Privacy & Data Policy

Overview

This Privacy & Data Policy explains how Anne-Marie (“we”, “us”) processes personal data under UK GDPR and the Data Protection Act 2018.

Data controller

Anne-Marie acts as the data controller for all personal information you provide.

What data we collect

• Contact details: name, email, phone
• Booking information: session type, date/time, payment confirmation
• Session notes: brief factual notes to support continuity of service

Why we collect data (lawful basis)

• Contract / legitimate interests: to deliver appointments and manage scheduling
• Consent: for optional communications
• Legal obligation: for accounting and record-keeping

How we store data

• Digital records stored on password-protected, encrypted devices
• Any paper notes stored in a locked location
• No data shared with third parties except where legally required or to process bookings/payments

Retention

Routine records and notes are held for up to 6 years unless a shorter period is required or you successfully request deletion.

Your rights

• Access, rectification, erasure, restriction, portability, and objection
• Withdraw consent where processing relies on consent
• Complain to the UK ICO

Children & young people

Where a parent/guardian books on behalf of a child, we collect only what is necessary to arrange and deliver the session. Safeguarding obligations may override confidentiality in cases of risk of harm.

Security & breaches

We take appropriate technical and organisational measures. If a notifiable breach occurs, we will follow UK GDPR reporting requirements.

Contact

Data controller: Anne-Marie · Email: info@heyletstalkabout.com