financial audits, process payments, and, where necessary and appropriate, pursue the recovery of unpaid debts.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Where we get personal information from

Directly from you
Family members or carers
Other health and care providers
Publicly available sources
Suppliers and service providers
Data generated by system usage and internal processing, including: website analytics, technical data (IP addresses, device type) and information captured via cookies; and internal coaching records/notes created by us during the provision of our services.

How long we keep information

We keep personal information for no longer than is necessary for the purposes for which it was collected, or as required by law. Our specific retention periods are guided by statutory limitation periods (which allow a period of 6 years for legal claims to be made) and professional body recommendations.

Our key retention periods are:

Client Coaching Records (including session notes, health/sensitive data):We retain these records for 7 years from the date the coaching contract ends or the last service was provided. This period is required to protect our legal position and meet the requirements of our professional indemnity insurance.
Financial and Contractual Records (Invoices, Payment History, Signed Contracts): We retain these records for a minimum of 6 years after the end of the financial year to which they relate, to comply with UK tax and accounting legislation.
Marketing Data (Email lists, consent records): We retain this data until you withdraw your consent (unsubscribe) or after 3 years of no engagement, whichever is sooner.
Testimonials and Promotional Content: Approved content is retained until consent is withdrawn. Unapproved drafts or rejected content are deleted within 30 days to 3 months as detailed in the 'Marketing and Testimonial Content' section.
Enquiry Data (Contact forms not leading to a sale): We retain this for 1 year to follow up on the enquiry, after which it is deleted. At the end of the applicable retention period, the personal data is securely deleted or anonymised, meaning it can no longer be linked back to you.

For more information on how long we store your personal information or the criteria we use to determine this please contact us using the details provided above.

Who we share information with

Data processors

Wix

This data processor does the following activities for us: Hosting my website, collecting contact form data, analytics.

Microsoft (Outlook/Office 365)

This data processor does the following activities for us: Storing and transmitting client emails and general correspondence.

Stripe

This data processor does the following activities for us: Processing customer payments, invoicing, and managing subscription billing.

Google

This data processor does the following activities for us: Storing client data and records, conducting client intake surveys, and general cloud file storage.

Clarityflow

This data processor does the following activities for us: Providing the asynchronous text/video/voice messaging and coaching platform for client sessions and communication.

FreeAgent

This data processor does the following activities for us: Accounting, expense tracking, and financial record keeping.

Executive Technologies Ltd

This data processor does the following activities for us: Business administration and IT support services related to the coaching business.

Others we share personal information with

Organisations we need to share information with for safeguarding reasons
Professional advisors
Organisations we’re legally obliged to share personal information with
Other relevant third parties. This category covers external parties we must engage with to protect our business or comply with our professional duties.:
- Simply Business (our professional indemnity/public liability insurance broker)
- Debt collection agencies
- External auditors or compliance consultants

Duty of confidentiality

We take your privacy seriously and operate under a professional duty of confidentiality regarding all information you share during your coaching relationship. However, this duty is not absolute, and there are specific, limited circumstances where we are legally or ethically required to share information:

Consent: Where you have explicitly provided us with your written consent to share specific information with a named third party (e.g., another health professional you nominate).
Legal Requirement: Where we have a compulsory legal requirement (such as a court order, warrant, or request from a regulatory body like the ICO) to disclose or use the data.
Safeguarding and Public Interest: Where, on a case-by-case basis, we believe there is an immediate and serious risk of harm to yourself, your child, or another third party. In such instances (for example, if a serious crime is disclosed or there is a need for immediate intervention from emergency services), the public interest in preventing harm overrides the duty of confidentiality, and we will share only the necessary information with relevant authorities.

Sharing information outside the UK

Where necessary, our data processors may share personal information outside of the UK. When doing so, they comply with the UK GDPR, making sure appropriate safeguards are in place.

To provide these safeguards, we primarily rely on the UK Addendum to the EU Standard Contractual Clauses (SCCs) for transfers to the USA, which are legal contracts guaranteeing your personal data is protected to UK standards.

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

Organisation name: Wix

Category of recipient: Website Hosting/E-Commerce

Country the personal information is sent to: United States of America (US) / Global