Privacy Policy.

1. Who We Are

Busy Brains Coaching is the "Data Controller" for the personal information you provide to us. This means we decide how and why your data is processed.

  • Business Owner: Emily Sinclair

  • Location: United Kingdom

  • Contact Email: emily@busybrainscoaching.com

2. The Data We Collect

To provide coaching and training services, we collect the following types of data:

  • Identity Data: First name, last name, and title.

  • Contact Data: Email address, phone number, and billing address.

  • Financial Data: Payment details. Note: We do not store your full credit card or bank account details. These are processed securely by our third-party payment provider (Stripe).

  • Technical Data: IP address, browser type, and usage data when you visit our website.

  • Special Category (Sensitive) Data: As an ADHD coaching service, you may voluntarily share health-related information with us (e.g., diagnosis status, medication, specific neurodivergent challenges). We process this data with strict confidentiality and extra security measures.

3. How & Why We Use Your Data

Under data protection laws (UK & EU GDPR), we can only use your data for specific reasons:

  • Contractual Necessity: To schedule sessions, deliver coaching, and process payments.

  • Legal Obligation: To keep financial records for HMRC (UK tax authorities) for 6 years.

  • Consent: To send you our newsletter or updates (only if you have actively opted in).

  • Vital Interests: In rare emergency situations (e.g., safeguarding concerns), we may need to share information to protect your safety or the safety of others.

4. Who We Share Your Data With

We do not sell your data. We only share data with trusted third-party service providers necessary to run the business. These providers have their own high standards of security:

  • Payment Processing: Stripe

  • Booking Systems: Google Booking

  • Video Conferencing: Zoom / Google Meet

  • Accounting: Stripe

Specific Third Parties (Funding Bodies): If your coaching is funded by Access to Work (DWP) or a School/Employer:

  • We may be required to share attendance logs, invoices, or brief progress reports with the funding body to ensure your grant is paid.

  • We will always inform you before sharing specific reports with an employer.

5. International Data Transfers (UK & Ireland)

Busy Brains Coaching is based in the United Kingdom.

  • For Irish/EU Clients: Please be aware that your data will be processed in the UK. The UK is recognized by the European Commission as providing an "adequate" level of data protection. This means your data remains safe and your rights are protected when transferred to us.

6. Data Retention

We only keep your data for as long as necessary:

  • Client Notes: Kept for the duration of our coaching relationship + [e.g., 6 years] for liability and insurance purposes.

  • Financial Records: Kept for 6 years (statutory HMRC requirement).

  • Marketing List: You can unsubscribe at any time, and your details will be removed immediately.

7. Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. Client notes are anonymized where possible and stored in password-protected, encrypted software.

8. Your Legal Rights

Under GDPR, you have the right to:

  • Request access to your personal data (a "Subject Access Request").

  • Request correction of the data we hold about you.

  • Request erasure of your personal data (The "Right to be Forgotten"), subject to our legal requirement to keep tax records.

  • Withdraw consent for marketing at any time.

9. Cookies

Our website uses cookies to improve your browsing experience. You can choose to disable cookies through your browser settings, though some parts of this website may not function properly.

10. Complaints

If you have any concerns about how we handle your data, please contact us at emily@busybrainscoaching.com first so we can resolve it.

If you are not satisfied, you have the right to make a complaint to the data protection authority: