Privacy & Data Protection Policy

Introduction

Zelah Senior (“we”, “us”, “our”) collects and processes personal data in order to provide coaching, facilitation, mediation, guidance and support.

This policy applies to individuals in the United Kingdom and the European Economic Area (EEA), in accordance with the UK General Data Protection Regulation (UK GDPR) and, where applicable, the EU General Data Protection Regulation (EU GDPR).

We are committed to handling your information with care, respect, and transparency.

If you have any questions about how your data is used, you can contact us by clicking on this link.

Who this applies to

This policy applies to personal data relating to:

  • Clients and prospective clients

  • Individuals making enquiries

  • Professional contacts and collaborators

What personal data we collect

We may collect and process:

  • Name

  • Contact details (email, phone number)

  • General location (e.g. city or region)

  • Information you choose to share in enquiries or sessions

  • Notes from coaching or advisory sessions

  • Communication history (emails, messages)

We only collect what is necessary to provide our services.

Sensitive information

Given the nature of our work, you may choose to share sensitive personal information (for example, relating to health, family circumstances, or significant life events).

This is only processed with your consent and treated with strict confidentiality.

How we collect your data

We collect personal data through:

  • Direct contact (email, phone, in person)

  • Website enquiries or forms

  • Coaching, facilitation or mediation sessions

  • Referrals (where appropriate)

  • Public sources (e.g. websites or professional profiles such as LinkedIn)

How we use your data

We use your personal data to:

  • Respond to enquiries

  • Provide coaching, facilitation, mediation, guidance and support

  • Manage our working relationship

  • Keep appropriate records of sessions and communications

  • Administer and protect our business

  • Improve our services

We do not sell your data or use it for unrelated marketing.

Legal basis for processing

We rely on the following lawful bases:

  • Consent – where you choose to share information

  • Contract – where processing is necessary to provide services

  • Legitimate interests – to manage and improve our services in a reasonable way

Marketing

We do not send unsolicited marketing.

If you choose to receive updates or communications from us, you can unsubscribe at any time using the link in our emails or by contacting us directly.

Data sharing

Your information is treated as confidential.

We only share data where necessary and on a strict need-to-know basis, for example:

  • With IT, email, or secure storage providers

  • With professional advisers (e.g. accountants or legal advisers, if required)

  • Where required by law

All third-party providers are required to meet UK GDPR standards.

Advertising and tracking

If we use online advertising (such as platforms like Facebook or Instagram), we may use limited personal data (such as your email address) to show you relevant content.

This may involve securely sharing data with these platforms so they can recognise you. We do not receive additional personal data about you from them.

International data transfers

If your data is transferred outside the UK, we will ensure appropriate safeguards are in place in line with UK GDPR.

How long we keep your data

We retain personal data only for as long as necessary:

  • Typically up to 3 years after our last contact

  • Some information may be retained for longer where required for legal, tax, or accounting purposes (typically up to 6 years)

You may request deletion of your data at any time.

We may also use anonymised data (which cannot identify you) to improve our services.

Data security

We take appropriate measures to protect your data, including:

  • Secure digital systems and password-protected devices

  • Restricted access to personal data

  • Confidential handling of written notes

Your rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Correct inaccurate data

  • Request deletion

  • Restrict or object to processing

  • Withdraw consent at any time

To exercise your rights, please contact us by clicking on this link.

We may need to verify your identity before responding.

We aim to respond within one month.

Data breaches

In the unlikely event of a data breach, we will assess the risk and notify affected individuals and the relevant authority where required, including reporting to the ICO within 72 hours where applicable.

Complaints

If you have concerns, please contact us first so we can resolve the issue.

You also have the right to complain to the Information Commissioner’s Office (ICO): Make a complaint to the ICO

Updates to this policy

We may update this policy from time to time. The latest version will always be available on request or via our website.