Privacy Policy

Privacy Policy for Charlotte Wilding Consulting

Last updated: 04/11/2025

This Privacy Policy describes how Charlotte Wilding Consulting (“we”, “us”, “our”) collects and processes personal data when you visit wildingconsulting.co.uk or engage our services in the UK. We are committed to protecting your privacy and handling personal data lawfully, fairly and transparently in accordance with the UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR).

Relevant pages:

1) Who we are and how to contact us

Controller: Charlotte Wilding Consulting

Location: Southeast England (Kent, Sussex, London) and remote working

Telephone: 0333 050 7388

Email: Please use the form on this page. Get in touch

Website: wildingconsulting.co.uk

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO): ico.org.uk.

2) What data we collect

  • Identity and contact data: first name, last name, email address, phone number, job title, organisation.
  • Enquiry details: information you provide via the contact form (including your message) and how you heard about us.
  • Coaching and supervision data: notes about your goals, context, reflective practice, feedback, session dates/times, and related professional information you choose to share. This may include special category data if you voluntarily disclose health or wellbeing information.
  • Training data: enrolment details (e.g., for ILM programmes), attendance, assessments, feedback, certificates/awards (where applicable).
  • Technical data: IP address, device/browser type, pages visited, time/date, referrer (via server logs and cookies/analytics).
  • Marketing preferences: your preferences about receiving updates or event/training information.
  • Payment and invoicing data: invoice details, transaction references and accounting records (we do not store full card details; payments are processed by payment providers where relevant).
  • Public/third-party sources: LinkedIn profile data you make public, or referrals from professional networks.

We do not intentionally collect children’s data. Our services are provided to adults and organisations.

3) How we collect your data

  • Directly from you: when you submit the contact form, call us, email us, book sessions, enter a training programme, or provide information during coaching/supervision.
  • Automatically: via cookies, analytics and server logging when you use the site.
  • From third parties: professional referrals, accrediting bodies (e.g., ILM), or tools we use to deliver services (e.g., video conferencing, scheduling, surveys), in accordance with their privacy terms.

4) Purposes and lawful bases for processing

  • Responding to enquiries and providing proposals/quotes
    Lawful basis: Legitimate interests (to respond to prospective clients) or steps prior to entering into a contract.
  • Delivering coaching, supervision and training services; managing bookings and administration
    Lawful basis: Contract; Legitimate interests (efficient delivery of professional services).
    Special category data (if any): Explicit consent where you choose to share health/wellbeing-related data.
  • Payments, invoicing and maintaining accounting/tax records
    Lawful basis: Legal obligation; Contract; Legitimate interests (operate a business).
  • Maintaining professional records (coaching/supervision notes) in line with ethics and codes
    Lawful basis: Legitimate interests (professional practice, quality assurance); Contract.
    Special category data: Explicit consent where applicable.
  • Sending updates about services, events or training
    Lawful basis: Consent (you may withdraw at any time).
  • Improving the website, security and user experience (usage analytics, troubleshooting)
    Lawful basis: Legitimate interests (running, improving and securing our website and services).
  • Legal or regulatory compliance and responding to lawful requests
    Lawful basis: Legal obligation.

If we need to process your data for a new purpose, we will notify you and explain the lawful basis.

5) Special category data

If, in the context of coaching or supervision, you choose to share information about health or wellbeing, we will only process this with your explicit consent and will limit access and use to what is necessary for the coaching/supervision purpose. You can withdraw consent at any time, but this will not affect prior lawful processing.

6) Cookies and analytics

Our website may use necessary cookies for core functionality and optional cookies for analytics and performance. Where required by law, we will request your consent for non-essential cookies.

  • Uses: understanding site traffic, improving content, measuring marketing effectiveness, ensuring security and performance.
  • Managing cookies: You can manage or block cookies through your browser settings. If we provide a cookie banner or preference tool, you can change your choices there at any time.
  • Third-party analytics: If used (e.g., Google Analytics), such providers may set cookies and receive pseudonymous usage data. We ensure a valid legal basis and, where required, your consent.

7) Sharing your data

We may share personal data with trusted recipients, strictly as necessary:

  • Service providers (processors): website hosting and maintenance, email service, scheduling and video conferencing tools (e.g., Microsoft Teams/Zoom), survey tools, file storage, secure note-taking tools, invoicing/accounting software, and training/assessment platforms.
  • Professional partners and accreditation bodies: for training (e.g., ILM) to register you, assess, certify or verify your participation.
  • Supervisors/mentors: for reflective supervision of our practice in line with coaching ethics. Client details are handled confidentially and where possible anonymised/pseudonymised.
  • Professional advisers and insurers: where necessary.
  • Law enforcement/regulators: if required by law or to protect rights, safety, or security.
  • Business transfers: prospective buyers or successors in the event of business restructuring, subject to confidentiality.

We require processors to protect your data and use it only under our instructions.

8) International transfers

Some providers may be located outside the UK (and EU/EEA). Where personal data is transferred internationally, we ensure appropriate safeguards such as adequacy regulations and/or Standard Contractual Clauses (SCCs) with the UK Addendum, plus additional measures where needed. Contact us for details of relevant transfer safeguards.

9) Data retention

We retain personal data only for as long as necessary for the purposes set out in this policy, including to meet legal, regulatory, tax, accounting, or reporting requirements.

  • Enquiries: up to 24 months from last contact if no engagement.
  • Coaching/supervision records: typically 6 years after the end of engagement, aligned with professional standards, insurance, and limitation periods.
  • Training records: as required by accrediting bodies and to verify qualifications (often 6–7 years, or per accreditation terms).
  • Invoices and accounting records: at least 6 years per HMRC requirements.
  • Marketing preferences: until you withdraw consent or object.

We securely delete or anonymise data when no longer needed.

10) Security

We implement appropriate technical and organisational measures to protect personal data, including secure storage, access controls, encryption where appropriate, and staff/professional confidentiality obligations. However, no system is completely secure; please take care when transmitting information over the internet.

11) Your rights

Under the UK GDPR, you have the following rights (subject to conditions and exemptions):

  • Access: request a copy of your personal data.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion where there is no overriding lawful basis.
  • Restriction: ask us to limit processing in certain situations.
  • Portability: receive your data in a structured, commonly used format and transmit it to another controller where processing is based on consent or contract and carried out by automated means.
  • Objection: object to processing based on legitimate interests or to direct marketing at any time.
  • Withdraw consent: where processing is based on consent.
  • Complain to the ICO: you have the right to complain to the ICO (ico.org.uk).

To exercise your rights, contact us using the details below. We will respond within one month, or explain if we need more time due to complexity.

12) Marketing

We will only send you marketing communications (such as updates about services, training, or events) with your consent or as otherwise permitted by law. You can opt out at any time by using the unsubscribe link (if provided) or contacting us.

13) Professional ethics and confidentiality

Our coaching, supervision and training practice is underpinned by professional codes (e.g., Global Code of Ethics, EMCC). We maintain confidentiality as a core principle, subject to legal or safeguarding obligations.

14) Third-party links

Our website may contain links to third-party sites (e.g., LinkedIn, partners, developers). We are not responsible for their privacy practices. Please review their privacy policies.

15) Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date will be revised accordingly. Material changes will be communicated where appropriate.

16) Contact

Charlotte Wilding Consulting
Telephone: 0333 050 7388
Email: Please use the form on this page. Get in touch
Website: wildingconsulting.co.uk