1. Who we are
Corryvreckan Consulting Limited is the data controller for the purposes of UK data protection law.
Registered address: Mitre House, Pitt Street West, Stoke-on-Trent, ST6 3JW
Company number: 14513444
Email: mdh@corryvreckanconsulting.com
Phone: 07715 269724
2. What data we collect and why
| Category | Examples | Purpose | Lawful basis |
|---|---|---|---|
| Identity & contact | Name, email address, phone number | To respond to enquiries; to deliver services; to issue invoices | Contract; legitimate interests |
| Coaching & supervision notes | Session notes, goals, reflections, assessment results | To deliver coaching, supervision or training; to maintain professional standards and supervision records as required by our ethical code | Contract; legitimate interests |
| Professional information | Employer, job title, business context | To tailor the engagement to your context | Contract; legitimate interests |
| Financial information | Billing name, address, payment records | To issue invoices and maintain financial records | Contract; legal obligation |
| Website usage | Pages visited, browser type (via cookies) | To ensure the website functions correctly; to understand how visitors use it | Legitimate interests; consent (where required) |
We do not collect special category data (health, political opinions, religious beliefs, etc.) unless you choose to share it in the course of a coaching or supervision engagement, and only then for the purposes of delivering that service.
3. How we collect your data
We collect data in the following ways:
- Directly from you when you contact us by email, phone or through our website forms
- During the course of a coaching, supervision, training or consultancy engagement
- From our website, via cookies and standard server logs (see our Cookie Policy)
- From third-party scheduling tools (such as Calendly) when you book a discovery call
4. Who we share your data with
We do not sell or share your personal data with third parties for marketing purposes. We may share data in limited circumstances:
- Our coaching supervisor. As required by our professional ethical code, we receive regular supervision. Session content shared in supervision is anonymised wherever possible. Where full anonymisation is not possible, only the minimum necessary information is shared, and our supervisor is bound by equivalent confidentiality obligations.
- Service providers. We use third-party tools to deliver our services, including email providers, scheduling software and form-processing services. These act as data processors and are required to process data only on our instructions.
- Legal requirements. We will disclose data where required to do so by law, by a court order, or by a regulatory authority.
All service providers used are either based in the UK or the EEA, or operate under appropriate transfer mechanisms.
5. How long we keep your data
| Data type | Retention period | Reason |
|---|---|---|
| Coaching and supervision notes | Duration of engagement, then 3 years | Professional standards; potential future re-engagement |
| Financial and invoicing records | 7 years from the end of the tax year | HMRC legal requirement |
| Contracts and agreements | 6 years from the end of the engagement | Limitation Act 1980 |
| Enquiry and contact records | 2 years from last contact | Legitimate interests in responding to follow-up enquiries |
At the end of a coaching or supervision engagement, session records will be securely destroyed unless you have requested that they be retained for potential future re-engagement.
6. Your rights
Under UK GDPR and the Data Protection Act 2018, you have the following rights:
You can request a copy of the personal data we hold about you.
You can ask us to correct inaccurate or incomplete data.
You can ask us to delete your data, subject to legal retention obligations.
You can request a machine-readable copy of data you have provided to us.
You can ask us to limit how we use your data in certain circumstances.
You can object to processing based on legitimate interests.
To exercise any of these rights, please contact us at mdh@corryvreckanconsulting.com. We will respond within one calendar month.
7. Automated decision-making
We do not use automated decision-making or profiling in a way that produces legal or similarly significant effects on you.
8. Keeping your data secure
We take reasonable technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction or disclosure. These include password protection, encrypted storage, and restricted access to client records.
No method of transmission over the internet is completely secure, and we cannot guarantee absolute security. We will notify you and the ICO without undue delay if a data breach is likely to result in a risk to your rights and freedoms.
9. Cookies
Our website uses cookies. For full details of the cookies we use and how to control them, please read our Cookie Policy.
10. Complaints
If you are unhappy with how we handle your personal data, please contact us in the first instance at mdh@corryvreckanconsulting.com. We will do our best to resolve any concerns promptly and fairly.
If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
11. Changes to this policy
We may update this policy from time to time. The date at the top of the page shows when it was last revised. If we make significant changes, we will notify active clients directly.