PRIVACY NOTICE
Salt & Light Coaching Ltd. (referred to as the ‘Company’, ‘we’, ‘us’, or ‘our’) owns and manages www.saltlightcoaching.com (referred to as the ‘Website’). When you visit the Website, we collect some information and depending on how you use the Website you may chose to give us some of your personal data.
Data Protection Regulations control and limit how we collect, process, store and how long we retain your personal data.
Apart from complying with our legal obligations, your trust is important to us, the Company is commited to safeguarding your privacy and this Privacy Notice is to inform you:
-
what personal data and other information is collected;
-
how that personal data is used;
-
who the personal data is shared with;
-
how your personal data is stored;
-
how long your personal data is retained;
-
your rights in respect of that Data.
Please read this Privacy Notice carefully and ensure that you understand it. If you do not agree with anything within this Privacy Notice, you must not use the Website or make contact with us from the Website, however if you continue to use the Website we will assume you are ok with it.
We take pride in keeping up to date with advances in technology and legal developments which can result in needing to change this Privacy Notice, if any changes are made a new Privacy Notice will be published on the Website which shall apply from the date of publication, so you are encouraged to revisit this Privacy Notice periodically to ensure that you agree to the version that is current at the time of your visit.
Who Are We? ​
​
Salt & Light is a private company limited by shares incorporated in England and Wales with company registration number 13133452 and with its registered address at Office 4, 219 Kensington High Street, Kensington, London, W8 6BD, England.
Our email address for any queries related to this Privacy Policy is info@saltlightcoaching.com
We are data controllers for personal information and are registered with the Data Commissioner’s Office under number C1358554. 
We do not have, nor do we reach the threshold to appoint a data protection officer, but we will always have one designated person who has the responsibility to oversee our data protection responsibilities.
What Is Personal Data?
​
Personal data is defined by the Data Protection Regulations as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
In simpler terms, personal data is any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as referencenumbers and online identifiers.
What is Data Protection Regulation?
Data Protection Regulation refers to all applicable legislation in force from time to time in the United Kingdom applicable to data protection and privacy including, but not limited to, the Data Protection Act 2018; the UK General Data Protection Regulations (UK GDPR); the Privacy and Electronic Communications Regulations 2003; the Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019; and any amendments or secondary regulations.
The Data Protection Regulation allows companies to process personal information only when the processing is permitted by a specific legal purpose.
What Personal Data Do We Collect?
We do not collect any personal data whilst you visit and use the Website unless you choose to give it to us.
If you choose to use the ‘contact us’ form on the Website you will need to provide us with your name and email address.
If you use the facility to ‘book a call’ you will need to provide us with your name, telephone number or username for a video call provider, and email address.
If you would like to give us a review or feedback to use on the Website we will only include your name if you expressly allow it, or if requested we will anonymise the review, for example ‘John from London’ or ‘J from London’.
If your feedback or review is given using a company name, then this is not personal data (unless of course your company name is or includes your real name) and we will include your company name at your request should you wish to take advantage of the additional exposure.
How Do We Use Your Personal Data and Other Information?
​
If you give us your name, email address, or telephone number when using the ‘contact us’ form or ‘book a call facility’ we will use the personal data to:
-
respond to your enquiry or message;
-
deal with complaints, disputes, and legal actions;
-
send commercial communications to you where you have chosen to accept or not opted out from receiving. Commercial communications includes newsletters or marketing materials to inform you of the availability of new products or services or changes to existing ones, special offers;
-
send commercial communications that are necessary in respect of the security of your Personal Information or in the event of a data breach which affects you or your Personal Data.
 
Under the Data Protection Regulations, we must always have a lawful purpose for using personal data. this personal data can be used with the lawful purpose of a legitimate interest or consent.
If your personal data is subsequently used for other reasons, for example entering into a contract or providing coaching then you will be provided with a Privacy Notice for that purpose.
 
 Do You Share My Personal Data?
​
The personal data that you provide in a form to make an enquiry or request a call will need to be shared with our Website host and Internet service provider as it passes through their networks and systems.
We may share your personal data with employees, officers, agents, consultants, suppliers, or subcontractors insofar as reasonably necessary:
-
for dealing with an enquiry;
-
to conduct a telephone or video call;
-
to the extent that we are required to do so by law;
-
in connection with any complaint, dispute, legal proceedings, or prospective legal proceedings;
-
with the purchaser (or prospective purchaser) of any business, asset, or account which the Company are (or are contemplating) selling;
-
under an order of a court.
Your email address will be shared with our email service provider when we communicate with you through email.
We use a third party scheduling software for the ‘book a call’ facility provided by Calendly, so your personal data is shared with them and their privacy notice is available here https://calendly.com/legal/privacy-notice.
If a telephone or video call takes place, we will need to share your telephone number or other identifier with the telephone or video service provider.
We may use a third-party software to perform certain functions, for example third-party servers or on the cloud, or in temporary files in software on the Company’s computers whilst we perform relevant tasks using the data (these temporary files are deleted once the tasks are completed), this is considered to be sharing your personal data with the software.
We may also engage other businesses for Website, IT or analytic support and maintenance who on rare occasions, whilst performing their services may have to access a file containing your personal data. These businesses will be working under a contract for services that contain strict conditions in relating to accessing personal data and will be subject to confidentiality undertakings.
We do not use automated processing of your personal data to form or make decisions.
Data Processing When Making Payments
When using the Website to make payments the following applies.
All payments to the Company are processed by a third-party payment processing merchant and in full compliance with all recognised standards and security requirements.
The payment processing merchant will use full encryption to ensure your payment card information remains secure, this means that payments can only be accepted from web browsers that permit communication through Secure Socket Layer (SSL) technology, it is not possible to make a payment via an unsecured connection, most web browsers support SSL.
We do not hold, retain, process, or store your card payment details, however, to complete the purchase you will need to provide your Personal Information of name and address, this Personal Data is shared with us to confirm your purchase.
We process this Personal Data in the performance of a contract and a legal obligation as we are required to maintain accounts recording source of all income.
Data Transfers Outside Of The UK and EU
We shall not generally transfer or process any personal data outside the boundaries of the E.U. however we do not know or have any way of knowing the route data takes through the internet and it may on occasion be routed or diverted through a country outside of the E.U. but we have no control over this nor do we know which countries the data may be routed through.
If any personal data is knowingly transferred outside of the E.U. we shall, as far as is reasonably practical or possible, ensure that the county has sufficient security measures and guarantees in place to protect the security of your personal data at least to the same level as it would be within the UK.
The EU publish a list of countries who have adequate measures in place to equal the standards in the GDPR which we shall take into account. If any personal data is transferred, processed, or stored in a country who has not acquired adequacy status we shall satisfy ourselves of the safety and security of the data and use appropriate contracts, including those published by the Information Commissioner Office for that purpose.
  
How and Where Do You Store or Transfer My Personal Data?
​
Your personal data will generally be stored securely on the Microsoft cloud with access limited and restricted by passwords and other identifiers.
How Long Will You Keep My Personal Data?
We will not keep your personal data for any longer than is necessary considering the reason(s) for which it was first collected.
If you make an enquiry or book a call, we shall generally not retain your personal data for longer than 6 months after our last contact with you, except where
-
you enter into, or it is clear that you may enter into a contract with us;
-
you request, allow, or do not object to receiving commercial communications with us;
-
there is, or there is potential for a complaint, dispute, or legal claim;
-
we are required to retain the data because of a regulation, or advice from a governing body, or an order of a court.
When we delete your personal data, it shall be as thorough and complete as is reasonably and technically possible, however if data has been cached or is included in a system back-up it may take some additional time before this is deleted.
 
 What Other Data Do We Collect?
We do collect information about how you use the Website during your visit, however this information is completely anonymised and anything which can identify you for example your IP address is disabled within the software, so the information we collect is not classified as personal data.
The information collected includes
-
the country from where you gain access to the Website;
-
the browser used by your device;
-
the operating system used by your device;
-
the screen resolution and other settings of the device you use;
-
the web pages that you visit or view;
-
the length of time you spend on a webpage;
-
the referral source (the way how you arrived at the Website).
The information is used to generate Website usage reports and statistics which helps the us to
-
maintain a Website that is user friendly and compatible with popular equipment and software;
-
identify errors in the Website;
-
see which pages are popular and which are not;
-
analyse and maintain the security of the Website;
-
see what search terms or referral sources are being used to find the Website.
​
What are My Rights?
Under data protection regulations you have the right to
-
know the identity and contact details of the Data Controller and Data Protection Officer (where applicable);
-
know the purpose and legal basis for processing your personal data, and where processing is based on the legitimate interests of the Data Controller, what those legitimate interest are;
-
know whether your personal data is transferred or processed beyond the EU and that appropriate safeguards are in place.
-
access your personal data
-
erase personal data in some circumstances.
-
restrict processing of the personal data in some circumstances.
-
portable data.
-
withdraw consent.
-
complain.
The Right of Access.
You may require us to provide you with any personal data that we hold about you.
A request for a copy the personal data that we hold can be made in any way however we recommend that it is made in writing to avoid any possibility of a dispute that the request was made.
The personal data will be provided free of charge except where a request is manifestly unfounded or excessive (for example it is a repetitive request, or where the Company needs to process large amounts of data) in which case we may make a charge for reasonable administrative costs in dealing with the request or refuse to respond but we must provide a justifiable reason for refusing to respond.
We shall search our systems and files for any document which contains your personal data and provide a copy of all the documents within one month of receipt of the request, however where there is a substantial amount of information, or it is difficult to collate we may extend this timeframe by one month by providing you notice.
Where personal data is stored electronically, we may make arrangements which allow you to access the data via a secure connection to an electronic file.
We take the issue of protecting your personal data seriously and may require proof of identity from you prior to disclosing such information.
You have the Right (in certain circumstances) to Instruct the Company to Erase Your Personal Data
You can request erasure of your personal data (also known as the right to be forgotten) when
-
the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed;
-
you withdraw your consent;
-
you object to the processing and there is no overriding legitimate interest for continuing the processing;
-
the personal data was unlawfully processed or obtained;
-
the personal data must be erased to comply with a legal obligation.
-
the personal data is processed in relation to the offer of information services to a child.
Where you have the right and you issue an instruction to erase your personal data, we shall use all reasonable, practical, and technical efforts to permanently remove you’re the data and inform all third parties to whom your personal data has been shared, of the requirement to erase your personal data which they hold.
In the event that your personal data has been published online we shall endeavour to ensure that any links or references are also removed, however due to the caching of information it may take same time before the personal data is no longer visible or available, for example in search engines
The right to Restrict Processing.
We shall, upon your request, restrict the processing of your personal data if the following circumstances arise
-
where you contest the accuracy of the personal data the Company shall restrict the processing until investigated and verified the accuracy of the personal data;
-
where you have objected to the processing where it was necessary for the performance of a public interest task;
-
the lawful purpose for processing the personal data was a legitimate interests, and the Company are considering whether its legitimate grounds override your grounds.
-
when processing is unlawful, and you oppose erasure but request restriction instead.
-
If the Company no longer need the personal data but you require the information to establish, exercise or defend a legal claim.
Where processing of your personal data is restricted,
-
the personal data shall be stored but no further processing shall occur except for conducting an investigation as to verify the accuracy of the data;
-
we shall inform any third party to whom your personal data was shared or disclosed so that all processing is restricted;
-
we shall inform you when and restricted period comes to an end.
The Right to Portable Data
Any personal data which is stored by the Company electronically and the lawful purpose for processing is consent or for the performance of a contract, the Company shall hold that personal data in a portable format (readable in a format that will be commonly used on other computer systems) and shall provide this information to you or directly to another organisation (where technically feasible) upon your request.
The Right to Withdraw Consent
If you provide your consent to process your personal data in a particular way, you may withdraw your consent at any time by informing the Company at the address at the top of this Notice in the section headed ‘Who are we?’.
Upon receipt of a notice withdrawing your consent the Company shall stop processing the data except:
-
where is it necessary for the performance of a contract or other lawful purpose;
-
where there are compelling legitimate grounds for the processing, which override your interests, rights, and freedoms;
-
the processing is for the establishment, exercise, or defence of legal claims;
-
where the processing of the personal data is carried out under an obligation in law.
You have the Right to Complain
If you have the need or a reason to complain about the way that we collect, process, store or retain your personal data, please make your complaint in writing to our address which is at the top of this notice, if we do not resolve your complaint to your satisfaction you can make at complaint to the Information Commissioners Office at https://ico.org.uk/make-a-complaint/