Privacy Policy

Who We Are

Lisa Walsh Coaching Ltd is a company registered in England and Wales with company number 17222393 (we, us or our). We are committed to protecting your privacy. This policy explains how we collect, use and share your personal data. It applies to all personal data we handle, whether we collect it through our landing pages, online forms, in person, or through other means.

We provide two main types of services:

• Personal training services, including fitness coaching, training plans, and health-related support
• Business coaching services for other coaches, helping them build their online and social media business presence

The personal data we collect may vary depending on which service you use.

Information We Collect

Identity and contact details

• Name
• Address
• Email address
• Phone number
• Professional details
• Date of birth

Service related information

• Transaction details for products and services you've purchased from us or enquiries about our products and services
• Feedback, complaints and compliments and survey responses

Financial and payment information

• Payment details for products and services you've purchased from us and, where relevant, banking or payment card information

Digital information

• IP address and general location information derived from your IP address
• Information collected through online forms and landing pages
• Cookie preferences and tracking

Special category data

This is special information that the law says is more sensitive (sometimes called "sensitive personal data"). We handle special category data with extra care and protection, and we only collect and use it where legally permitted. This includes:

• Health information (including medical conditions and weight)
• Sex
• Dietary requirements

We process this special category data based on your explicit consent and because it is necessary for the provision of our personal training services. You have the right to withdraw your consent at any time by contacting us using the details at the end of this policy.

How we collect personal data

• Directly from you — when you interact with us, contact us, or fill out forms
• Automatically — when you visit our website, use our technologies, or interact with our online services

How We Use Your Information

Data protection law requires us to have proper legal reasons for using your personal data. We can only use your information when we have one or more of these legal bases:

• Consent — you have clearly agreed to us using your personal data for a specific purpose
• Performance of a contract — we need to use your information to fulfil a contract with you, or because you've asked us to do something before entering into a contract
• Legal duty — we must use your information to comply with the law
• Vital interests — we need to use your information to protect someone's life
• Legitimate interests — we have a genuine business reason to use your information, or a third party does, but only if this doesn't unfairly override your rights and interests

We may process your personal data for more than one legal basis depending on the specific purpose. Please reach out to us if you need further details about the specific legal basis we are relying on.

Managing your account and providing our services

• To enable you to access and use our services, including providing login credentials
• To contact and communicate with you about our services, including responding to support requests and enquiries and dealing with complaints or claims
• Internal record keeping, administrative, invoicing and billing purposes

Legal basis: Performance of a Contract; Legitimate interests. Information used: identity and contact details, service related information, financial information, digital information.

Client onboarding and verification

Legal basis: Performance of a Contract; Legal Duty; Legitimate interests. Information used: identity and contact details.

Website enquiries and customer service

• To contact and communicate with you about any enquiries you make with us via our website

Legal basis: Legitimate interests. Information used: identity and contact details, digital information.

Business improvement and development

• Analytics including profiling on our website
• Market research and business development
• To operate and improve our services, associated applications and associated social media platforms

Legal basis: Legitimate interests. Information used: digital information.

Marketing and communications

• To send you promotional information about our events and experiences and information that we consider may be of interest to you
• To run promotions, competitions and offer additional benefits to you

Legal basis: Legitimate interests. Information used: identity and contact details, digital information.

Legal compliance

• To comply with our legal obligations or if otherwise required or authorised by law

Legal basis: Legal Duty. Information used: all relevant personal data.

Our Disclosures of Personal Data to Third Parties

We may disclose personal data to the following categories of recipients:

Service providers

We work with the following third-party service providers who process personal data on our behalf:

• Stripe — for processing payments. Stripe's privacy policy is available at stripe.com/gb/privacy
• Funnel Sketchers — UK-based CRM provider for managing client data, landing pages, and communications. Privacy policy available at funnelsketchers.com/privacy-policy
• Ionos — for email services and domain hosting, based in Germany. Privacy policy available at ionos.co.uk/terms-gtc/terms-privacy
• PT Hub — third-party app for managing personal training clients, programmes, and progress tracking
• UK-based contractors — virtual assistants and other contractors based in the United Kingdom who assist with administrative tasks, email management, and CRM system management
• Zoom — used to conduct coaching sessions and consultations. When you participate in a video call with us, Zoom may collect and process personal information including your name, email address, IP address, device information, and audio/visual data during the call. Zoom's privacy policy is available at zoom.us/privacy. We do not record calls unless we obtain your prior consent, and any recordings made will be stored securely and deleted in accordance with our data retention policy.

We may also work with web hosting and server providers, marketing and communications providers, and professional and legal advisers.

Business partners

• Our existing or potential agents
• Our business partners or contractors

Corporate transactions

If we merge with or are acquired by another company, or sell our business assets, your information may be disclosed to our advisers or the potential purchaser's advisers, or included in the transferred assets.

Legal and regulatory bodies

• Courts and tribunals
• Regulatory authorities including as required for reporting obligations
• Law enforcement officers

Other parties

• Third parties you have authorised
• Emergency services when necessary
• Any other parties as required or permitted by law

Overseas Transfers

We primarily store your personal data in the United Kingdom and the European Economic Area (EEA). However, your information may be transferred to locations outside the United Kingdom where our service providers are located overseas, where we work with overseas business partners, where we use cloud-based services or data storage solutions with international infrastructure, or where required by law or legal proceedings.

When we transfer your personal data outside the United Kingdom, we ensure it receives appropriate protection by only transferring to countries that UK data protection law recognises as providing adequate protection, by putting in place contracts that require third parties to protect personal data to UK standards, or by transferring to organisations that are part of specific cross-border data transfer agreements with the UK.

We only transfer the minimum amount of personal data necessary and require all recipients to protect your information to the same standards required by UK law, use your information only for the purposes we've agreed, allow us to monitor how they handle your information, and provide you with the same rights over your information that you have under UK law.

Data Retention

We only keep your personal data for as long as we need it to provide our services to you, meet our legal, tax, accounting or regulatory obligations, and handle any complaints or legal issues that may arise.

We may keep your information for longer periods if you make a complaint that we need to investigate or respond to, if we reasonably believe legal action involving our relationship with you might occur, or if the law requires us to keep it for specific timeframes.

When determining how long to keep your information, we consider how much information we have and how sensitive it is, the risk of harm if it was accessed without permission, whether we can achieve our purposes in other ways, and what legal, regulatory, tax or accounting rules require.

Once we no longer need your personal data, we will securely delete or destroy it in accordance with our data retention policies and legal requirements. You can request information about retention periods for your data and ask for early deletion where legally possible.

Data Breaches

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Your Privacy Rights and Choices

Providing information

You can choose whether to provide personal data to us. If you don't provide certain information, we may not be able to provide some services. Let us know if you don't want to provide information and we will let you know when information is required versus optional.

Right of access

You have the right to ask us for copies of your personal data. You can request other information such as details about where we get personal data from and who we share personal data with. There are some exemptions which means you may not receive all the information you ask for.

Right to rectification

You have the right to ask us to correct or delete personal data you think is inaccurate or incomplete.

Right to erasure ("right to be forgotten")

You can request deletion of your personal data in certain limited circumstances as set out in data protection law, such as where the data is no longer necessary or has been unlawfully processed. This right is not absolute and we may be required or entitled to retain your data for legal, regulatory or legitimate business reasons.

Right to restrict processing

You can ask us to suspend processing where you contest the accuracy of the data, processing is unlawful but you don't want erasure, we no longer need the data but you need it for legal claims, or you've objected to processing pending verification of our legitimate grounds.

Right to opt-out of marketing communications

You can opt-out of receiving marketing communications at any time. Each marketing communication will include an unsubscribe option. You can also change your marketing preferences by contacting us directly.

Right to data portability

Where technically feasible, you can receive your personal data in a structured, commonly used format or have it transmitted to another controller where processing is based on consent or contract and processing is automated.

Right to object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.

Right to withdraw consent

Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

How to exercise your rights

To exercise any of these rights, contact us using the details below. We may ask for proof of identity and will respond within one month (extendable to three months for complex requests). These rights are available under data protection law, though some may not apply in every situation. We'll let you know if any limitations apply when you make a request.

Making a Complaint

If you're unhappy with how we've used your personal data, please get in touch with us first using the contact details at the end of this policy. We will acknowledge your complaint within 30 days of receiving it and investigate without undue delay. We will keep you updated on progress throughout our investigation.

If you are not satisfied with our response, you can also make a complaint directly to the Information Commissioner's Office (ICO), the UK's data protection regulator, at any time:

• Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
• Helpline: 0303 123 1113
• Website: ico.org.uk/make-a-complaint

You don't have to contact us first before going to the ICO, but we'd appreciate the opportunity to try to resolve your concerns directly with you.

Protecting Your Information

We use multiple layers of security to protect your information.

Technical safeguards

• Enterprise-grade encryption for data storage and transmission
• Regular security testing and monitoring
• Automated threat detection systems

Operational security

• Training on security and privacy
• Strict access controls based on job requirements
• Regular security audits and incident response procedure testing

Physical security

• Secure premises with controlled access
• Secure disposal of physical documents
• Equipment security protocols

Cookies and Analytics

We use cookies and similar tracking technologies on our website to enhance your browsing experience and improve our services. Cookies are small text files that are stored on your device when you visit our website. They help us remember your preferences and understand how you use our site.

We currently use only essential cookies necessary for our landing pages and online forms to function properly. Essential cookies do not require your consent.

We may also use performance cookies (to help us understand how visitors interact with our website), functionality cookies (to remember your preferences and settings), and marketing cookies (to deliver relevant advertisements and track campaign effectiveness).

Before implementing non-essential cookies, we will install a cookie consent banner that allows you to choose which types of cookies to accept, provide a cookie preference centre where you can manage your choices, and implement a third-party cookie management tool to ensure ongoing compliance.

You can change your cookie preferences at any time by using our cookie preference centre on the website, adjusting your browser settings to refuse or delete cookies, or visiting our cookie policy for detailed information about specific cookies. Please note that disabling certain cookies may affect the functionality of our website and your user experience.

Amendments

We may update this policy at any time by posting the revised version on our website. We recommend that you review our website regularly to stay current with any policy changes.

Contact