We are committed to the protection of your personal data and this Policy sets out information regarding: (i) who we are; (ii) what personal data we collect about you; (iii) how we collect and use your personal data; (iv) retention and transfer; (v) your rights in respect of your personal data; and (vi) relevant contact details.
We are the data controller for the purposes of relevant data laws in respect of your personal data.
Bright Thinking is the trading name of Alison Outred, providing life coaching and business coaching services and having business address at 7B Palmerston Road, Edinburgh, EH9 1TL. You can contact us at firstname.lastname@example.org or 07723590515.
Personal Data We Collect From You
“Personal data” means information that can identify you. This can include data such as your name, email address, telephone number, home address, date of birth, demographic information, and technical data such as your IP address, web-browser, and other operating system information. You have rights in your personal data under applicable data laws.
Bright Thinking may collect certain data from you in the following circumstances:
- you book an appointment with us in person, on the telephone, or online or make an enquiry as to an appointment;
- you provide data during a session appointment or in anticipation of a session appointment;
- you provide us with your financial information (such as a credit or debit card) to process an order either in person, on the telephone, or online;
- you visit our website which provides us with information about your IP address and other analytics about your
- use of our site such as page interaction (see our section on ‘Cookies’ for further information).
While not always applicable, we may from time to time collect sensitive data relevant to any session or pre-session appointment carried out in our ordinary course of business. “Sensitive data” is a special category of personal data which reveals: (i) racial or ethnic origin; (ii) political opinions; (iii) religious or philosophical beliefs; (iii) trade union membership; (iv) genetic data; (v) biometric data; (vi) data concerning health; or (vii) data concerning sex life and/or sexual orientation.
Bright Thinking is a coaching services provider and therefore we may, either prior to a session or during a session, collect sensitive data. In respect of data concerning health; this may include medical history information (such as pre-existing heart conditions, epilepsy, or other) which is collected in order to maintain a safe environment for our clients during session.We process such sensitive data on the standard bases of consent, performance of a contract, and legitimate interest, however – and in accordance with Article 9 GDPR – we will obtain your explicit consent to the processing of such data. Any files containing sensitive data are maintained securely and only accessed by Bright Thinking personnel. You have the right to withdraw your consent and should communicate this to Bright Thinking in person, by email, or by telephone in accordance with the information contained within this Policy.
Why We Process Your Personal Data
Our use of your personal data is linked to the appropriate processing basis. In the event that you share personal data with us in order that we may schedule an appointment for you or provide our services to you in the normal course of our business then we shall process that data under the basis of fulfilment of a contract.
We also have a legitimate interest basis in processing your personal data where you have expressed interest in using our services, in order to keep you updated as to our services and products, and the keeping records of the contract and the service provided.
Where we collect personal data from you automatically through your use of our website (such as IP address) then we do this under the basis of legitimate interest as we wish to ensure that the website functions properly, provides the appropriate user experience, to ensure that the website provides relevant content for you, and for traffic monitoring and audience participation. We are entitled to rely on this basis as it pertains to the hosting of our website, our interaction with customers and potential customers and the growth of our business.
Where we process your personal data in order to comply with legal requirements (such as maintaining appropriate transaction records for tax and financial purposes) or as required by governmental, legal, or regulatory authority, we do so on the basis of either: (i) compliance with a legal obligation to which we are subject and/or; (ii) in order to protect our legitimate interests in connection with our business operations or any other legal claims basis.
How We May Share Your Personal Data
We may share your personal data with:
- service providers to Bright Thinking who provide IT, web, or similar services (including search engine providers and analytics to assist us in monitoring your use of the website);
- financial service providers who process payments, refunds, or bookings of appointments;
- third parties where part of a sale, transfer, or merger of some or all of our business and/or its assets;
- any governmental, legal enforcement, or similar body to whom we are required to disclose your personal data to.
Third Party Links
Our website may, from time to time, provide links to the websites of third parties that are not operated or affiliated with Bright Thinking. We have no control and assume no liability over any such third party links and you are advised to review each of those sites’ individual privacy policies.
Where Your Personal Data Is Stored
Our business is located in the UK and we would not, in the ordinary course of operations, transfer your data outside of the European Economic Area (“EEA”). However, some of our service providers are based outside of the EEA so their processing of your personal data will involve a transfer of such personal data outside the EEA.
These service providers include, from time to time, electronic communication platforms such as Skype or Zoom, which we use for the holding of confidential files and Skype, and Google Analytics which we use for traffic monitoring. These US-based providers are part of the EU-US Privacy Shield, allowing us to transfer data to them given that they have equivalent safeguards in place as required under relevant data laws. Whenever we transfer your personal data outside of the EEA we take steps to ensure a level of security for that data under mechanisms such as the EU-US Privacy Shield.
You, as a data subject, have the right to withdraw your consent to a data transfer outside of the EEA but this is only applicable where we rely on your consent to the transfer and not upon another basis such as legitimate interest or performance of a contract.
Retention Of Your Personal Data
We take the protection of your personal data seriously and will take appropriate measures to reduce the risk of any accidental or unauthorised disclosure of your personal data. Your personal data is limited to those owners, directors, employees, agents, contractors, and other third parties of the Company who have a business requirement to know the personal data.
Any data collected by email is hosted by IONOS which complies with strict European data privacy rules and are SSL/TLS encrypted.
You have, as a data subject under the data laws, certain rights in respect of your personal data. These rights include, among others:
- the right of access to your personal data
- the right to be informed about our collection and use of your personal data
- the right to rectify any inaccurate or incomplete personal data
- the right for your personal data to be deleted
- the right to obtain a copy of your personal data (portability)
- the right to object to us using your personal data for certain purposes (such as direct marketing)
- the right to withdraw your consent as a processing basis for your personal data.
- You are entitled to exercise your rights under the data laws and can do this by contacting us with your request.
You have the right to complain to the Information Commissioner’s Office (the ‘ICO’). See their website for further information: https://ico.org.uk
Strictly necessary cookies are cookies which are essential for you to browse a website and to use its features. Functionality cookies are cookies which permit websites to remember choices which you have specified in the past such as a username and password. Analytical/performance cookies are cookies which track users’ use of a website and are generally anonymised so do not constitute personal data. Marketing cookies track online activity and are used to create more relevant advertising.
This website uses the following cookies:
Cookie Party Category
SERVERID First Party. This is a strictly necessary cookie for the operation of the site and is a session cookie. Strictly necessary.
You are able to set your browser to disallow cookies however please note that this may impair the functionality of our website and your user experience. Further information about cookies is available at https://www.allaboutcookies.org
Changes To This Policy
Address: 7B Palmerston Road, Edinburgh, EH9 1TL
Last Updated: 02 April 2020