Privacy Policy
**Last Updated: November 19, 2025**
1. Introduction
Kintsugi Healthcare and Leadership Consulting Trading as Kintsugi Coaching ("we," "us," "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with:
- The UK General Data Protection Regulation (UK GDPR)
- The Data Protection Act 2018
- The Data (Use and Access) Act 2025
- The Privacy and Electronic Communications Regulations (PECR) 2003
This Privacy Policy applies to personal data collected through:
- Our website: [Your website URL]
- Our coaching services
- Email and telephone communications
- Any other interactions with us
Data Controller: Kintsugi Healthcare and Leadership Consulting
ICO Registration Number:** [Your ICO registration number]
Contact Details: kintsugihlc@gmail.com
2. Information We Collect
We collect and process the following categories of personal data:
2.1 Information You Provide Directly
**When you make an enquiry or book coaching services:**
- Name
- Email address
- Phone number
- Postal address
- Payment information (processed securely through our payment provider)
- Information about your coaching goals and objectives
- Any other information you choose to provide in enquiry forms
**During coaching sessions:**
- Information about your personal and professional circumstances
- Your goals, challenges, and progress
- Notes from coaching sessions
- Action plans and commitments
- Feedback and reflections
**When you subscribe to our newsletter or marketing:**
- Name
- Email address
- Marketing preferences
**When you interact with our website:**
- Contact form submissions
- Comments or feedback
- Support requests
2.2 Information We Collect Automatically
**When you visit our website:**
- IP address
- Browser type and version
- Operating system
- Pages visited and time spent on pages
- Referring website
- Date and time of visits
- Device type and screen resolution
**Cookies and similar technologies:**
We use cookies and similar technologies as described in Section 10 of this Privacy Policy.
2.3 Information from Third Parties
We may receive personal data about you from:
- Payment processors (transaction information)
- Video conferencing platforms (if you attend online sessions)
- Social media platforms (if you interact with us on social media)
- Referral sources (with your consent)
3. Legal Basis for Processing
We process your personal data on the following legal bases under UK GDPR:
3.1 Contract Performance (Article 6(1)(b))
We process your data to:
- Provide coaching services you have purchased
- Communicate with you about your coaching programme
- Manage bookings and scheduling
- Process payments
- Fulfil our contractual obligations to you
3.2 Legitimate Interests (Article 6(1)(f))
We process your data for our legitimate business interests, including:
- Improving our services and website
- Conducting business analysis and research
- Preventing fraud and ensuring security
- Maintaining business records
- Responding to legal requests
- Protecting our legal rights
We always balance our interests against your rights and freedoms.
3.3 Legal Obligation (Article 6(1)(c))
We process your data to comply with legal obligations, including:
- Tax and accounting requirements
- Anti-money laundering checks
- Responding to court orders or regulatory requests
- Compliance with employment and health and safety law (if applicable)
3.4 Consent (Article 6(1)(a)
We process your data based on your consent for:
- Marketing communications (you can withdraw consent at any time)
- Non-essential cookies
- Testimonials and case studies
- Any other processing where we specifically request your consent
3.5 Vital Interests (Article 6(1)(d))
In exceptional circumstances, we may process your data to protect your vital interests or those of another person (e.g., if we believe there is a risk of serious harm).
4. How We Use Your Information
We use your personal data for the following purposes:
4.1 Providing Coaching Services
- Delivering one-to-one or group coaching sessions
- Preparing for and planning coaching sessions
- Tracking your progress and goals
- Providing resources, tools, and materials
- Following up after sessions
- Managing the coaching relationship
4.2 Business Administration
- Processing bookings and payments
- Managing our client database
- Maintaining financial records
- Scheduling appointments
- Responding to enquiries
- Customer relationship management
4.3 Communication
- Sending booking confirmations
- Providing session reminders
- Sharing session notes and action plans
- Responding to your questions or requests
- Sending administrative updates about our services
- Handling complaints
4.4 Marketing (with your consent)
- Sending newsletters
- Sharing blog posts and articles
- Promoting our services, courses, or events
- Sending relevant offers or information
You can opt out of marketing communications at any time by:
- Clicking the "unsubscribe" link in our emails
- Contacting us directly
- Updating your preferences in your account (if applicable)
4.5 Legal and Compliance
- Complying with legal obligations
- Protecting our legal rights
- Preventing fraud and abuse
- Ensuring safety and security
- Responding to regulatory or law enforcement requests
4.6 Service Improvement
- Analysing service usage and client feedback
- Improving our website and services
- Conducting research and analysis
- Developing new services or products
5. How We Share Your Information
We do not sell, rent, or trade your personal data. We only share your information in the following limited circumstances:
5.1 Service Providers
We share data with trusted third-party service providers who help us operate our business, including:
**Payment Processors:** [e.g., Stripe, PayPal] - to process payments securely
**Technology Providers:**
- Website hosting: [Provider name]
- Email services: [e.g., Gmail, Outlook]
- Video conferencing: [e.g., Zoom, Microsoft Teams]
- Scheduling systems: [e.g., Calendly, Acuity]
- Customer relationship management: [e.g., Mailchimp, HubSpot]
**Professional Services:**
- Accountants and tax advisers
- Legal advisers
- Professional supervisors (coaching supervision)
- Insurance providers
All service providers are required to:
- Process data only on our instructions
- Implement appropriate security measures
- Comply with UK GDPR requirements
- Have Data Processing Agreements in place
5.2 Legal Requirements
We may disclose your personal data if required to:
- Comply with legal obligations
- Respond to court orders or legal processes
- Cooperate with law enforcement or regulatory authorities
- Enforce our Terms and Conditions
- Protect our rights, property, or safety
- Protect the rights, property, or safety of others
5.3 Business Transfers
If we sell, merge, or transfer our business (or contemplate doing so), we may share your personal data with prospective buyers or the new owner, subject to appropriate confidentiality obligations.
5.4 With Your Consent
We may share your information with other parties where you have given specific consent, for example:
- Testimonials or case studies
- Referrals to other professionals
- With family members or colleagues (if you request)
5.5 Safeguarding Situations
In exceptional circumstances, we may share your information without your consent if:
- We believe you or someone else is at serious risk of harm
- We suspect child or adult abuse
- We have concerns about illegal activity
- It is necessary to protect vital interests
We will only do this where legally permitted and when we believe it is necessary and proportionate.
6. Data Retention
6.1 Retention Periods
We retain your personal data only for as long as necessary for the purposes set out in this Privacy Policy, and to comply with legal, accounting, or regulatory requirements.
**Client Data:**
- Active coaching relationship: Duration of the relationship plus 7 years
- Session notes: 7 years after last session (for professional indemnity insurance purposes)
- Financial records: 7 years (UK tax law requirements)
**Marketing Data:**
- Until you unsubscribe or request deletion
- We review and delete inactive contacts every [e.g., 3 years]
**Website Analytics:**
- [e.g., 26 months] in accordance with Google Analytics settings
6.2 Deletion
After the retention period expires, we will:
- Securely delete or anonymise your data
- Retain only minimal data if required by law
You can request early deletion of your data (see Section 9 for your rights).
7. Your Rights
Under UK GDPR and the Data Protection Act 2018 (as amended by the Data (Use and Access) Act 2025), you have the following rights:
7.1 Right of Access (Article 15)
You have the right to request:
- Confirmation that we process your data
- A copy of your personal data
- Information about how we use your data
We will respond to access requests within one month (extendable by two months for complex requests). The first copy is free; we may charge a reasonable fee for additional copies.
**Note:** Under the Data (Use and Access) Act 2025, we are only required to conduct reasonable and proportionate searches when responding to data subject access requests.
7.2 Right to Rectification (Article 16)
You have the right to have inaccurate personal data corrected and incomplete data completed. Please inform us if any of your personal data is incorrect.
7.3 Right to Erasure / "Right to be Forgotten" (Article 17)
You can request deletion of your personal data in certain circumstances:
- The data is no longer necessary for the original purpose
- You withdraw consent (where consent was the legal basis)
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
- Legal obligation requires deletion
**Exceptions:** We may refuse deletion if we need the data to:
- Comply with legal obligations
- Establish, exercise, or defend legal claims
- Fulfil contractual obligations
- Comply with retention requirements
7.4 Right to Restriction (Article 18)
You can request that we restrict processing of your data in certain circumstances:
- You contest the accuracy of the data (during verification)
- Processing is unlawful but you don't want deletion
- We no longer need the data but you need it for legal claims
- You have objected to processing (pending verification of our legitimate grounds)
7.6 Right to Object (Article 21)
**General objection:**
You can object to processing based on legitimate interests or for public interest tasks. We must stop processing unless we can demonstrate compelling legitimate grounds that override your interests.
**Direct marketing:**
You have an absolute right to object to direct marketing at any time. We will stop processing your data for marketing purposes immediately.
7.7 Right to Withdraw Consent
Where we process your data based on consent, you can withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.
7.8 Right to Lodge a Complaint
You have the right to file a complaint with us (see Section 9.10) or with the supervisory authority:
**Information Commissioner's Office (ICO)**
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
**Phone:** 0303 123 1113
**Website:** www.ico.org.uk
**Email:** casework@ico.org.uk
7.9 New Right to Complain Directly to Us (Data (Use and Access) Act 2025)
Under the Data (Use and Access) Act 2025, you have the right to file a complaint directly with us if you believe we have breached UK GDPR or the Data Protection Act 2018. We will:
- Provide an accessible electronic complaints form
- Acknowledge your complaint within 20 working days
- Investigate and respond within 35 days
- Work with you to resolve the matter
This does not affect your right to also complain to the ICO.
7.10 How to Exercise Your Rights
To exercise any of these rights, please contact us:
Email: kintsugihlc@gmail.com
We may need to verify your identity before processing your request. We will respond within one month (extendable to three months for complex requests).
8. Cookies and Tracking Technologies
8.1 What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They help websites function properly and improve your experience.
8.2 Types of Cookies We Use
**Strictly Necessary Cookies:**
These cookies are essential for the website to function and cannot be switched off. They include:
- Session cookies for website functionality
- Security cookies
- Load balancing cookies
*Legal basis: Legitimate interests (website operation)*
*No consent required under PECR*
**Functional Cookies:**
These cookies enable enhanced functionality and personalisation:
- Language preferences
- Remembering your choices
- Video player settings
*Legal basis: Consent
**Analytics Cookies:**
We use cookies to understand how visitors interact with our website:
- Google Analytics (anonymised IP addresses)
- Page views and navigation patterns
- Session duration
- Device and browser information
*Legal basis: Under Data (Use and Access) Act 2025, first-party analytics cookies used solely for statistical purposes may not require consent*
**Marketing Cookies:**
These cookies track your activity to deliver relevant advertising:
- [e.g., Facebook Pixel, LinkedIn Insight Tag]
- Conversion tracking
- Remarketing
*Legal basis: Consent (required)*
8.3 Cookie Consent
When you first visit our website, you will see a cookie banner asking for your consent to non-essential cookies. You can:
- Accept all cookies
- Reject non-essential cookies
- Manage cookie preferences
You can change your cookie preferences at any time through:
- Our cookie settings tool [provide link]
- Your browser settings
8.4 Managing Cookies
**Browser settings:**
Most browsers allow you to:
- View and delete cookies
- Block cookies from specific sites
- Block all cookies
- Delete all cookies when you close the browser
Please note that blocking cookies may affect website functionality.
**Opt-out tools:**
- Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout
- Network Advertising Initiative opt-out: http://optout.networkadvertising.org/
- Your Online Choices (IAB): http://www.youronlinechoices.com/uk/
8.5 Third-Party Cookies
Some cookies are placed by third-party services that appear on our pages. We do not control these cookies. Please refer to the third parties' privacy policies:
- Google Analytics: https://policies.google.com/privacy
- [List other third parties with links to their privacy policies]
9. Children's Privacy
Our services are not directed at children under 18. We do not knowingly collect personal data from children under 18 without parental consen
If you are under 18, please do not provide any personal data through our website or services. If we become aware that we have collected data from a child under 18 without parental consent, we will take steps to delete that information.
If you believe we have inadvertently collected information from a child under 18, please contact us immediately.
10. Recording of Sessions
10.1 Audio/Video Recording
We do not routinely record coaching sessions. If we wish to record a session for any reason (training, supervision, quality assurance), we will:
- Seek your explicit consent in advance
- Explain the purpose of the recording
- Inform you of how long it will be retained
- Allow you to refuse without penalty
10.2 Note-Taking
We take notes during sessions to:
- Track your progress
- Remember action points
- Provide effective coaching
- Maintain professional record
Notes are stored securely and are subject to the same data protection rules as other personal data.
11 . Links to Other Websites
Our website may contain links to third-party websites, plugins, or applications. We are not responsible for the privacy practices or content of these sites.
When you leave our website, we encourage you to read the privacy policies of any third-party sites you visit. This Privacy Policy applies only to our website and services.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in:
- Our practices
- Legal or regulatory requirements
- Technology or industry standards
We will post the updated Privacy Policy on this page with a new "Last Updated" date. For material changes, we will:
- Notify you by email (if we have your email address)
- Display a prominent notice on our website
- Request fresh consent if required by law
We encourage you to review this Privacy Policy periodically.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Kintsugi Healthcare and Leadership Consulting trading as Kintsugi Coaching
Email: kintsugihlc@gmail.com
Phone: 07738573307
ICO Registration:
14. Glossary
**Data Controller:** The organisation that determines how and why personal data is processed.
**Data Processor:** An organisation that processes personal data on behalf of the controller.
**Data Subject:** The individual whose personal data is being processed.
**Personal Data:** Any information relating to an identified or identifiable individual.
**Processing:** Any operation performed on personal data, including collection, storage, use, disclosure, and deletion.
**Supervisory Authority:** The ICO is the UK's supervisory authority for data protection.
**UK GDPR:** The UK's version of the General Data Protection Regulation
**Version History:**
- 19.11.25: Initial version published
- 19.11.25: Updated to reflect Data (Use and Access) Act 2025
- November 19, 2025: Current version
By using our website and services, you acknowledge that you have read and understood this Privacy Policy.