This Privacy Notice was last updated on 17th September 2018
Data makes the world go round! It’s essential in so many ways to modern businesses.
But your data is yours and it is precious.
We respect that absolutely. We collect only what we need to provide you with a service, share information with you and to help us understand our business better. It’s also why we don’t sell, rent or trade emails list with anyone for marketing purposes
We can only collect and process your data if you are over 13 years old. If you are under 13 and reading this policy, you are certainly already making quite the impression on the world but please don’t even think about giving us any details about yourself. If you do provide your data to us, then you warranty that you are over 13 years of age.
“Polly Hearsey” is the data controller and we are responsible for your personal data.
Longtown, Herefordshire HR2 0AY United Kingdom
If you are not happy with any aspect of the collection and use of your data, please contact us to help resolve the matter. If you are still not happy, you have the right to complain to the UK Information Commissioner’s Office (ICO) who can be contacted at www.ico.org.uk.
What data do we collect?
We only collect what we need to deliver the services and products you choose and to keep our business running smoothly, which may include:
• Your name
• Contact Details such as email address, billing address, telephone numbers.
• Financial information relating to transactions between us.
• Technical Data such as Internet Protocol address, browser type and version, browser extension types and version, time zone and location, operating system and device and other technology on the devices you use to access our websites.
• Information on your purchases and order details, responses to feedback, surveys or quizzes.
• Information about how you use our website, products and services.
• Marketing Information such as your preferences for receiving communications from us, details of engagement in specific events or activities, take up of specific offers and engagement in email campaigns.
We may also combine data to gain insight into performance, trends and usage that is not linked to your personal data.
In some instances, we are required to collect personal data by law or for the delivery of a contract between us. If you don’t provide the data as requested, it may mean that we are not able to deliver your service or product in line with contract requirements and we will have to cancel your service/product. We will let you know if this is the case.
We do not specifically collect any sensitive data about you eg race/ethnicity, sexual orientation, religious beliefs, health information). However, sometimes that this can be voluntarily shared – especially during group or one to one programmes. Any sensitive information will only be noted if it is relevant to the work being undertaken and you give your explicit consent to do so.
Prior to any group or one to one programme, you will be asked to provide your consent to record calls. Recording of calls is essential for the delivery of group programmes, especially where people cannot attend live. In both group and one to one calls, should you wish to share anything that you do not wish recorded, you can request that the recording is paused.
How do we collect this data?
There are a number of ways in which we currently collect your data. (Should this change, you will be notified first):
Information that you provide to us directly eg
• Completing forms, surveys or quizzes on our websites or other platforms.
• Subscribing to services, courses, publications or resources.
• Requesting information or resources that we create and supply.
• Providing feedback.
• Booking connection calls.
• Client contracts.
• Registering for online courses, products and resources.
And through your technological interactions with us, such as
• Using our website and the actions you take.
• Your IT equipment such as browser or IP address.
• Data from other websites that have our cookies installed to track traffic.
And also through Third Parties such as:
• Analytics providers based inside or outside the EU eg Google, Hotjar, Hello Bar
• Advertising platforms based either inside or outside the EU eg Facebook
• Contact, financial and transaction data from payment providers inside or outside the EU including Wave, Stripe, Square, Transferwise, Paypal, Manychat.
• Contact details via scheduling tools eg Calendly.
• Online learning platforms such as MemberVault.
Where is your data stored and how long is it kept for?
• Direct Emails – these are stored both on computer and within our US-EU Privacy Shield compliant CRM. These are password protected. Email records are retained for the duration of any contract and for 3-6 months thereafter. CRM records are retained until contacts are deleted. Contact records are reviewed annually and deleted if inactive.
• Quizzes/Surveys/Questionnaires – these are stored on third party platforms such as Google. Data is password protected. Responses are retained as needed for business purposes. Aggregate data from responses is retained permanently. Where identifiable, individual responses will be removed when the survey/quiz/questionnaire has ended.
• Course Data – if you sign up for one of our online courses (hosted on a separate platform), your data will be recorded by that provider. This may be linked to our systems such as email provider and CRM. Data is stored until such time as you delete your account or request the deletion of your data from the platform host. Data on course interaction will be retained by us as required for business management and improvement purposes.
• Contractual Information – such as your billing address and contact details. Your details may be held on email, financial accounting platforms and third party systems to deliver contracts for signing. All systems are password protected. We are required to retain our business records for a minimum of 5 years.
• One to One Mentoring Records & Notes – subject to consent, all mentoring sessions are recorded and the video/audio links are made available to you. Recordings are placed in a private channel in Slack. Information about you and your business will also be recorded in mentoring session notes.
Mentoring calls are provided to all clients to download. These are placed on a private channel in Slack. Local copies are deleted after they are transferred. Recordings on Slack are kept for up to 4 weeks after the completion of support after which they are deleted. Mentoring notes are scanned and provided to clients. Copies are retained for reference and stored in a password protected folder.
• Group Programme Calls – recording of group calls is essential for the whole group experience. Calls will be recorded and held either in a private group channel on Slack or in a private community eg Facebook. Group programme calls will be available on the platform for 4 weeks after the end of the programme after which they will be transferred to a secure area to be retained as needed for business purposes.
• Transaction Data is recorded on financial accounting platforms and via payment processors/providers. We are required to retain our business records for a minimum of 5 years.
How will your data be processed & why?
Legal Basis for Processing Your Data
1) Contract – to deliver or prepare to deliver a contract with you.
2) Legitimate Interest – to keep our business running smoothly, improve marketing activities and make business improvements.
3) Consent – where you provide your consent for your data to be used.
Each description below includes details of the basis on which we process your data.
• If you purchase a product or service, we will need to record your name, contact details and business details in order to deliver our contract with you. This may include managing payments and fees. (1)
• To keep you up to date and to invite you to participate in future developments within our business we will need to record your name and contact details (3).
• To improve our business, we may ask for feedback. (2)
• To keep you up to date and informed, we will let you know about changes to terms and conditions, privacy and other policies. (2)
• To keep the business running smoothly eg IT troubleshooting, testing, IT maintenance, support we may need to record your name, contact details and information about your technology. (2)
• To deliver relevant advertising and other content to you that helps you and helps us improve the effectiveness of advertising activities, we may need to collect your name, contact details, patterns of usage and response to marketing communications. Your data will only be processed for these purposes if you have given your consent for us to do so. (3)
• We may use tracking data/cookies to deliver relevant advertising or other content to visitors to our websites via platforms such as Facebook. In these cases we will not have access to your identity. (2)
• Data analytics allows us to see how our products and services, websites and marketing perform and also help us to improve community experiences. The information we collect relates to your usage and technical aspects of your interaction with us. (2)
• To send you relevant information, offers and content, we will need to record your name and email address. You will only receive this information if you expressly opted in to receive it (3) or are a current or former client to whom the information or offer would be highly relevant. (2)
• Your information will not be shared with any third parties for marketing purposes, only for the delivery of services and contracts as covered above. (1, 2)
• Your data may be processed by us to comply with legal requirements, for example HM Revenue & Customs, professional advisors, regulators. We require all parties to maintain the security of your data in these instances. (2)
• In some instances, your data may be transferred outside of the EU in order to provide essential services. In these cases, assurances will be sought that EU standards will be maintained or EU protocols have been adopted eg US-EU Privacy Shield. (2)
• Your data will be available only to those who need it to complete essential business tasks and anyone who has access will be bound to maintain confidentiality and security. (2)
• For group programmes, group calls are recorded to ensure that we can deliver a service to all participants. (1)
Third Party Links
Your rights to data protection are covered by UK and EU Data Protection laws. You can find out more about your rights through the Information Commissioner’s Office (ICO) in the UK. https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/