On this page is the privacy policy and Data Protection policy.
Privacy Policy
Last Updated: 6/3/25
1. Introduction
Welcome to Dr SaraLou Wylie Women’s Life Coaching ("we," "us," or "our"). We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website (www.drsaralouwylie.com) or subscribe to our newsletter.
By using our website or subscribing to our newsletter, you consent to the practices described in this Privacy Policy.
2. Information We Collect
We collect both personal and non-personal information to improve our services and user experience.
a. Personal Information
When you visit our website or subscribe to our newsletter, we may collect the following personal information:
Contact Information: Name, email address, and any details you provide when contacting us (including any opt ins).
Billing Information: If you purchase any services, we may collect payment details, though payment processing is handled securely by third-party providers (Thrivecart, Stripe).
b. Usage Data & Cookies
We may collect non-personal information about your interaction with our website, including:
Technical Information: IP address, browser type, operating system, and device information.
Usage Data: Pages visited, referral sources, date and time of visits, and website navigation paths.
This data is collected using cookies and similar tracking technologies. Please see our Cookie Policy for more details.
3. How We Use Your Information
We use the information we collect for the following purposes:
To provide and personalise our services.
To send you our newsletter, updates, and relevant content.
To improve our website's functionality and user experience.
To analyse website usage and trends.
To process payments (where applicable).
To comply with legal and regulatory obligations.
4. Legal Basis for Processing Data (GDPR)
If you are based in the UK or the EU, we process your personal data under the following legal bases:
Consent: When you subscribe to our newsletter.
Contractual Necessity: When you purchase a service.
Legitimate Interest: For analytics and website improvements.
Legal Compliance: When required by law.
5. Cookie Policy
a. What Are Cookies?
Cookies are small text files stored on your device when you visit our website. They help us improve user experience and analyse website performance.
b. Types of Cookies We Use
Essential Cookies: Required for the website to function.
Analytical/Performance Cookies: Help us track website traffic and user behaviour.
Functionality Cookies: Store preferences like language settings.
Marketing/Advertising Cookies: Deliver targeted content.
c. Your Cookie Choices
You can manage your cookie preferences via your browser settings. Note that disabling cookies may affect website functionality.
6. Data Security
We implement reasonable security measures to protect your personal information from unauthorised access, disclosure, or alteration. However, no method of data transmission over the internet is 100% secure, and we cannot guarantee absolute security.
7. Data Retention
We retain personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, comply with legal obligations, or resolve disputes.
Newsletter subscribers: Data is retained until you unsubscribe.
Clients/customers: Data is retained as long as needed to provide services and comply with financial regulations.
Analytics data: Retained for up to 24 months.
8. Third-Party Data Sharing
We may share data with third-party service providers who help us operate our website and services, including:
Email Marketing: (Flodesk, Zapier).
Payment Processing: (Thrivecart, Stripe).
Analytics & Tracking: (Google Analytics, Meta, Flodesk, Manychats).
These providers are required to handle your data securely. Please review their privacy policies for details.
We never sell or rent your data to third parties.
9. International Data Transfers
If you are accessing our website from outside the UK, your data may be transferred to and processed in other countries. We take measures to ensure that any data transfers comply with GDPR and UK data protection laws.
10. Your Rights (GDPR & UK Data Protection Act)
If you are based in the UK or EU, you have the following rights regarding your personal data:
Access: Request a copy of your personal data.
Correction: Request corrections to inaccurate data.
Deletion ("Right to be Forgotten"): Request deletion of your data.
Restriction: Request restriction of processing.
Objection: Object to data processing for marketing.
Data Portability: Request transfer of your data.
To exercise these rights, please email info@drsaralouwylie.com.
11. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights, including:
The right to know what personal data we collect.
The right to request deletion of your data.
The right to opt out of data sharing.
To submit a request, please contact info@drsaralouwylie.com.
12. Third-Party Websites
Our website may contain links to third-party sites. We are not responsible for their privacy practices. Please review their privacy policies.
13. Updates to this Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with a revised date. Continued use of our website indicates your acceptance of updates.
14. Contact Us
If you have any questions about this Privacy Policy, please contact us:
Email: info@drsaralouwylie.com
Website: www.drsaralouwylie.com
Data Protection Policy
Last Updated: 6 March 2025
1. Introduction
At Dr SaraLou Wylie Women’s Life Coaching ("we," "us," "our"), protecting personal data is a top priority. This Data Protection Policy outlines how we—and any Virtual Assistants (VAs) or Associates working with us—collect, store, process, and protect client data in line with:
The UK General Data Protection Regulation (UK GDPR)
The Data Protection Act 2018
The Privacy and Electronic Communications Regulations (PECR)
This policy applies to all team members, including me (Dr SaraLou Wylie), Virtual Assistants (VAs), and Associates who have access to or process client information.
2. Roles & Responsibilities
Who Does This Policy Apply To?
Dr SaraLou Wylie (as the Data Controller) – responsible for ensuring compliance with data protection laws.
Associates/Coaches (Data Processors) – process client data in sessions, record notes, and follow security protocols.
Virtual Assistants (VAs) (Data Processors) – handle administrative tasks that may involve personal data (e.g., booking appointments, managing email inquiries).
All team members must:
✔ Handle client data lawfully, fairly, and securely
✔ Follow confidentiality agreements
✔ Report any data breaches immediately
3. What Data We Collect & Process
We may collect and process the following types of personal data:
Contact Information: Name, email, phone number.
Coaching Records: Notes from sessions, client progress.
Appointment Details: Booking confirmations, session dates.
Payment Information: Transaction details (handled securely by Stripe/Thrivecart).
Email Communications: Client inquiries & responses.
We do NOT store sensitive payment details (e.g., credit card numbers). All transactions are securely processed via third-party payment providers (Thrivecart, Stripe).
4. How We Store & Secure Data
To protect personal data, we implement the following security measures:
Secure Storage: Client records are stored on encrypted, password-protected systems (e.g., CRM, Google Drive, Gmail). Any handwritten notes taken during coaching sessions are anonymised and contain no identifiable personal information. These notes are used solely for session reference and are securely disposed of within 12 months.
Access Control: Only relevant team members (e.g., VA for admin tasks, Associates for coaching) can access specific data.
Confidentiality Agreements: All associates and VAs must sign a Confidentiality Agreement before handling any client data.
Device Security: Personal data must never be stored on unprotected personal devices (e.g., USB drives, unsecured laptops).
Email & Communication Security: Sensitive client information should not be sent via email unless necessary—use secure storage instead.
Data Minimisation: Only collect and retain the minimum data needed for business operations.
Do Not:
Download client data onto personal devices unless necessary (see Preventative Measures below for safeguards)
Share client details via unsecured messaging apps
Discuss client information with unauthorised individuals
5. Data Retention & Deletion Policy
We only keep data for as long as necessary to fulfil our business and legal obligations.
Coaching Notes: Retained for 12 months after the last session, then securely deleted.
Email Inquiries: Retained for 6 months, then deleted.
Payment Records: Retained for 7 years (for financial compliance).
VA/Admin Task Data: Only retained as long as necessary for the task, then deleted.
After the retention period, data must be securely deleted from all systems and backups.
6. Client Rights Under GDPR
Clients have the right to:
Access their data (request a copy)
Correct inaccurate information
Request deletion (“Right to be Forgotten”)
Restrict processing (limit how we use their data)
Withdraw consent for marketing emails
Object to automated decision-making
Clients can request any of these actions by emailing: info@drsaralouwylie.com.
All GDPR requests must be processed within 30 days.
7. Data Breach & Incident Reporting
A data breach is any unauthorised access, loss, or misuse of personal data.
If a breach occurs, all team members must immediately:
Report it to Dr SaraLou at info@drsaralouwylie.com.
Contain & assess the risk (e.g., securing accounts, identifying affected data).
Notify affected clients (if necessary).
Report serious breaches to the UK Information Commissioner’s Office (ICO) within 72 hours.
Examples of Data Breaches:
Hacking or phishing attacks
Accidental data leaks (sending an email to the wrong person)
Lost/stolen devices containing client information
Preventative Measures:
✅ Use strong passwords & two-factor authentication
✅ Lock screens when stepping away from a device
✅ Never share login credentials
8. Compliance & Team Agreement
By working with Dr SaraLou Wylie Women’s Life Coaching, all associates, VAs, and contractors agree to:
✔ Handle personal data responsibly
✔ Follow GDPR and this Data Protection Policy
✔ Report any concerns or breaches immediately
📩 For questions or concerns about data protection, email: info@drsaralouwylie.com.