This privacy policy explains how your personal data is collected, used and protected when you visit this website or engage with our services. We believe in being transparent about what we collect and why - please read it carefully to understand how your information is handled.
1. INTRODUCTION
Stephanie Thomas Coaching Ltd ("we", "us", "our") is the data controller and is responsible for your personal data under this privacy policy. That's the legal name for the business behind this website and the Thrive programme.
In practice, Stephanie Thomas is the person running the business and the one you'll likely be in touch with. Any questions about your data can come directly to her:
Contact details:
Stephanie Thomas Coaching Ltd
Email: stephanie@stephaniethomas.com
Contact: Stephanie Thomas, Director
It's important that the personal information we hold about you is accurate and up to date. Please let us know if your details change by emailing us at the address above.
Personal data means any information that can identify an individual. This does not include anonymised data.
We may collect, use, store and transfer the following types of personal data:
We may also use aggregated data (such as usage statistics) for analysis purposes. This data does not identify you personally.
Sensitive Data
We do not collect any sensitive personal data, including information about health, ethnicity, religious beliefs, political opinions or criminal records.
If we are legally required to collect personal data and you do not provide it, we may not be able to deliver a product or service. If this happens, you will be informed at the time.
3. HOW YOUR DATA IS COLLECTED
Your data may be collected in the following ways:
When you provide it directly - for example, by completing forms, booking calls, downloading guides, enrolling in Thrive or emailing us
Automatically through cookies and similar technologies when you use the website
From third parties such as:
Analytics providers (e.g. Google)
Advertising platforms (e.g. Meta/Facebook)
Payment processors (e.g. Stripe)
Website and platform providers (e.g. Kartra)
Scheduling tools (e.g. Acuity)
Video conferencing platforms (e.g. Zoom)
Email and marketing platforms (e.g. Kartra)
Community platforms (e.g. Circle)
Accounting software (e.g. FreeAgent)
Publicly available sources (e.g. Companies House)
Please see the Cookie Policy for more information on cookies and similar technologies.
4. LAWFUL BASIS FOR PROCESSING
Under UK data protection law, we must have a lawful basis for processing your personal data. The lawful basis we rely on include:
Contract - processing necessary to perform the services you requested (e.g. delivering Thrive, processing your enrolment, running coaching calls, scheduling sessions).
Legitimate Interests - processing necessary for our legitimate business interests (e.g. improving our services, responding to enquiries, preventing fraud, maintaining records)
Consent - where you've actively opted in (e.g. to marketing emails or specific cookies)
Legal Obligation - where processing is required by law (e.g. tax records, accounting, obligations, regulatory compliance)
You can withdraw consent at any time where consent is the basis for processing. Withdrawing consent does not affect the lawfulness of processing that took place before the withdrawal.
5. MARKETING COMMUNICATIONS
We process your personal data for marketing purposes based on either your consent or our legitimate interest.
You may receive marketing communications if:
You have requested information or purchased a product or service
You have opted in to receive communications (for example, by downloading our free guide)
You can unsubscribe at any time using the link in our emails or by contacting us directly.
Your personal data is never sold or shared with third parties for their own marketing purposes.
Opting out of marketing does not affect communications related to purchases or services you have already received.
6. SHARING YOUR PERSONAL DATA
Your personal data may be shared with trusted third parties where necessary, including:
Service providers who support website, systems, payments or client delivery (as listed in Section 3)
Professional advisers such as accountants or legal advisers
Government or regulatory bodies where legally required
All third parties are required to respect your data and process it only in line with our instructions and applicable data protection law. We do not sell your personal data to anyone.
Some of the third-party service providers we use may be based outside the UK or the European Economic Area (EEA) - for example, Meta, Google, Stripe, Kartra, Zoom and similar platforms.
Where personal data is transferred internationally, we ensure your data is protected using appropriate safeguards, including:
Transfers to countries with UK adequacy decisions
Use of UK International Data Transfer Agreements or the UK Addendum to EU Standard Contractual Clauses
Transfers under approved frameworks such as the UK-US Data Bridge (for relevant US providers)
You may withdraw consent for international transfers at any time where consent is the basis for the transfer.
8. DATA SECURITY
Appropriate security measures are in place to protect your personal data from loss, misuse, unauthorised access, or disclosure.
Access to personal data is limited to those who need it for legitimate business purposes and who are required to keep it confidential.
Where a data breach occurs that presents a risk to affected individuals, we will notify both the Information Commissioner's Office (ICO) and the affected individuals without undue delay - and in any event within 72 hours of becoming aware, where legally required.
Your personal data is retained only for as long as necessary to fulfil the purposes it was collected for, including legal, accounting, or reporting obligations.
For tax purposes, basic customer information may be retained for six years after you cease being a client.
Marketing preferences are retained until you opt out or request erasure
In some cases, data may be anonymised for research or statistical purposes and retained indefinitely.
Under UK data protection law, you have rights including the right to:
Access your data
Correct your data
Request erasure
Restrict or object to processing
Request data portability
Withdraw consent (where applicable)
Make a complaint to the Information Commissioner's Office
More information about your rights is available from the UK Information Commissioner's Office:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights
To exercise any of these rights, email stephanie@stephaniethomas.com. We usually respond within one month.
You also have the right to lodge a complaint with the ICO directly at ico.org.uk if you believe we have mishandled your data. We would always appreciate the chance to address your concerns first before you contact the ICO.
This website may include links to third-party websites. We are not responsible for their privacy practices and encourage you to review their privacy policies when leaving this site.
Cookies and similar technologies are used on this website to help it function properly, analyse usage, and support marketing activity. You can control cookies through your browser settings. Disabling cookies may affect how the website functions.
For full details, please see the Cookie Policy.
14. CHANGES TO THIS POLICY
We may update this privacy policy from time to time. Any changes will be reflected in the "Last Updated" date at the top of this page. Where changes are significant, we will contact you directly where reasonably possible.