top of page

Privacy Policy – Donna Wright Life Coaching
 

Introduction

Donna Wright Life Coaching (“we”, “us”, or “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who We Are

Donna Wright Life Coaching provides life coaching services, including 1:1 sessions and workshops.

What Personal Data We Collect

We may collect and process the following categories of personal data:

  • Names and contact details

  • Postal addresses

  • Date of birth

  • Records of meetings and decisions

  • Photographs or video recordings (where relevant)

  • Health information, including mental health information, dietary requirements, allergies, or other wellbeing-related details (where voluntarily provided and necessary)

Health information is treated as special category data and handled with additional care.

Why We Collect Personal Data

We collect and use personal information for the following purposes:

  • To provide life coaching services

  • To manage and deliver sessions and workshops

  • To maintain appropriate records of coaching activity

  • To send service updates or communications (where appropriate)

  • To comply with legal and safeguarding obligations

Lawful Bases for Processing

We process personal data under the following lawful bases:

  • Consent – where you have given clear permission for us to process your data

  • Contract – where processing is necessary to deliver agreed coaching services

  • Vital interests – where processing is necessary to protect your life or the life of another person in safeguarding or emergency situations

  • Legal obligation – where required to comply with applicable laws

Special category data is processed only where a valid additional condition under UK GDPR applies, such as explicit consent or vital interests.

Safeguarding and Vital Interests

In limited circumstances, we may process sensitive personal information relating to mental health or wellbeing where there is a concern about serious risk or safeguarding. This information is only used where necessary to protect life or prevent serious harm and may be shared with appropriate authorities or professionals where required.

Where Personal Data Comes From

Personal data is primarily collected:

  • Directly from individuals receiving coaching services

  • From third parties only in limited safeguarding-related contexts, such as when workshops are delivered at external venues (e.g. The Pearl Exchange), and information is shared to ensure safety

Sub-Processors and Systems

We use the following systems to support our operations:

  • Google (Gmail) – for email communications

  • Paper-based records – client files are stored in a locked filing cabinet with restricted access

These systems and storage methods are used in line with confidentiality and security requirements.

Data Sharing

Personal data may be shared only where necessary and appropriate, including:

  • Emergency services (where there is a serious risk to life)

  • Health care providers (where safeguarding or wellbeing requires escalation)

  • Organisations involved in safeguarding processes

  • Other relevant third parties, strictly where required for safety or legal reasons

We do not sell personal data.

Data Retention

Personal data is retained only for as long as necessary to provide services, meet safeguarding responsibilities, or comply with legal obligations. Records are securely disposed of when no longer required.

International Data Transfers

We do not routinely transfer personal data outside of the UK. Where any systems used may involve international processing (for example, email providers), appropriate safeguards are in place, such as UK adequacy decisions or Standard Contractual Clauses (SCCs).

Data Security

We take appropriate technical and organisational measures to protect personal data, including:

  • Multifactor Authentication

  • Secure email accounts

  • Locked physical storage for paper records

Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate or incomplete data

  • Request erasure of your data (where legally permitted)

  • Restrict or object to certain processing

  • Withdraw consent at any time

  • Lodge a complaint with the supervisory authority

Requests can be made using the contact details above.

How to Complain

If you have concerns about how your personal data is handled, please contact us in the first instance so we can try to resolve the issue.
 

You also have the right to complain to the Information Commissioner’s Office (ICO):

Policy Review

This Privacy Policy is reviewed periodically and updated as required to reflect changes in law or business practices. It was last updated in 2026.

bottom of page