Privacy Policy

1. Collection of Personal Information

​

We collect and process personal data for specific, legitimate purposes. The types of personal data we collect could include:

1.1 Information You Directly Provide:

• Contact Information: Such as your name, email address, phone number, and postal address.

• Personal Details: This may include your date of birth, and any other demographic information you choose to share.

• Health and Lifestyle Information: This is only collected if you engage with services provided by Nancy West Wellbeing. This is particularly sensitive data and may encompass your health history, medical conditions, dietary preferences, exercise habits, sleep patterns, stress levels, and any other information you share related to your wellbeing and health goals during discovery calls, consultations, or coaching sessions. This is stored securely on a compliant software system. All records must be kept by law for 7 years. 

• Payment Information: Details necessary to process payments for our services, such as billing address and financial transaction details (though sensitive payment data like full credit card numbers will be handled by secure third-party payment processors).

• Communication Records: Any information you provide when you contact us, such as through email, contact forms, or phone calls.

1.2 Information Collected Automatically:

• Technical Data: This may include your IP address, browser type and version, operating system, device identifiers, and mobile network information.

• Usage Data: Information about how you use our website and services, including pages visited, links clicked, time spent on pages, and referring website addresses.

• Cookies and Similar Technologies: We use cookies to enhance your experience on our website, analyze usage, and remember your preferences. You can manage your cookie preferences through your browser settings.

​

2. Legal Basis for Processing Your Data

We rely on the following legal bases for processing your personal data:

• 2.1 Consent: Where you have given us clear consent to process your personal data for one or more specific purposes. This is often required for processing sensitive health data. You have the right to withdraw your consent at any time.

• 2.2 Contractual Necessity: Where processing is necessary for the performance of a contract to which you are party, or to take steps at your request before entering into a contract (e.g., providing health coaching services).

• 2.3 Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.

• 2.4 Legitimate Interests: Where processing is necessary for our legitimate interests, provided these interests are not overridden by your fundamental rights and freedoms. Examples include improving our services, marketing our services, and ensuring the security of our operations. We will always balance our interests against yours.

​

3. Purposes for Processing Your Data

We use your personal data for the following purposes and based on the legal grounds outlined above:

• 3.1 Providing and Managing Health Coaching Services:

  • To deliver personalised health and wellness coaching.

  • To assess your needs and tailor programs.

  • To communicate with you regarding your progress and appointments.

  • Legal Basis: Contractual Necessity, Consent for sensitive data

• 3.2 Communication and Customer Support:

  • To respond to your inquiries, feedback, and requests.

  • To provide updates on services or any changes to our policies.

  • Legal Basis: Contractual Necessity, Consent, Legitimate Interests

• 3.3 Service Improvement and Development:

  • To analyse usage patterns to improve our website and services.

  • To develop new coaching programs based on client needs.

  • Legal Basis: Legitimate Interests, Consent

• 3.4 Marketing and Promotional Activities:

  • To send you newsletters, special offers, or information about our services, if you have opted in.

  • Legal Basis: Consent

• 3.5 Legal Compliance and Security:

  • To comply with applicable laws, regulations, and legal processes.

  • To protect our rights, property, or safety, and that of our clients or others.

  • To prevent and detect fraud or other illegal activities.

  • (Legal Basis: Legal Obligation, Legitimate Interests)

​

4. Sharing of Your Personal Data

​

We will not sell, rent, or lease your personal data to third parties. We may share your personal data in the following limited circumstances and only when necessary:

• 4.1 With Your Explicit Consent: We will only share your data with third parties if you have given us explicit consent to do so.

• 4.2 Service Providers: We may engage trusted third-party service providers to perform functions on our behalf, such as:

  • Payment processing and fraud prevention (e.g., Stripe).

  • Email marketing platforms for sending newsletters (e.g., Mailerlite).

  • Cloud storage services (e.g. Practice Better, Google). These providers are contractually bound to only use your data for the purposes for which we have engaged them and to maintain the confidentiality and security of your information.

• 4.3 Legal Requirements: We may disclose your personal data if required to do so by law or in response to a valid request from a public authority (e.g., a court or government agency).

​

​

4. Data Security

I implement reasonable organisational security measures to protect your personal information from unauthorised access, disclosure, alteration, and destruction. (including regular security audits, 2 factor authentication and access control policies). However, no method of transmission over the internet or electronic storage is completely secure, and I cannot guarantee absolute security. It is your responsibility to keep your login credentials (if any) secure and to not share them.

​

6. Your Data Protection Rights

Under GDPR, you have the following rights concerning your personal data:

• 6.1 Right to Access: You have the right to request access to the personal data we hold about you and to receive a copy of this data.

• 6.2 Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to request its correction.

• 6.3 Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal data under certain circumstances (e.g., when it is no longer necessary for the purposes for which it was collected, or if you withdraw consent).

• 6.4 Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances (e.g., if you contest the accuracy of the data).

• 6.5 Right to Data Portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

• 6.6 Right to Object: You have the right to object to the processing of your personal data where we are relying on legitimate interests as our legal basis. You also have the right to object to direct marketing at any time.

• 6.7 Rights Related to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects concerning you.

​

To exercise any of these rights, please contact us using the details provided below. We aim to respond to all legitimate requests within one month.

​

7. International Data Transfers

In some cases, we may transfer your personal data to third-party service providers located outside the EEA. When we do so, we will ensure that appropriate safeguards are in place to protect your data. This may include:

• Transferring to countries deemed to have adequate data protection laws by the European Commission.

• Using Standard Contractual Clauses (SCCs) approved by the European Commission, which provide safeguards for international data transfers.

• If you would like more information about our international data transfers, please contact us.

​

8. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The criteria we use to determine retention periods include the nature of the data, the purpose of collection, and any legal or contractual obligations. For example, health records may be retained for a statutory period (currently 7 years) after the cessation of services for legal and professional reasons.

​

9. Your Right to Lodge a Complaint

If you are not satisfied with our response to your inquiry or complaint, or if you believe we have not complied with data protection laws, you have the right to lodge a complaint with your local data protection supervisory authority.

​

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. We will post the updated Privacy Policy on this page and update the "Last Updated" date at the top. We encourage you to review this Privacy Policy periodically. Significant changes will be communicated eithe by email or a prominent notice on our website. Your continued use of our services after any changes constitutes your acceptance of the revised policy.

​

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at:

Nancy West Wellbeing Email: [hello@nancywestwellbeing.com] Website: www.nancywestwellbeing.com