Privacy Policy

My name is Pauline Harley. I am the sole director and data controller of ChallengeuChangeu Ltd, which incorporates this website. My company offers workplace and career-related well-being consulting courses, self-advocacy support and facilitation for the neurodivergent community, 

According to Data Protection laws and regulations, my company is committed to the safety and proper use of the data entrusted to us. This includes the Data Protection Act 1998 and the General Data Protection Regulation, effective May 2018.

SECTION 1 – WHAT DO I WITH YOUR INFORMATION?

When you purchase coaching sessions from my company, as part of the client/coaching contract, I collect the personal information you give me, such as your name, telephone and email address. I only collect home addresses once all the company work is done online. Other applications where I will need to use your data supplied on an agreement as per the client/coach contract are below. Next to each is a brief description of why I use them and what data they interact with. Finally, their name is a link to their privacy policies:

Zoom

I use Zoom to conduct all of my online coaching sessions.

Calendly

I use This appointment booking system to schedule a session with me.

Dropbox

Suppose a client wants and explicitly consents to have their session recorded for interview preparation or any other reason to review. In that case, a recording is uploaded to Dropbox and sent via a private link to the client. It is then deleted from Dropbox, and my recordings are deleted immediately when the client informs me it has been downloaded.

Stripe

This is my payment gateway for processing your transactions. They will hold and process your name, email address, payment information, and additional information for us, such as your order history and the status of your payments.

Zoho Books

I must use this accounting software to file public company accounts for the CRO. In addition, I need to use your data to create invoices for payment and reconciliation here. 

Substack

My writing platform collects emails from subscribers to my newsletter. They will hold and process your name and email address, additional relevant information about you, such as where you signed up for my newsletter, your engagement with my newsletter emails and articles, your IP address, and an estimate of your location.

Please click on the links above to view their privacy policies. Of course, I am not responsible for the content or privacy policies of these Third Parties or other sites, so please check these yourself to ensure you're satisfied with their policies. When you browse my website, it automatically receives your computer's internet protocol (IP) address to provide me with information that helps me learn about your browser and operating system.

As a website visitor or potential client, I will learn relevant information about you to tailor my coaching and consulting services better. 

Email marketing: With your expressed consent, I may send you emails about my services and other updates. These are marketing emails.

You can amend or delete any data my website collects and stores about you at any time. To request this, please use the contact information provided at the end of this page.

I will hold your data for different periods depending on the reason we collected your data for processing:

Data collected for transactional purposes – I will hold your data for a reasonable period to service your coaching contract and help expedite your coaching package's future extension.

Data collected for marketing purposes—I will hold your data for as long as it is relevant to marketing my coaching services to you and for as long as you are happy for me to do so. In addition, I will monitor the engagement of our marketing communications every 12 months. If you are not engaging with our communications, I may delete the data we store about you for these purposes.

SECTION 2 – CONSENT

What is consent?

Your 'consent' is your explicit permission for me to process your data for a specific reason. This mainly applies to me when using your transactional data (to complete a sale or fulfil an order) or for marketing purposes.

How do you get my consent?

When you provide me with personal information to complete a transaction and verify your credit card, we imply that you consent to collecting and using it for that specific reason only, as it is necessary to carry out the transaction.

If I process your personal information for another reason, like marketing, I will ask you directly for your expressed consent, wherever possible, before doing so. This can take a few different forms on my website site:

  • A short form or pop-up box that asks for your email address, asking you to 'Sign Up' or similar as per my homepage

Suppose you've given your consent by providing your email address. In that case, I will also ask you to confirm your email address, representing a double confirmation or 'double opt-in' of your consent.

How do I withdraw my consent?

If you change your mind after opting in, you may withdraw your consent for me to contact you or for the continued collection, use, or disclosure of your information at any time. The easiest way is to click the 'manage preferences' or 'unsubscribe' links at the bottom of my marketing and newsletter emails. You can also do this by contacting me at pauline@paulineharley.com.

SECTION 3 – YOUR RIGHTS AROUND DATA

Data I process about you belongs to you alone, and you have rights surrounding that data that we will (and are required by law) respect. Here is a list of your rights around your data and what they mean:

Right to be informed.

You have the right to know how I collect and use your data, how long I will store it and who I will share it with. (See the list of additional apps and websites I need to use to carry out essential elements of my business listed above.) That is the purpose of this privacy policy and my cookie policy.

Right of access

You have the right to obtain a copy of the personal data I store about you. I must provide this to you in a commonly accessible format, free of charge, within 30 days of your request. Which I am happy to do at any stage.

Right to rectification

You have the right to have any inaccurate data that I store about you rectified or completed if it is incomplete. I am required to complete this within 30 days of your request.

Right to erasure

You have the right to 'be forgotten. ' This means you can ask me to delete some or all of the data we store about you. I must complete this within 30 days of your request.

Right to restrict processing.

You can restrict how I process your data in certain circumstances. For example, if you ask me to correct data stored about you, you could also ask me to restrict how we process that data while I correct it.

Right to data portability

You have the right to receive personal data about you stored by me in a commonly used machine-readable format. You also have the right to request that I transmit this data directly to another controller.

Right to object

You have the right to object to your data being processed. This is different from the right to erasure, as it focuses more on the data being processed than being stored. For example, if you objected to me using your data for marketing purposes, I would stop processing it for marketing purposes. However, I would retain enough data to put you on a 'suppression list', ensuring I don't send you marketing emails. I'd also be allowed to keep your data for transactional purposes (like repeat coaching package purchases) unless you requested that I delete it.

Rights related to automated decision-making making, including profiling

You have a right to be protected from automated individual decision-making that would have legal or significant implications. For example, if you were applying online for a loan or credit card. We use automated processes to help run our business, but these don't significantly or legally impact you as an individual.

If anything in this privacy policy or these rights is unclear, please get in touch with me at pauline@paulineharley.com. I am the sole data controller of this company. 

SECTION 4 – DISCLOSURE

I will not disclose your personal information to third parties for their purposes and benefit unless the law requires it or if you have given your specific consent in advance.

SECTION 5 – PAYMENT

I do not store any of your payment information. Instead, I use a third-party payment processing gateway, Stripe, to take payments. Stripe uses its security measures to protect your information at the point of purchase or if it is stored with your consent (for example, the next time you use the site to make a purchase). Otherwise, your purchase transaction data is stored only as long as necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

You can find information about their security standards here.

SECTION 6 – THIRD-PARTY SERVICES

In general, the third-party providers used by my website will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to me. An example of a third-party provider I used would be Substack, an email subscription writing platform service provider, to contact you via email.

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their privacy policies regarding the information I must provide them for your transactions. For example, our payment gateway provider's (Stripe's) privacy policy can be found here.

We recommend that you read the privacy policies of these providers, as per my list above, to understand how they will handle your personal information.

In particular, remember that certain providers may be located in or have facilities in a different jurisdiction than you or me. So, suppose you elect to proceed with a transaction that involves the services of a third-party service provider. In that case, your information may become subject to the laws of the jurisdiction(s) where that service provider or its facilities are located.

See the list above of the third parties I use to collect or handle your data when they provide their services to us. Here, 'hold' means they store your data for some time, and 'process' means they pass your data from one system to another within our environment. 

SECTION 7 – LINKS

When you click on links on my website, they may direct you away from the site to other publications and media articles I have contributed to. I am not responsible for the privacy practices of other sites and encourage you to read their privacy statements. Unfortunately, I can also not control the content they display on their sites.

SECTION 8 – SECURITY

To protect your personal information, I take all reasonable precautions and follow industry best practices to ensure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

If such an event were unlikely, I would endeavour to contact all affected individuals as soon as the event's details were established so that they could take appropriate action. I would also endeavour to contact the Information Commissioner Office (ICO) within 24 hours to notify them of the data breach.

SECTION 9 – COOKIES

My website's cookies are based on implied consent from your continued site use after the Cookies Policy Notice is served. For information on our cookie policy, visit our cookie policy page here.

SECTION 10 – CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this privacy policy anytime, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you that it has been updated to be aware of what information we collect and how we use it. Under what circumstances, if any, do we use and disclose it?

Suppose my company is acquired or merged with another company. In that case, your information may be transferred to the new owners so they can continue communicating with you effectively and selling your services.

QUESTIONS AND CONTACT INFORMATION

If you would like to access, correct, amend or delete any personal information I have about you, register a complaint, or want more information, contact me at pauline@paulineharley.com.