PRIVACY POLICY

This privacy notice tells you what to expect us to do with your personal information.

About us and how to contact us

Coaching Women to Shine is a sole trader business owned and operated by Raechel (Rae) Harper (“we”, “us”, “our”). We are the data controller, which means we are responsible for deciding how your personal information is used and for keeping it safe. We process your personal information in line with UK data protection law, namely the UK GDPR and the Data Protection Act 2018.

We are registered with the Information Commissioner’s Office (ICO). Our registration number is XXXXXXXXXX

Email: [email protected]

What information we collect, use, and why

We collect or use the following information to provide services and goods, including delivery:

     Names and contact details

     Records of meetings and decisions

     Information you choose to share in a questionnaire before coaching begins (which may include sensitive information, if you choose to provide it)

We collect or use the following information for the operation of customer accounts and guarantees:

     Names and contact details

     Purchase history

     Marketing preferences

We collect or use the following information for service updates or marketing purposes:

     Names and contact details

     Marketing preferences

     Website and app user journey information

     Records of consent, where appropriate

Sensitive (special category) information

We do not record sensitive or identifying details about what is discussed in your coaching sessions. Any notes we make are kept anonymous, so they cannot be linked back to you.

Before coaching begins, you may be asked to complete a questionnaire. It is entirely your choice what to share in it. If you choose to include sensitive information (for example about your health, wellbeing, beliefs or relationships), this is “special category data” and is given extra protection under data protection law. We rely on your explicit consent to hold and use it, we use it only to support your coaching, and we keep it confidential and never share or sell it. You can ask us to delete it, or withdraw your consent, at any time.

Lawful bases and data protection rights

TUnder UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

Your right of access. You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for.

Your right to rectification. You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.

Your right to erasure. You have the right to ask us to delete your personal information.

Your right to restriction of processing. You have the right to ask us to limit how we can use your personal information.

Your right to object to processing. You have the right to object to the processing of your personal data.

Your right to data portability. You have the right to ask that we transfer the personal information you gave us to another organisation, or to you.

Your right to withdraw consent. When we use consent as our lawful basis you have the right to withdraw your consent at any time.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide services and goods are:

  • Consent: we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

  • Contract: we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

Our lawful bases for collecting or using personal information for the operation of customer accounts and guarantees are:

  • Consent: we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

  • Contract: we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

Our lawful bases for collecting or using personal information for service updates or marketing purposes are:

  • Consent: we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

  • Contract: we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.llet List 1

Where we get personal information from

  • Directly from you

  • Aurtomatically, when you use our website (see Cookies and analytics below)

Marketing

We will only send you marketing where you have agreed to receive it, or where we are otherwise allowed to, for example where you have bought from us or asked about our services and have not opted out.

You can ask us to stop sending you marketing at any time, by emailing us or by using the unsubscribe link at the bottom of every marketing email.

If you follow or interact with us on social media, such as Instagram or Facebook, those platforms hold that information under their own privacy terms, not ours. We do not contact you directly through them.

How we keep your data safe

We have measures in place to stop your personal information being lost, misused, altered, or accessed without authorisation. We limit access to those who genuinely need it, and they must keep it confidential. If a data breach occurs, we have procedures to deal with it and will tell you and the ICO where we are legally required to.

How long we keep information

We keep personal information that identifies you (such as your email address) for as long as you are happy to hear from us. When you opt out of our marketing, by unsubscribing or asking us to stop contacting you, we remove you from our mailing list. We review our mailing list at least every 12 months, and usually more often.

Any forms you complete, such as the questionnaire before coaching, which may include sensitive information you choose to share, are stored as part of your client record for as long as you remain subscribed to us.

We keep financial records, such as invoices and records of payments, for six years, as we are required to do by tax law. We do not store your card details; these are handled securely by our payment provider, Stripe.

For more information on how long we store your personal information or the criteria we use to determine this please contact us using the details provided above.

Who we share information with

We never sell your personal information, and we never share it with other organisations for their own purposes. We only share it with the trust service providers listed below who process it on our behalf and on our instructions.

Data processors

Funnel Sketchers

This data processor does the following activities for us: CRM support, only going into the account when requested by us to do so.

Stripe

This data processor processes payments securely on our behalf. We do not store your card or financial details; Stripe handles them.

Microsoft (including Microsoft Teams)

This data processor provides cloud storage, and Microsoft Teams is used to hold coaching sessions online, for example when an outdoor session is moved online.

Sharing information outside the UK

Where necessary, we will transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place.

Organisation name: Microsoft

Category of recipient: Cloud storage and online meetings (Microsoft Teams)

Country the personal information is sent to: US

How the transfer complies with UK data protection law: The country or sector has been assessed as providing adequate protection to data subjects (also known as Adequacy Regulations or UK data bridge)

Organisation name: Stripe

Category of recipient: Payment processing

Country the personal information is sent to: US

How the transfer complies with UK data protection law: The country or sector has been assessed as providing adequate protection to data subjects (also known as Adequacy Regulations or UK data bridge)This is a Paragraph Font

How to complain

If you have any concerns about our use of your personal information, you can make a data protection complaint to us using the contact details at the top of this notice.

If you remain unhappy with how we have used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s contact details

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline number: 0303 123 1113

Website: ico.org.uk/make-a-complaint

We may update this notice from time to time. This notice was reviewed and updated June 2026.

Coaching Women to Shine 2026

Privacy Policy | Terms & Conditions