Mabc logo 2 white
Log in

Privacy

Data Controller: Mind and Body Coach
Contact: [email protected]

We respect your privacy. This policy explains how we collect, use, share, and protect your personal data when you use mindandbodycoach.com and participate in our Programmes.

1) What data we collect

  • Identity & contact: name, email, phone, postal address, account details.
  • Transaction: purchase details, payment method (tokenised by our processor), billing history.
  • Programme data: progress notes, preferences, messages you send us, attendance, Q&A or

    community interactions.

  • Health information (special category – optional): injuries, medical history, exercise readiness

    (PAR‐Q). Collected only when necessary and with your explicit consent.

  • Technical: IP address, device/browser, log data, approximate location, cookies (see Cookies).
  • Marketing preferences: opt‐ins/opt‐outs and records of consent.

    2) Sources of data
    Directly from you (forms, checkout, emails, chat), automatically via cookies/analytics, and from our

    processors (e.g., payment providers) as needed to provide the service. 3) How we use your data and legal bases

  • Register you and deliver the Programme (contract).
  • Process payments and prevent fraud (contract; legitimate interests; legal obligation).
  • Provide customer support (contract; legitimate interests).
  • Send service emails about schedules, access, or changes (contract).
  • Email marketing about similar services (consent or soft opt‐in under PECR; you can opt out

    anytime).

  • Personalise and improve the Website and Programme (legitimate interests).
  • Comply with legal obligations (e.g., tax record keeping).
  • Process health data only with your explicit consent for personalised coaching, which you may

    withdraw at any time (this will not affect prior lawful processing).

4

4) Sharing your data

We share data with trusted processors who help us operate the Website and Programme, under contracts that protect your data:
– Hosting & Website (e.g., WordPress, managed hosting/CDN).
– Forms & CRM (e.g., Fluent Forms/FluentCRM).

– Payments (e.g., Stripe, PayPal).
– Email delivery (Amazon SES) and analytics.
– Video & community tools (YouTube).
We may also share data if required by law, to protect rights/safety, or in the context of a business transaction (sale/merger). We do not sell your personal data.

5) International transfers

Some processors may store data outside the UK. Where this occurs, we use lawful safeguards such as the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, or rely on adequacy regulations where applicable.

6) Retention

• Account & Programme records: kept for 24 months after programme end (unless you remain an active customer).

• Health data: kept for 12 months after programme end or your last interaction, then securely deleted unless legally required longer.

• Marketing data: until you unsubscribe or withdraw consent, plus a minimal suppression record thereafter.

• Transaction records: kept for 6 years for tax/accounting. 7) Your rights

You can request: access, correction, deletion, restriction, portability, and to object to processing based on legitimate interests. Where we rely on consent (e.g., health data or marketing), you can withdraw it at any time. To exercise rights, email [[email protected]]. If you are unhappy, you can complain to the Information Commissioner’s Office (ICO) at ico.org.uk or 0303 123 1113.

8) Marketing
We send marketing only with your consent or under the PECR soft opt‐in for existing customers where

the products are similar. Every email includes an unsubscribe link. You can also email us to opt out.

9) Cookies and analytics

We use necessary cookies for site security and functionality, and optional cookies for analytics and improvements. Where required, we show a cookie banner that lets you accept or reject non‐essential cookies. See our Cookie Policy for details.

5

10) Security

We use appropriate technical and organisational measures (encryption in transit, access controls, staff training, backups). No system is 100% secure; please use strong, unique passwords and keep them confidential.

11) Children
Our services are for adults 18+. We do not knowingly collect children’s data. If you believe a child has

provided data, contact us to delete it.

12) Automated decision‐making

We do not use automated decisions with legal or similarly significant effects.

13) Changes to this policy

We may update this policy to reflect changes in law or our practices. We will post the new version on the Website and update the date above.

14) Contact
Questions or requests: [[email protected]]