PRIVACY POLICY
Last Updated: September 2025
 

This privacy policy explains how your personal data is collected, used and protected when you visit this website or engage with my services. Please read it carefully to understand how your information is handled.
 

1. INTRODUCTION
 

Stephanie Thomas is the data controller and is responsible for your personal data. Throughout this policy, "I", "me" or "my" refers to Stephanie Thomas.
 

Contact Details
 

Stephanie Thomas
Email stephanie@stephaniethomas.com
 

It's important that the personal information I hold about you is accurate and up to date. Please let me know if your details change by emailing me at the address above.
 

2. WHAT DATA IS COLLECTED
 

Personal data means any information that can identify an individual. This does not include anonymised data.


I may collect, use, store and transfer the following types of personal data:

  • Identity data - first name, last name, username or similar identifier.
  • Contact data - billing address, email address, telephone number.
  • Financial data - payment card or bank details (processed securely by third-party providers).
  • Transaction data - details about payments and purchases.
  • Technical data - IP address, browser type, operating system, time zone and device information.
  • Profile data - purchases, preferences, feedback and survey responses.
  • Usage data - information about how you use this website and services.
  • Marketing and communications data - your preferences for receiving marketing communications.

I may also use aggregated data (such as usage statistics) for analysis purposes. This data does not identify you personally.

Sensitive Data
 

I do not collect any sensitive personal data, including information about health, ethnicity, religious beliefs, political opinions or criminal records.

If I am legally required to collect personal data and you do not provide it, I may not be able to deliver a product or service. If this happens, you will be informed at the time.

3. HOW YOUR DATA IS COLLECTED
 

Your data may be collected in the following ways:

  • When you provide it directly (for example, by completing forms, booking calls, or emailing me)

  • Automatically through cookies and similar technologies when you use the website

  • From third parties such as:

    • Analytics providers (e.g. Google)

    • Advertising platforms (e.g. Meta/Facebook)

    • Payment and delivery providers (e.g. Stripe, Kartra)

    • Publicly available sources (e.g. Companies House)

Please see the Cookie Policy for more information.

4. MARKETING COMMUNICATIONS

I process your personal data for marketing purposes based on either your consent or legitimate interest.

You may receive marketing communications if:

  • You have requested information or purchased a product or service

  • You have opted in to receive communications

You can unsubscribe at any time using the link in emails or by contacting me directly.

Your personal data is never shared with third parties for their own marketing purposes.

Opting out of marketing does not affect communications related to purchases or services you have already received.
 

5. SHARING YOUR PERSONAL DATA
 

Your personal data may be shared with trusted third parties where necessary, including:

  • Service providers who support website, systems or payments

  • Professional advisers such as accountants or legal advisers

  • Government or regulatory bodies where legally required

All third parties are required to respect your data and process it only in line with my instructions and applicable law.

 

6. INTERNATIONAL TRANSFERS
 

Some service providers are based outside the UK.
 

Where personal data is transferred internationally, appropriate safeguards are used to ensure your data receives the same level of protection as it would in the UK, including:

  • Transfers to countries approved by UK authorities

  • Use of approved contractual clauses or frameworks

  • Explicit consent where required

You may withdraw consent for international transfers at any time.

7. DATA SECURITY
 

Appropriate security measures are in place to protect your personal data from loss, misuse, unauthorised access, or disclosure.
 

Access to personal data is limited to those who need it for legitimate business purposes and who are required to keep it confidential.


If a data breach occurs, I will notify affected individuals and regulators where legally required.
 

8. DATA RETENTION
 

Your personal data is retained only for as long as necessary to fulfil the purposes it was collected for, including legal, accounting, or reporting obligations.
 

For tax purposes, basic customer information may be retained for six years after you cease being a client.
 

In some cases, data may be anonymised for research or statistical purposes and retained indefinitely.
 

9. YOUR LEGAL RIGHTS
 

Under data protection law, you have rights including the right to:

  • Access your data

  • Correct your data

  • Request erasure

  • Restrict or object to processing

  • Request data portability

  • Withdraw consent (where applicable)

More information is available from the UK Information Commissioner’s Office:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights

 

To exercise any of these rights, email stephanie@stephaniethomas.com.

Requests are usually responded to within one month.
 

10. THIRD-PARTY LINKS
 

This website may include links to third-party websites. I am not responsible for their privacy practices and encourage you to review their privacy policies when leaving this site.
 

11. COOKIES


You can control cookies through your browser settings. Disabling cookies may affect how the website functions.

For full details, please see the Cookie Policy. 

 

© 2025 Stephanie Thomas.  All Rights Reserved | Privacy | Terms 

{:lang_general_banner_cookie_disclaimer}
{:lang_general_banner_cookie_cookie} {:lang_general_banner_kartra_cookie}
{:lang_general_banner_cookie_privacy}
{:lang_general_powered_by} KARTRA