Privacy Policy

Effective Date: 1 April 2026
Business Name: Heather Parks – Therapeutic Coach
Email: heather@heatherparks.co.uk

1. Who I Am

Heather Parks (sole trader) is the Data Controller responsible for your personal data.

This means I determine how and why your personal data is processed.

This policy explains how I collect, use, store, and protect your information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. The Principles I Work By

In addition to legal compliance, I aim to handle your data in a way that reflects the nature of therapeutic coaching:

  • Respectful

  • Confidential

  • Minimised (only what is necessary)

  • Held with care and integrity

3. What Personal Data I Collect

a) Website Use

Analytics: This website collects personal information to power our site analytics, including:

  • Information about your browser, network, and device

  • Web pages you visited prior to coming to this website

  • Your IP address

This information may also include details about your use of this website, including:

  • Clicks

  • Internal links

  • Pages visited

  • Scrolling

  • Searches

  • Timestamps

  • We provide this information to Squarespace, our website analytics provider, to learn about site traffic and activity.

Cookies: This website uses cookies and similar technologies, which are small files or pieces of text that download to a device when a visitor accesses a website or app. For information about viewing the cookies dropped on your device, visit The cookies Squarespace uses.

These necessary and required cookies are always used, which allow Squarespace, our hosting platform, to securely serve this website to you.

These analytics and performance cookies are used on this website, as described below, only when you acknowledge our cookie banner. This website uses analytics and performance cookies to view site traffic, activity, and other data.

When you submit information to this website via webform, we collect the data requested in the webform in order to track and respond to your submissions. We provide this information to Squarespace, our website hosting provider, so that they can provide website services to us and help us manage our relationship with you. We also provide this information with Gmail to heather@heatherparks.co.uk.

For website visitors: This website is hosted by Squarespace. Squarespace collects personal information when you visit this website, including:

  • Information about your browser, network and device

  • Web pages you visited prior to coming to this website

  • Web pages you view while on this website

  • Your IP address

Squarespace needs the data to run this website, and to protect and improve its platform and services. You can read more about how Squarespace uses your data (site usage information of end users) for its own purposes in their Privacy Policy.

b) Enquiries

If you contact me, I may collect:

  • Name

  • Email address

  • Phone number

  • Details of your enquiry

c) Coaching Services

Before sessions:

  • Name and contact details

  • Date of birth (where relevant)

  • Intake forms and background information

  • Accessibility requirements

During sessions:

  • Personal, emotional, and psychological information

  • Session notes

  • Themes relevant to your coaching process

After sessions:

  • Ongoing correspondence

  • Progress notes

  • Feedback (with your consent)

This may include special category data (e.g. mental health or emotional wellbeing), which is processed with your explicit consent.

4. Session Recordings

Where agreed, sessions may be recorded for note-taking purposes.

  • Recordings are stored securely

  • Reviewed promptly

  • Deleted once no longer required

Recording will only take place with your explicit consent, which can be withdrawn at any time.

5. Use of AI Tools

I may use AI-assisted tools to support administrative tasks such as generating summaries of sessions.

Where AI tools are used:

  • This will only occur with your explicit consent

  • Data will be minimised and, where possible, anonymised

  • AI tools are used only to support, not replace, professional judgement

  • You may opt out at any time without affecting your access to coaching

I take care to use tools that meet appropriate data protection standards.

6. Legal Basis for Processing

Your data is processed under one or more of the following lawful bases:

  • Contractual necessity – to provide coaching services

  • Consent – particularly for sensitive data and recordings

  • Legitimate interests – for safe and effective practice (e.g. note-taking)

  • Legal obligation – where required

7. Confidentiality

Your information is treated as confidential.

However, confidentiality may be limited where:

  • There is risk of serious harm to you or others

  • Safeguarding concerns arise

  • Disclosure is required by law

Where appropriate, this will be discussed with you where possible.

8. Supervision

As part of ethical practice:

  • I may discuss aspects of my work in professional supervision

  • All identifying details are removed

This does not constitute a breach of confidentiality.

9. Third-Party Services (Data Processors)

I use trusted third-party providers to support my services. These may include:

  • Video platforms (e.g. Zoom)

  • Payment providers (e.g. Stripe)

  • Scheduling tools (e.g. Calendly)

  • Community platforms (e.g. Mighty Networks)

  • Email providers

These providers may process your data on my behalf and have their own privacy policies.

10. International Data Transfers

Some third-party providers may store or process data outside the UK.

Where this occurs, I ensure appropriate safeguards are in place (such as Standard Contractual Clauses) to protect your data.

11. Data Storage and Security

Your data is stored securely using appropriate technical and organisational measures, including:

  • Password-protected systems

  • Secure digital storage

  • Restricted access

Please note:

  • Email communication is not fully secure

  • You use email at your own discretion

12. Data Retention

I retain data only as long as necessary:

  • Enquiries: up to 2 years

  • Client records: typically 7–8 years (in line with professional and insurance requirements)

Data is securely deleted when no longer required.

13. Marketing

You will only receive marketing communications if you have opted in.

You can withdraw consent at any time.

14. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Request correction

  • Request deletion

  • Restrict or object to processing

  • Data portability

  • Withdraw consent

To exercise your rights, contact:heather@heatherparks.co.uk

I will respond within one month.

15. Complaints

If you are not satisfied, you can contact:

Information Commissioner's Office

Website: https://ico.org.ukPhone: 0303 123 1113

16. Data Breaches

If a data breach occurs that poses a risk to your rights and freedoms, you will be informed in line with legal requirements.

17. Changes to This Policy

This policy may be updated from time to time. The latest version will always be available on request or via my website.

18. Age Restrictions

My services are intended for individuals aged 18 and over.